Security Technology

YouTube disables comments on videos featuring minors

Alphabet Inc's YouTube said on Thursday it had disabled comments on videos featuring minors, a week after a magazine reported the platform displayed ads next to videos that showed exploitation of children.

from Reuters: Technology News https://ift.tt/2EBuPGI

Uber, Lyft to offer some drivers shares in stock market listing

Uber Technologies Inc and Lyft plan to offer cash bonuses to some of their most active drivers with the option to purchase shares in the ride-hailing firms' highly anticipated Wall Street debuts, a bold effort to improve driver relations as the companies transition to the public markets.

from Reuters: Technology News https://ift.tt/2NxP4bm

No.2 cryptocurrency Ethereum faces software 'fork'; lower supply seen

Ethereum, the world's second biggest cryptocurrency, was set on Thursday for major software upgrades that traders and analysts predicted would significantly reduce its supply.

from Reuters: Technology News https://ift.tt/2H7vi59

Uber in advanced talks to buy Middle East rival Careem: Bloomberg

Uber Technologies Inc is in advanced discussions to buy its Dubai-based rival Careem Networks FZ, Bloomberg reported on Thursday, citing people familiar with the matter.

from Reuters: Technology News https://ift.tt/2GRRYat

China's JD.com teams up with Farfetch to attract luxury shoppers

Chinese e-commerce company JD.com is folding its high-end Toplife venture into fashion retailer Farfetch's business in China, hoping to expand in the luxury goods market where it is vying with Alibaba to attract shoppers.

from Reuters: Technology News https://ift.tt/2NxuVC6

Huawei units plead not guilty to U.S. trade secret theft

Huawei Device Co Ltd and Huawei Device USA Inc pleaded not guilty on Thursday in U.S. District Court in Seattle on fraud, trade secrets conspiracy and other charges, the Justice Department said.

from Reuters: Technology News https://ift.tt/2T7dbU7

Protecting against the next wave of advanced threats targeting Office 365 – Trend Micro Cloud App Security 2018 detection results and customer examples

Since the release of “Trend Micro Cloud App Security 2017 Report” about a year ago, threats using email as the delivery vector have grown significantly. Business Email Compromise (BEC) scams have already caused USD $12.5 billion in global losses as of 2018 – a 136.4% increase from the $5.3 billion reported in 2017. The popularity of Office 365 has positioned itself as an attractive target for cybercriminals. In January, 2019, the U.S. Secret Service issued a bulletin calling out phishing attacks that specifically target organizations using Office 365.

Trend Micro Cloud App Security is an API-based service protecting Microsoft® Office 365 Exchange Online, OneDrive® for Business, and SharePoint® Online platforms. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through Office 365 scanning.

In 2018, Cloud App Security caught 8.9 million high-risk email threats missed by Office 365 security. Those threats include one million malware, 7.7 million phishing attempts, and 103,955 BEC attempts. Each of the blocked threats represent potential attacks that could result in monetary and productivity losses. For example, the average cost per BEC incident is now USD $59,000. Blocking 103,000 BEC attacks means potentially saving our customers $16illion!

No matter what Office 365 plan you use, or whether a third-party email gateway is deployed, customers still stop a significant number of potentially damaging threats with Trend Micro Cloud App Security.

Customer examples: Additional detections after Office 365 built-in security (2018 data)

For customers using Office 365 built-in security, they saw obvious value from deploying Trend Micro Cloud App Security. For example, an internet company with 10,000 Office 365 E3 users found an additional 16,000 malware, 232,000 malicious URLs, 174,000 phishing emails, and 2,000 BEC attacks in 2018.

Customer examples: Additional Detections after Office 365 Advanced Threat Protection (2018 data)

Customers using Office 365 Advanced Threat Protection (ATP) also need an additional layer of filtering as well. A logistics company with 80,000 users of E3 and ATP detected an additional 28,000 malware and 662,000 malicious URLs in 2018 with Trend Micro Cloud App Security.

Customer examples: Additional Detections after third-party email gateway and Office 365 built-in security (2018 data)

Many customers use a third-party email gateway to scan emails before they’re delivered to their Office 365 environment. Despite these gateway deployments, many of the sneakiest and hardest to detect threats still slipped though. Plus, a gateway solution can’t detect internal email threats, which can originate from compromised devices or accounts within Office 365.

For example, a business with 120,000 Office 365 users with a third-party email gateway stopped an additional 166,823 phishing emails, 237,222 malicious URLs, 78,246 known and unknown malware, and 1,645 BEC emails with Cloud App Security.

Innovative technologies to combat new email threats

Continuous innovation is one key reason why Trend Micro is able to catch so many threats missed by Office 365 and/or third-party email gateways. In 2018, two new advanced features were introduced by Cloud App Security to help businesses stay protected from advanced email threats.

The first is Writing Style DNA, an artificial intelligence (AI)-powered technology that can help detect email impersonation tactics used in BEC scams. It uses AI to recognize a user’s writing style based on past emails and then compares it to suspected forgeries.

The second technology is a feature that combines AI and computer vision technology to help detect and block attempts at credential phishing in real time, especially now that more schemes use fake, legitimate-looking login webpages to deceive email users. A login page’s branded elements, login form, and other website components are checked by this tool to determine if a page is legitimate.

Additionally, Trend Micro uniquely offers a pre-execution machine learning engine to find unknown malware in addition to its award-winning Deep Discovery sandbox technology. The pre-execution machine learning engine provides better threat coverage while improving email delivery by finding threats before the sandbox layer.

Check out the Trend Micro Cloud App Security 2018 Report to get more details on the type of threats blocked by this product and common email attacks analyzed by Trend Micro Research in 2018.

The post Protecting against the next wave of advanced threats targeting Office 365 – Trend Micro Cloud App Security 2018 detection results and customer examples appeared first on .

from Trend Micro Simply Security https://ift.tt/2H6auv2

France sees global tax deal on digital giants in 2019: minister

A planned revision to international tax rules for the digital era could be drawn up within 2019 after the United States and Ireland indicated that they wanted a deal, French Finance Minister Bruno Le Maire said on Thursday.

from Reuters: Technology News https://ift.tt/2Ek5wrn

Insecure VPNs: Top risks and symptoms that stronger security is needed

Virtual private networks, or VPNs, were created to provide a secure tunnel in which user activity can be carried out in privacy. In this way, VPNs have been utilized by individual users, as well as to support business processes for several years, and their use is only growing.

According to current statistics, nearly 25 percent of all users have leveraged a VPN for some type of online activity within the last month. This includes 17 percent who access a VPN through their desktop, 15 percent who use a mobile smartphone and 7 percent who connect with the private network through a tablet. Those that do utilize VPNs are also leveraging these networks more frequently than ever before – 35 percent of those that access a VPN through their desktop do so on a daily basis.

While users hope and expect that VPNs will live up to their name and truly support a virtual and private connection, research shows that this is not always the case.

How does a VPN work?

As ZDNet contributor Steven J. Vaughan-Nichols explained, traditional VPNs leverage a combination of security techniques – including robust encryption, IP security, Layer 2 Tunneling Protocol, as well as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Bringing these technologies together, a VPN can then provide a “virtual encrypted ‘tunnel,’” between end-user devices and the VPN server, supporting security and providing a shield against prying eyes or unauthorized access.

“Worried about your ISP snooping on you? Is someone on your coffee shop’s Wi-FI looking [over] your network shoulder? Or, is Joe A. Hacker bugging your internet?” Vaughan-Nichols wrote. “A virtual private network (VPN) can help protect your privacy.”

This promise of privacy and security has made VPNs a popular option for individual users, as well as enterprise employees. Particularly in cases where remote employees must be able to securely access company infrastructure platforms and applications, a VPN can offer an encrypted and protected path for access and user activity.

In order to leverage a VPN, users must either set up a VPN server themselves – a time-consuming and complex process – or make use of one of the many VPN services available today. However, as Trend Micro researchers discovered, not all of these solutions make good on VPN’s main tenets of privacy, security and encryption.

A malware-infected VPN can create security issues for your connection.

When is a VPN not secure?

There are several scenarios which can result in unsecure VPNs, which fail to provide a protected and anonymous user connection:

Malware infection

Rather obviously, a VPN that is infected with malware puts the security and privacy of the connection in jeopardy. In some cases, VPNs are infected after the fact. However, one study of more than 200 VPN apps within the Google Play Store discovered that malware can also come as part of the package – more than one-third of the VPN apps studied by researchers contained malware that included the capability to track users’ online activity, directly contradicting the purpose of a VPN.

As Vaughan-Nichols noted, this issue is more common than some might assume.

“There’s one fundamental concern with VPN services: Can you trust them not to track you?” Vaughan-Nichols wrote. “Some VPNs keep records of where you go on the net. If privacy is a real concern for you, check your VPN’s terms and policies to see if they keep logs of your online activities. If they do, look for another VPN.”

Lack of proper security

In other cases, it’s not malware that presents the issue, but insufficient security techniques. VPNs in this category don’t include the type of robust encryption or other protection technologies that enable the creation of a secure and private connection.

What an insecure VPN looks like: Real-world case

Researchers have also found instances where VPNs simply leak user information, including sensitive data like IP addresses. Such was the case with the popular service, HolaVPN by Hola Networks Ltd. This network service not only exposed users’ IP addresses through their individual web browsers, but also stole user bandwidth, further complicating the security issues associated with it.

As CNET contributor Claire Reilly explained, Hola was not transparent with users about its peer-to-peer VPN operation, which could enable users to browse through other users’ internet connections. Experts urged users to avoid the platform, calling its operations similar to that of a “poorly secured botnet.”

“Hola’s VPN service features ‘vulnerabilities’ which allows third parties to execute code on a user’s system, track them online and ultimately ‘take over your entire computer, without you even knowing,'” Reilly wrote.

The case of HolaVPN is a staunch example of the issues that can emerge with an insecure VPN. Current data shows that Hola Networks’ is being utilized by 8 million Google Chrome extension users.

What an insecure VPN means for enterprise security

While the consequences of using a substandard VPN may be dangerous for the individual user, these issues are only compounded in an enterprise setting.

As Trend Micro researchers noted, if an end user is leveraging an insecure VPN as part of their professional, corporate work, this connection could put the entire enterprise at risk of compromise.

“HolaVPN could enable attackers to circumvent corporate firewalls and allow them to explore the internal network of a company for nefarious purposes,” our Trend Micro researchers explained.

What’s more, cybercriminals could also utilize VPN vulnerabilities to carry out malicious, dangerous and even illegal activities, which then appear to be stemming from a VPN user’s device.

Selecting the right VPN

These vulnerabilities and security issues connected with certain VPNs does not mean that organizations must abandon the practice of using them. As Trend Micro noted in our recent white paper, “Illuminating HolaVPN and the Dangers It Poses,” it’s imperative to stay away from VPNs that are known to be insecure.

When selecting a VPN, it’s important to find a platform that does not track user activity. As noted, reading closely through the VPN’s terms and conditions can help illuminate these practices.

In addition, ConsumerReports recommended finding a VPN provider that includes a large volume of servers within its network infrastructure. TunnelBear, for instance, boasts connection locations in more than 20 countries, and automatically connects users to the closest point. This not only helps bolster security, but can also help enhance performance.

To find out more about the risks that an insecure VPN can pose to your organization, check out the research in our white paper, and connect with our Trend Micro security experts today.

The post Insecure VPNs: Top risks and symptoms that stronger security is needed appeared first on .

from Trend Micro Simply Security https://ift.tt/2BTtuJG