With Developers Moving Fast, DevSec Needs Automation to Keep Up with Application Security

By, Trisha Paine, Head of Cloud Marketing Programs Speed and cloud complexity makes security for modern application development increasingly challenging. Many organizations are now developer-centered, incentivizing developers to move fast. The time difference between when a piece of code is written and when it runs is shortening. In fact, nearly 60% of companies report deploying…

The post With Developers Moving Fast, DevSec Needs Automation to Keep Up with Application Security appeared first on Check Point Software.

from Check Point Software https://ift.tt/2NH3xm2

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud—one count of access

from The Hacker News https://ift.tt/3g5sXGc

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes

from The Hacker News https://ift.tt/31DC5hx

Hackers criam golpe que lembra um 'chupa-cabra' virtual

Hackers desenvolveram um novo método para roubar dados de cartões de crédito mesmo em compras virtuais, em um golpe chamado de "chupa-cabra virtual" por pesquisadores de segurança do Malwarebytes.

Chupa-cabra de cartão, como são popularmente conhecidos os "skimmers" no Brasil, são pequenos dispositivos instalados por criminosos em caixas eletrônicos ou maquininhas de pagamento e que são capazes de roubar os dados do cartão que é inserido.

O golpe é conhecido e bastante aplicado, mas só funciona em compras físicas. Agora, um novo esquema detectado pelos pesquisadores da Malwarebytes lembra bastante o chupa-cabra, mas atua em transações online.

Os hackers estariam inserindo códigos maliciosos aos metadados EXIF de arquivos de imagens, que depois seriam executados em lojas virtuais comprometidas.

Para chegar a lojas sem que seus responsáveis participem do golpe, os hackers escondiam esses códigos maliciosos em arquivos enviados pelo plugin WooCommerce, do WordPress, que é bastante usado pelo mundo e, portanto, um grande alvo de hackers. Com isso, eles conseguiam coletar dados como nome do consumidor, endereço e dados de cartão de crédito.

A ideia de esconder código malicioso em arquivos de imagem não é novo, mas os pesquisadores dizem que é a primeira vez que o esquema é usado para simular o ataque do chupa-cabra de cartão.

from Olhar Digital :: Segurança https://ift.tt/31lqoM9

How to Get Safari's New Privacy Features in Chrome and Firefox

Apple's browser is getting serious about security protections. If you can't or won't switch, don't worry: you don't have to fall behind.

from Security Latest https://ift.tt/3ibpyaQ

Is It Legal for Cops to Force You to Unlock Your Phone?

Because the relevant Supreme Court precedents predate the smartphone era, the courts are divided on how to apply the Fifth Amendment.

from Security Latest https://ift.tt/2YDhwQb

Julian Assange Faces New Conspiracy Allegations

Plus: Evil Corp hacking, an anti-encryption bill, and more of the week's top security news.

from Security Latest https://ift.tt/2BEZfZL

iOS 14 'dedura' prática do TikTok de acessar conteúdo copiado pelo usuário

Você pode nem lembrar disso, mas quando você copia algum texto no seu celular, ele é registrado na área de transferência do seu smartphone. No iOS, essa área pode ser acessada por qualquer app, e alguns deles abusam dessa permissão para coletar informação sobre o usuário. Com o iOS 14, o TikTok, o app que tem disparado em popularidade, acabou pego em um comportamento considerado suspeito pelos usuários.

Com o iOS 14, o sistema revela quando aplicativos acessam a área de transferência, e os desenvolvedores que começaram a testar o sistema perceberam um comportamento preocupante. Como relata um usuário no Twitter, a cada tecla pressionada no app, o TikTok puxa os dados do que foi copiado anteriormente.

Hey @tiktok_us, why do you paste from my clipboard every time I type a LETTER in your comment box? Shout out to iOS 14 for shining a light on this HUGE invasion of privacy. inb4 they say it was a "bug" pic.twitter.com/MHv10PmzZS

— Maxel 🐺 (@MaxelAmador) June 25, 2020

Quando questionado sobre o assunto pelo site The Telegraph, o TikTok se defendeu afirmando que os alertas eram ligados a um recurso “anti-spam”, com objetivo de detectar comportamento repetitivo e irregular na rede social. A empresa lançou uma atualização do aplicativo para iOS depois do alerta desabilitando o recurso após as queixas “para eliminar qualquer confusão em potencial”. Não se sabe até o momento se o app exibe esse comportamento no Android e se o sistema também receberá um update do tipo. 

A proteção da área de transferência é importante porque muitas vezes lá estão contidas informações delicadas. Pessoas podem copiar informações como números de cartão de crédito ou outros dados profundamente pessoais, então o acesso irrestrito ao recurso pode acarretar problemas de segurança e privacidade.

O TikTok, inclusive, já foi alertado sobre esse comportamento previamente. Em março, pesquisadores perceberam esse tipo de atividade em uma série de aplicativos populares, inclusive alguns que sequer dependem da inserção de texto e não teriam motivo para acessar regularmente a área de transferência. O TikTok havia se comprometido a interromper a prática em algumas semanas, mas ao que tudo indica não cumpriu a promessa.

from Olhar Digital :: Segurança https://ift.tt/3i4NDjx

Perspectives Summary – What You Said

 

On Thursday, June 25, Trend Micro hosted our Perspectives 2-hour virtual event. As the session progressed, we asked our attendees, composed of +5000 global registrants, two key questions. This blog analyzes those answers.

 

First, what is your current strategy for securing the cloud?

Rely completely on native cloud platform security capabilities (AWS, Azure, Google…) 33%

Add on single-purpose security capabilities (workload protection, container security…) 13%

Add on security platform with multiple security capabilities for reduced complexity 54%

 

This result affirms IDC analyst Frank Dickson’s observation that most cloud customers will benefit from a suite offering a range of security capabilities covering multiple cloud environments. For the 15% to 20% of organizations that rely on one cloud provider, purchasing a security solution from that vendor may provide sufficient coverage. The quest for point products (which may be best-of-breed, as well) introduces additional complexity across multiple cloud platforms, which can obscure problems, confuse cybersecurity analysts and business users, increase costs, and reduce efficiency.  The comprehensive suite strategy compliments most organizations’ hybrid, multi-cloud approach.

Second, and this is multiple choice, how are you enabling secure digital transformation in the cloud today?

 

This shows that cloud users are open to many available solutions for improving cloud security. The adoption pattern follows traditional on-premise security deployment models. The most commonly cited solution, Network Security/Cloud IPS, recognizes that communication with anything in the cloud requires a trustworthy network. This is a very familiar technique, dating back in the on-premise environment to the introduction of firewalls in the early 1990s from vendors like CheckPoint and supported by academic research as found in Cheswick and Bellovin’s Firewalls and Internet Security (Addison Wesley, 1994).

 

The frequency of data exposure due to misconfigured cloud instances surely drives Cloud Security Posture Management, certainly aided by the ease of deployment of tools like Cloud One conformity.

 

The newness of containers in the production environment most likely explains the relatively lower deployment of container security today.

 

The good news is that organizations do not have to deploy and manage a multitude of point products addressing one problem on one environment. The suite approach simplifies today’s reality and positions the organization for tomorrow’s challenges.

 

Looking ahead, future growth in industrial IoT and increasing deployments of 5G-based public and non-public networks will drive further innovations, increasing the breadth of the suite approach to securing hybrid, multi-cloud environments.

 

What do you think? Let me know @WilliamMalikTM.

 

The post Perspectives Summary – What You Said appeared first on .

from Trend Micro Simply Security https://ift.tt/2BhgL6m

Principles of a Cloud Migration

Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their applications using lines of code.

In the below video, as part of a NADOG (North American DevOps Group) event, I describe some additional techniques on how your development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into your cloud environment.

If this content has sparked additional questions, please feel free to reach out to me on my LinkedIn. Always happy to share my knowledge of working with large customers on their cloud and transformation journeys!

The post Principles of a Cloud Migration appeared first on .

from Trend Micro Simply Security https://ift.tt/2ZbjoPl

Apache Releases Security Advisory for Apache Tomcat

Original release date: June 26, 2020

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/3dD5uuu

This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group of vulnerabilities dubbed Ripple20 that have the potential to critically impact millions of IoT devices across many different industries.

Read on:

The Fear of Vendor Lock-in Leads to Cloud Failures

Vendor lock-in, the fear that by investing too much with one vendor an organization reduces their options in the future, has been an often-quoted risk since the mid-1990s. Organizations continue to walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current needs but that align with your future vision as well.

How Do I Select a Mobile Security Solution for My Business?

The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets. To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.

Knowing Your Shared Security Responsibility in Microsoft Azure and Avoiding Misconfigurations

Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources. As with any launch, there is a lot of new information, so we held a Q&A with one of the founders of Conformity, Mike Rahmati. In the interview, Mike shares how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure.

FBI Warns K-12 Schools of Ransomware Attacks via RDP

The US Federal Bureau of Investigation (FBI) this week sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.

XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers

Trend Micro recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers: XORDDoS malware and Kaiji DDoS malware. Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on cloud systems, while recently discovered Kaiji was first reported to affect internet of things (IoT) devices.

Frost & Sullivan Employee, Customer Data for Sale on Dark Web

A group is hawking records of more than 12,000 Frost & Sullivan employees and customers on a hacker folder. According to Cyble CEO Beenu Arora the breach was a result of a misconfigured backup directory on one of Frost & Sullivan’s public-facing servers. The KelvinSecurity Team said they put the information – which includes names, email addresses, company contacts, login names and hashed passwords – for sale in a hacking forum to sound the “alarm” after Frost & Sullivan didn’t respond to the group’s attempt to alert it to the exposed database.

Millions of IoT Devices Affected by Ripple20 Vulnerabilities

Israeli cybersecurity firm JSOF has released information on a group of vulnerabilities dubbed Ripple20. These vulnerabilities have the potential to critically impact millions of internet of things (IoT) devices across many different industries — crucial machines in the medical, oil and gas, transportation, power, and manufacturing industries can be affected by these bugs.

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.

Cyberattacks from the Frontlines: Incident Response Playbook for Beginners

For enterprises, staying competitive in an ever-changing market involves keeping up with the latest technological trends. However, without the parallel development of security infrastructure and robust response, new technology could be used as a conduit for cyberthreats that result in losses. Organizations should aim to prevent these breaches from happening — but having protocols for reducing a breach lifecycle is an essential and realistic approach for dealing with current threats.

OneClass Unsecured S3 Bucket Exposes PII on More than One Million Students, Instructors

An unsecured database belonging to remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. Data exposed includes full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and OneClass account details.

Guidelines Related to Security in Smart Factories (Part 1) Concepts and Management Systems of IEC62443

During the past decade, various countries and industries have actively developed guidelines and frameworks for OT security. Recently, multiple guidelines have been integrated, and two standards as global standards are IEC62443 and the NIST CSF, SP800 series, from the viewpoint of security in smart factories. In this series, Trend Miro explains the overviews of IEC62443 and NIST CSF, in order to understand their concepts required for security in smart factories.

 8 Cloud Myths Debunked

Many businesses have misperceptions about cloud environments, providers, and how to secure it all. In order to help separate fact from fiction when it comes to your cloud environment, Trend Micro debunks 8 myths to help you confidently take the next steps in the cloud.

Does your organization have an incident response playbook for potential breaches? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices appeared first on .

from Trend Micro Simply Security https://ift.tt/2BcJjOv

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents,

from The Hacker News https://ift.tt/2Yz1czS

Check Point IPS and Firewall Core Security – A Layered Security Approach

By Winston Lalgee and Eddie Doyle Not long after the Internet was established, attackers discovered a new way to compromise IT assets. This new exploit was accomplished by finding bugs in enterprise software or in protocols used for communication, such as HTTP, SMTP, FTP, among others. These bugs or vulnerabilities were leveraged to launch sophisticated…

The post Check Point IPS and Firewall Core Security – A Layered Security Approach appeared first on Check Point Software.

from Check Point Software https://ift.tt/2VmopmP

An Embattled Group of Leakers Picks Up the WikiLeaks Mantle

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down.

from Security Latest https://ift.tt/2VkZdNs

iOS 14 traz recursos de privacidade que podem impedir coleta de dados

Recentemente, a Apple revelou ao mundo o iOS 14. No entanto, a apresentação focou no novo visual do sistema operacional, mas deixou de lado algumas funcionalidades interessantes. Duas delas são bastante importantes e podem ajudar a melhorar a privacidade dos utilizadores.

Em algumas situações, os desenvolvedores de aplicativo podem ir longe demais e coletar mais informações do que o necessário. Para resolver isso, a Apple trouxe duas funcionalidades: resumo de privacidade e possibilidade de limitar a maneira como as fotos são compartilhadas.

A partir de agora, todos os aplicativos instalados pela App Store possuem uma espécie de resumo que mostra informações sobre o desenvolvedor, incluindo dados de como o app pode rastrear o usuário e o que pode ser coletado. Tudo escrito em linguagem simples, para que seja de fácil entendimento.

O segundo recurso de privacidade diz respeito ao compartilhamento de fotos dos usuários. Alguns aplicativos solicitam acesso à biblioteca de fotos para que seja possível utilizar alguma captura. Isso acontece geralmente em softwares para edição de foto. Agora é possível definir quais itens podem ser compartilhados.

Além do recurso atual, essa implementação pode abrir portas para o futuro. A partir do conceito apresentado, é possível que empresas comecem a pensar em situações que envolvem o compartilhamento de conteúdo específico. Por exemplo, imagine que um aplicativo solicite acesso aos downloads do dispositivo, mas você só quer compartilhar um documento. Com uma função semelhante, seria possível permitir acesso apenas ao necessário, sem comprometer a segurança dos demais itens.

Essa atitude pode ajudar a reduzir drasticamente a quantidade de dados desnecessários que são compartilhados com os desenvolvedores. À primeira vista, as modificações podem parecer pequenas, mas representam um comportamento que deve ser uma tendência de mudança para o futuro da privacidade, principalmente se o Android, por exemplo, implementar algo semelhante.

Via: Android Central

from Olhar Digital :: Segurança https://ift.tt/2NuyLNh

Microsoft Edge vai avisar usuários quando uma senha vazar na internet

Cada vez mais, a Microsoft investe em funcionalidades para que o Microsoft Edge se torne competitivo no cenário dos navegadores disponíveis. Desta vez, uma nova opção de segurança foi disponibilizada – e pode ser bem útil.

Para ajudar os usuários na proteção de seus dados, o Microsoft implementou no Edge um novo sistema para monitorar as senhas salvas no navegador. A função compara as credenciais utilizadas com um grande banco de dados de violações conhecidas. Caso alguma correspondência seja encontrada, o utilizador é avisado imediatamente.

Com isso, o Edge se junta ao Google Chrome e Firefox ao oferecer um sistema que ajuda na proteção das senhas dos usuários que utilizam o navegador. O recurso, conhecido como "Password Monitor", pode ser ativado nas versões Edge Dev e Canary do software – ambos em fase de testes.

Se você já utilizar uma das versões e quiser testar o novo recurso, basta se certificar de que o software está atualizado e seguir os passos:

1. Inicie o navegador;
2. Clique no ícone de reticências localizado no conto superior direito;
3. Selecione 'Configurações';
4. Escolha 'Perfis' e, em seguida, 'Senhas';
5. Aqui, basta ativar a opção 'Mostrar alerta quando as senhas forem encontradas em um vazamento online'.

A partir de agora, sempre que o Edge detectar um possível comprometimento de senha, vai exibir um alerta. Após o aviso, o usuário terá a opção de alterar o dado ou ignorar a recomendação de trocar a credencial.

Como dito, a funcionalidade está disponível para versões do navegador que ainda estão em testes. Por esse motivo, é comum que erros possam acontecer durante sua utilização. Ainda não há uma data específica para o recurso ser disponibilizado para os utilizadores da versão padrão.

Via: TechDows

from Olhar Digital :: Segurança https://ift.tt/2ZfVMsW

8 Cloud Myths Debunked

Many businesses have misperceptions about cloud environments, providers, and how to secure it all. We want to help you separate fact from fiction when it comes to your cloud environment.

This list debunks 8 myths to help you confidently take the next steps in the cloud.

The post 8 Cloud Myths Debunked appeared first on .

from Trend Micro Simply Security https://ift.tt/3g1U6dh

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software

Original release date: June 25, 2020

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2VjD6Hj

WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers

The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups. The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it

from The Hacker News https://ift.tt/3i2P7uE