Tag Archives: IoT

Security Never Sleeps- Playstation Hack, IoT Security

PlayStation Hack Affects Twitter Account

“What happened with PlayStation security”

The official PlayStation Twitter account has been subject to a security breach today, with hacking group OurMine supposedly taking responsibility. The only real evidence thus far comes from the affected account itself, with messages from the social feed allegedly coming from the group posted on the PlayStation Twitter. One also claimed that the PlayStation Network had been compromised, so any users may want to change passwords and other sensitive information.

How to improve IoT security

“Security and privacy risks always increasing”

A recent study from researchers at the technical University of Denmark, Sweden and many more, titled ‘Internet of Hackable Things’, have outlined the new privacy issues that surround the devices. Industries of particular concern include smart devices in healthcare, smart homes, and building operation faculties.

50% of Ex-Employees Can Still Access Corporate Apps

“Businesses drive risk of breaches”

Often times when employees are terminated or move to new roles elsewhere, firms forget to end access to corporate applications. Researchers at OneLogin have polled 500 IT managers to learn how they terminate staff login information and credentials in-house. Initial results trend towards administrators are not doing enough to protect against the potential breach risk from ex-employees.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Scottish Parliament, IoT Regulation

Scottish Parliament targeted in ‘brute force’ cyber attack

“External sources with similar tactics to Westminster incident”

Officials have now stated that the attack on the Scottish Parliament was part of a ‘Brute Force’ cyber operation. Sir Paul Grice confirmed the attack in a message to the MSP’s and staff with statedomain email addresses, urging caution and security practices. “Robust cyber security measures” identified the attack early, and systems “remain fully operational”.

USB Ports Could Be Silently Leaking Your Personal Data To A Malicious Device

“An unfortunately convenient way to steal data”

External hard drives and USB sticks are seen as the most common and often reliable way to securely store and move data. However, an Australian research team has shown that this may not be as secure as we previously thought. Many ports that individuals plug devices in can be leaking personal data remotely, giving criminals access to sensitive information.

Cost of insider threats vs. investment in proactive education and technology

“Which is more important”

Security education is becoming incredibly more important in the increasingly digital age. Technology based defense solutions are incredibly important in preventing attacks and saving organizations significant sums of money.

Who can regulate the IoT?

“Will permeate all of life”

The Internet of Things promises to make life significantly easier, but possibly more complicated at the same time. Security concerns grow everyday over the inter-connectivity of all of these devices. This leads many experts to advocate for organized and proper regulations, with harsh penalties that apply to those who do not comply.

Enjoy your read? Check out our other content here.

10Fold Security Never Sleeps- GDPR, Law and IoT

New Trojan malware campaign sends users to fake banking site that looks just like the real thing

“False login ages steal sensitive info”

A credential stealing trickbot banking malware has been engaging in a email spam campaign that gives users a fake webpage that is nearly identical to the original. Online banking users in the US, UK, Australia, and many other countries have been affected, and this number is expected to grow as those developing it have been experimenting with EternalBlue. This was the exploit that allowed WannaCry and Petya to spread so efficiently.

Can U.S. lawmakers fix IoT security for good?

“Inter-connectivity leaves devices vulnerable”

Several U.S. Senators believe they have proposals that will aid in preventing the attacks that have plagued IoT devices in the last few years. The proposed solutions, put forward in the Internet of Things Cybersecurity Improvement Act of 2017. Many expert analyses of the IoT Act reveals that it’s likely a hearty step in the right direction, but it may not be enough to stop the tide of attacks that cause major issues for many people.

How to protect personally identifiable information under GDPR

“New rules grant more rights in PII for consumers”

The GDPR goes into force May 25, 2018, impacting many firms worldwide that process data for EU citizens. Heavy fines and other penalties are due to the companies that do not enforce the more rigorous personal identifiable information (PII) regulations, often up to 4% of a firms yearly revenue. Breaches are also required to reported with three days.

Ex-NSA Analyst Raises $10 Million To Stop Hackers Destroying Power Grids

“Infrastructure targets more popular”

Part of an espionage mission to disrupt critical services began in 2013, when a U.S. dam was targeted by mercenaries hired by Iran’s revolutionary Guard Corps. This relays the importance of national cyber security, recognized by Rob Lee, who was once part of National Security Agency and currently co-founder at infrastructure-focused cybersecurity firm Dragos Inc. The firm has recently raised $10 million in Series A funding for its goals, and a recognition of the seriousness of the situation.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 195

New Bill Seeks Basic IoT Security Standards

“Baseline security standards for broad range of devices”

U.S. Senate legislators are working to create minimum regulations to ensure internet connected devices such as cameras,routers, and computers. The standards will also enforce holes in current cybercrime laws and was developed in direct response to the series of massive 2016 attacks using IoT devices, like the October and November Mirai attacks that put down many high profile websites for the better part of the day.

Study: Majority of retailers feel ‘vulnerable’ to a data breach

“Attacks decline, but business concern is up”

Security analyst firm 451 Research has recently released the “2017 Thales Data Threat Report, Retail Edition,” which has indicated a growing consensus among retailers that their payment systems are vulnerable to hackers. The study is based on survey answers from over 1100 senior executives globally. 52% of the companies have experienced a breach in the past, 88% fear they are vulnerable, and 19% feel ‘very’ or ‘extremely’ vulnerable.

One in three SMEs in Singapore hit by ransomware

“Nearly one fifth had to shut down businesses”

Over one third of SME’s in Singapore were attacked by ransomware attacks in 2016, and anout 20% of these had to close their doors as a result. 61% of the Singapore SME’s also had to shut down for over nine hours, about one business day, shutting down operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 191

Hack on Italy’s largest bank affects 400,000 customers

“400,000 customers put at risk”

Two security breaches have put hundreds of thousands of sensitive consumer data in jeopardy. Unicredit has stated that personal data and account numbers may have been leaked, also adding that passwords were not leaked, indicating that no unauthorized transactions took place.

Using AI to spot malware patterns

“Protecting organizations has never been more difficult and necessary”

The number of entry points and connected endpoints has only increased, showing that the bad guys are only getting smarter. A new security startup, Cylance, is using artifical intelligence to change the game and counter these criminals.

Majority of Consumers Believe IoT Needs Security Built In

“Global survey say IoT is a ‘shared responsibility'”

Many respondents to a global survey believe that consumers and manufacturers share responsibility to secure networks. Irdeto’s report shows that 90% of respondents think that security should be built in to IoT devices, but are more divided on who is responsible for implementing the systems.

Cloud-Based Email Security Systems From Microsoft And Symantec Miss Thousands Of Unsafe Emails

“Risk assessment on more than 45 million emails”

Email and data security company Mimecast has run an extensive experiment on corporate email vulnerabilities over more than a year. About 24% of the emails were marked as unsafe, with most being spam while some contained dangerous malware. That may seem like a relatively small amount, but given that all of the emails were originally classified as ‘safe’ we see a bigger problem emerge.

Shoddy data-stripping exposes firms to hack attacks

“Research suggests much vulnerability”

Many large firms have made themselves open to attacks because of inadequate data stripping on their websites. Researchers have found that as employees create documents, images, and other files, the data is uploaded to the companies website and not properly maintained.

Enjoy your read? Check out our other content here.

 

10Fold- Security Never Sleeps- 187

Undetected For Years, Stantinko Malware Infected Half a Million Systems

“Massive botnet remained under the radar for five years”

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Network Spreading Capabilities Added to Emotet Trojan

“Emotet Trojan spreads malware on internal networks”

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

US Banks Targeted with Trickbot Trojan

“Necurs spreads to financial institutions”

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

Kansas data breach compromised millions of Social Security numbers In 10 States

“Over 5.5 million potentially compromised”

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 186

SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices

“Running on older versions of the Samba file-sharing server”

An unknown entity is using the SambaCry security vulnerability to install a backdoor Trojan on Linux devices. According to TrendMicro, most of the attacks are tied to NAS devices which ship with the Samba server that provides file-sharing interoperability between different operating systems.

Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

“Could affect millions of IoT devices”

Researchers have dubbed a new security flaw that could affect many devices as “Devils Ivy.” The stack-based overflow was discovered by IoT security startup Senrio in a camera from Axis Communications.

These 10 US states have the highest rate of malware infections in the country

“Does location have a correlation to malware attacks?”

A new look at over 1 million malware infections from Enigma Software Group has found significant across all states in the U.S. New Hampshire seems to be the most at risk, with infection rates around 200% higher than than the national average.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 181

IoT Devices Plagued by Lesser-Known Security Hole

“Massive exposure for IoT devices”

IoT device security is often challenged on the public internet. Most recently, MQTT communications have been found by researchers at Black Hat that the 90’s era protocol can be easily manipulated to access many sensitive machines. In the past, these processes have been used to sabotage or snoop on power plants, ATM’s, and other devices.

Cyber security training must reflect real risks, warns the IISP

“False sense of security likely”

The IISP is warning businesses that in the rush to ‘skill-up’ on cyber security processes could lead to firms resting at ease under false pretenses. The Institute of Information Security Professionals advises firms to invest wisely in training and consider the quality and applicable benefits.

Malware scam zeroes in on ANZ customers

“Fake email plaguing ANZ customers”

Clients of the ANZ bank are receiving fake emails loaded with malware intending to steal their sensitive data. Email filtering company MailGuard has stated that a type of ‘highly convincing’ fraudulent ANZ bank invoices have begun to circulate in the morning of July 11th.

How a data breach can negatively impact your company’s stock price

“Lasting effects not typically discussed”

We all know that company data breaches can lead to lost records, IP theft, and much more. However what is not discussed as often is the focus of the Comparitech report released Tuesday. The report detailed the lasting impact of a data breach, including effects on stock price, that can last for years after the fact.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 174

Microsoft claims Fireball malware enterprise threat ‘overblown’

“Actions taken to quell threat perception”

Microsoft has public doubts about the Fireball, which has been touted as a serious concern for consumers and enterprises. Windows Defense researcher Hamish O’Dea has stated in recent reports that the cybercriminal campaign is “overblown.”

Japanese Honda factory hit with WannaCry ransomware

“Honda plant forced to halt production”

After the Sayama, Japan Honda plant was hit with WannaCry it was forced to halt vehicle production systems on Monday. After the discovery of the attack Sunday the Sayama plant stopped while other plants continued to maintain scheduled construction.

Improving The Customer Journey With IoT

“IoT is strongest tool for coherence with omni-tool CX strategies”

IoT has the power to track customer preferences, and 24/7 customer engagement. The present has never been more powerful and consistent for IoT systems, providing a bright future for the future of the technology.

Two Britons arrested over Microsoft hack

“Alleged plans to access Microsoft”

Two men, aged 22 and 25, were detained by police on Thursday in regards to their plan to infiltrate Microsoft networks. There is evidence that the two men had attempted repeatedly to access the systems between January and March this year.

 

10Fold- Security Never Sleeps- 165

WannaCry ‘Highly Likely’ Work of North Korean-linked Hackers, Symantec Says

“Lazarus hacking group suspected”

One of the most debilitating ransomware attaks in recent memory was almost certainly the work of North-Korean linked hacking organization ‘Lazarus,’ security group Symantec claims. The suggestion was based on information that the tools and infrasturcture of the program are similar to that of previous Lazarus projects.

Russian Hackers Infected 1 Million Phones With Banking Trojan

“Over 20 suspects involved”

Russian Interior Ministry authorities announced that a major cybercriminal gang has been disbanded on Monday. This paricular group had been responsible for almost $900,000 from banking instituions after the infection of over one million Android devices. The group leader is believed to be a 30-year-old in Ivanovo, however members are spread through at least five regions of Russia.

Hackers easily trick scanner to unlock Samsung Galaxy S8

“Concerns of featured security measure”

Samsung has been touting their new iris recognition technology as ‘virtually impossible’ to replicate, advertising it as the new flagship S8 security feature. However the hacking group Chaos Computer Club (CCC) has had a differnet story to tell about the new phone’s technology. The organization has claimed that it has easily defeated the feature with just a camera, printer, and a contact lens.

Emerging Threats to Add to Your Security Radar Screen

“New tech promises even more complex defense in the future”

The technology of the future, such IoT and machine learning devices, promise to increase productivity to points never before imagined. However, they also promise to make security threats even more broad than they currently are. As more and more businesses across all fields employ the technology, the vulnerabilities continue to spread with them.