Tag Archives: security

Security Never Sleeps- SEC Security, CCleaner Security

SEC admits data breach, suggests illicit trading was key

“Regulator database opened”

The SEC has admitted to being hacked in 2016, with illegal trading potentially at the root of the breach. On Wednesday, SEC Chairman Jay Clayton said one of the financial regulator’s databases, containing corporate announcements, was compromised and may have been used to gain an advantage in stock trading.

CCleaner Hack Carried Out In Order to Target Big Tech Companies

“Group believed to operate out of China”

The CCleaner hack that took place over the summer and came to light this week might have been carried out by an infamous cyber-espionage group, believed to be operating out of China, and which targeted a list of who’s who of western tech companies. Thin lines connect evidence collected from the CCleaner incident to the activity of a cyber-espionage group that goes primarily by the name of Axiom, but is also referenced as APT17, DeputyDog, Tailgater Team, Hidden Lynx, Voho, Group 72, or AuroraPanda.

Attackers Take Over WordPress, Joomla, JBoss Servers to Mine Monero

“Frequency of attacks up about 6 times”

Attacks aimed at delivering cryptocurrency mining tools on enterprise networks have gone up significantly, according to telemetry data collected by IBM’s X-Force team between January and August 2017. A recent report by fellow cyber-security firm Kaspersky found that cryptocurrency mining malware also infected over 1.65 million machines running Kaspersky solutions in the first eight months of the year.

Equifax Sent Breach Victims to Fake Website

“Failure after failure”

Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency following the hacker attack that affected as many as 143 million consumers in the U.S., 400,000 in the U.K. and 100,000 in Canada.

Enjoy your read? Check out our other content here.

The Intern Experience at 10Fold

Far from just a lame B – Lister movie trying to prove that Vince Vaughn and Owen Wilson are still relevant and it’s these crazy millennials that are the ones out of touch with reality, internships are actually a critical step to success in the PR.

Unfortunately, internships have kind of a bad rap. Think cliché intern and what comes to mind? Coffee? Menial grunt work? Free labor? All too often that’s exactly the case.

But not all internships are created equal. At 10Fold, we pride ourselves on our internships and really believe our program to be a cut above the rest.

So what exactly sets an internship at 10Fold apart?

It’s paid. Always.

No not in experience, or possible college credit, but in cold hard bimonthly direct deposits. Because 10Fold understands you can’t pay your landlord with a glowing letter of recommendation.

You get real world experience.

We don’t bring in interns to be coffee fetchers or kitchen cleaners; if that’s all we thought you could do we wouldn’t want to hire you in the first place. Our interns are paired directly with a senior staff member on day one and immediately get started on real work. Bad news for aspiring pencil pushers, but great news for those driven to succeed.

You’re part of the team.

Interns aren’t some expendable resource that we renew every couple of months. At 10Fold we really believe that everyone we hire is becoming part of our team and we treat them accordingly; no intern coordinator that buffers the interns from the rest of the company, no exclusive training sessions for full time hires only, no battle royal where we pit all the interns against each other in gladiatorial combat to see who among them will earn the full time position (although we can all agree that would be the best way by far).

We care about our employees, and we celebrate when our interns are successful. Literally. Every Friday, in a meeting with everyone in the company from the CEO down, we make sure to let everyone know exactly how well our interns are doing. Sometimes we even do a little cheer.

Maybe that’s why we end up hiring 70% of the interns we employ.

But hey this could all just be some corporate sales pitch right? Well listen to what intern Nathan Zaragosa has to say about his time at 10Fold:

“I personally wanted to really grow from my internship, and gain skills I didn’t have before. From the moment I came into 10Fold, I’ve been assigned real projects that make impacts such as client social media content creation, event and award searches and outreach, and most recently pitching reporters. 10Fold went as far to ask the intern team to come up with ideas to improve training in the intern program! These projects not only help you grow your skillset, but make you feel like you’re making a difference in the company.”

Enjoy your read? Check out our other content here.

Balbix: Predicting Data-Breaches Before They Happen

WannaCry and Petya are the names of two particularly damaging types of ransomware. Ransomware is a type of malware that infects computer systems, encrypts the data on those systems and doesn’t relinquish it until a ransom is paid. My fellow 10Fold colleague Kory Buckley recently wrote a blog on the topic.

Many of the organizations that were affected with these latest ransomware versions had adequate network security measures in place, including firewalls and antivirus, but the attack still managed get though most defenses. Much of that has to do with how the security stack around endpoint protection is configured. Balbix, a San Jose, CA-based network security company believes they have developed an innovative solution that will help organizations better protect potential endpoint vulnerabilities. And they’re doing it using advances in artificial intelligences (AI).

On June 6, Balbix emerged from stealth with the industry’s first predictive breach-risk platform that is able to predict and prevent an attack before it happens.Balbix was founded by Gaurav Banga, former CEO of Bromium, with the mission to measure risk and give enterprises the confidence they need with increasing their cyber-resilience.

In addition to launching their security platform, the company announced $8.6 million in investor funding from Mayfield.

How does Balbix work?

Balbix has built the market’s first platform to use predictive analytics and Artificial Intelligence to automatically measure breach risk and calculate resilience. Balbix also uses specialized sensors across the enterprise to continuously discover and monitor all devices, apps and users across hundreds of potential attack vectors. These sensors allow security teams to visualize their breach risk and quickly prioritize operations and projects.

The Balbix’s platform features:

  1. Comprehensive risk heat-map: Balbix has created a system that automatically monitors and analyzes the enterprise network 24/7/365 across hundreds of attack vectors. This helps overburdened security teams prioritize mitigation projects by identifying areas of highest risk and surfacing actionable insights.
  2. Predictive risk analytics: Balbix predicts breach scenarios by analyzing indicators of risk, factors that point to the future likelihood of occurrence of security incidents, e.g., user clickthrough behavior indicating high phishing risk. In contrast, existing products rely on indicators of attack or compromise based on security events that have already happened.
  3. Effectiveness of mitigations and cyber-resilience: Balbix can compute the effectiveness of security mitigations already implemented and help prioritize planned security projects. The system also measures organizations’ cyber-resilience – the ability to limit the impact of security incidents.

In a recent eSecurity Planet article, Balbix founder and CEO, Gaurav Banga said, “AI and automation offer two key advantage in security: they’re very good at dealing with large vectors of data across hundreds of dimensions, and they provide the ability to understand and report the level of confidence in any conclusions reached in order to avoid false positives. Because of these two advantages, AI, when correctly implemented, can provide super-powers to cyber defenders, who now have the ability to come to the best conclusions given large amounts of fuzzy security data from their operating environment.”

In my eyes, Balbix is a network security company to watch. But don’t just take my word for it, read a few of the following stories to see what the media are saying about the company.

  1. eSecurity Planet
  2. eWeek
  3. Dark Reading
  4. SiliconTap
  5. Beta News
  6. FinSMEs
  7. Silicon Angle
  8. VMBlog
  9. SDxCentral
  10. IT Pro Portal
  11. FOX News
  12. IT Business Edge
  13. Channel Partners
  14. Virtual Strategy Magazine

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 191

Hack on Italy’s largest bank affects 400,000 customers

“400,000 customers put at risk”

Two security breaches have put hundreds of thousands of sensitive consumer data in jeopardy. Unicredit has stated that personal data and account numbers may have been leaked, also adding that passwords were not leaked, indicating that no unauthorized transactions took place.

Using AI to spot malware patterns

“Protecting organizations has never been more difficult and necessary”

The number of entry points and connected endpoints has only increased, showing that the bad guys are only getting smarter. A new security startup, Cylance, is using artifical intelligence to change the game and counter these criminals.

Majority of Consumers Believe IoT Needs Security Built In

“Global survey say IoT is a ‘shared responsibility'”

Many respondents to a global survey believe that consumers and manufacturers share responsibility to secure networks. Irdeto’s report shows that 90% of respondents think that security should be built in to IoT devices, but are more divided on who is responsible for implementing the systems.

Cloud-Based Email Security Systems From Microsoft And Symantec Miss Thousands Of Unsafe Emails

“Risk assessment on more than 45 million emails”

Email and data security company Mimecast has run an extensive experiment on corporate email vulnerabilities over more than a year. About 24% of the emails were marked as unsafe, with most being spam while some contained dangerous malware. That may seem like a relatively small amount, but given that all of the emails were originally classified as ‘safe’ we see a bigger problem emerge.

Shoddy data-stripping exposes firms to hack attacks

“Research suggests much vulnerability”

Many large firms have made themselves open to attacks because of inadequate data stripping on their websites. Researchers have found that as employees create documents, images, and other files, the data is uploaded to the companies website and not properly maintained.

Enjoy your read? Check out our other content here.

 

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9

Howdy ya’ll! Greetings From Austin, Texas…

What are we doing in the Lone Star State, you ask? Well, we’re excited to officially announce the opening of our newest 10Fold office! That’s right, we’ve expanded our footprint (or cowboy boot print, we should say) beyond California to Austin, where you can find us located in the heart of downtown at the corner of 6th Street and Congress Avenue, just steps from the Texas State Capitol (map here).

There are many things that attracted us to Austin, primarily the booming local tech scene, coupled with an extremely talented pool of PR professionals. Oh, and of course the amazing BBQ, craft beers, incredible live music, endless sunshine, beautiful Texas wildflowers, etc. are all added bonuses!

We invite you to keep an eye on our blog, as our Austin team will be sharing updates regularly on the agency’s growth, local market trends, the latest hotspots, etc.

We could not be more enthused about the prospect of Austin. If you’re a University of Texas student looking for a summer or fall internship, a PR practicioner exploring your next career opportunity, or an emerging technology company in need of PR and marketing services, we’d love to have a conversation!

Feel free to reach out to us by visting our contact us page.

10Fold Reveals 10 Largest Data Breaches of 2016

Nearly Three Billion Personal Records Breached Around the World

SAN FRANCISCO, CA–(Marketwired – Jan 19, 2017) – 10Fold, a full-service B2B technology public relations agency with a specialization in cybersecurity, today announced that in 2016, more than 2.8 billion personal records were breached on social and file-sharing platforms, email providers and government databases around the world. In its second annual year-in-review, 10Fold analyzed the largest data breaches of 2016, then ranked the top 10 from greatest to least.

“If 2015 was the year of the healthcare data breach — breaches impacted nearly 40 million people — then 2016 was the year of the social media breach. Four of the top 10 breaches were social media related and impacted more than 640 million people,” said Angela Griffo, vice president of the cybersecurity practice at 10Fold. “But the biggest surprise of the year was Yahoo revealing that the information of more than 1.5 billion people had been stolen by attackers. Regardless of an attacker’s motive, any compromised information leaves users susceptible to identity theft and fraud.”

News reports about the 10 largest data breaches discovered in 2016, which are listed below, indicated that each attack affected 49 million users or more. 10Fold selected these data breaches based on independent research collected throughout 2016 and cross-referenced the information with third-party resources, including ID Theft Resource Center and Information is beautiful.

10 Largest Data Breaches of 2016:

1. Yahoo: 1.5 Billion Users — The Yahoo data breach is possibly the largest email provider data breach in history. When Yahoo first confirmed the breach in September 2016, the company revealed the breach impacted 500 million user accounts. The stolen account information included names, dates of birth, telephone numbers, passwords, and security questions and answers. In December, the company revealed an additional one billion users had been affected by the breach, bringing the grand total of affected users to 1.5 billion.

2. FriendFinder Network: 412 Million Users — In October, a number of sites in the FriendFinder Network were hacked, resulting in a data breach that affected 412 million users. According to LeakedSource, the sites affected included Adult Friend Finder, Cams and Penthouse. The breached data encompassed 20 years of user information and included user names, emails, passwords, joining dates and the date last visited. A significant amount of the user information released was the stored data of users who had previously attempted to delete their accounts. Of the total records breached and released, 15 million came from deleted accounts.

3. Myspace: 360 Million Users — In May, the prolific cyberhacker Peace sold the data of 360 million Myspace users. Released user information included names, passwords and secondary passwords. According to Time Inc., the information was from an older 2013 Myspace platform. Only those profiles that existed prior to the site’s relaunch were affected. The new site now includes stronger user account security.

4. LinkedIn: 117 Million Users — In May, it was announced that cyberhacker Peace had sold 117 million emails and encrypted passwords on the dark web for roughly $2,200.

5. VK Russia: More than 100 Million Users — In June 2016, it was reported that hacker Peace was selling the data of 100 million VK users for roughly $570. The information released contained usernames, emails, unencrypted passwords, locations and phone numbers. What’s more, the original hack occurred between 2011 to 2013.

6. Dailymotion: 87.6 Million Users — In October 2016, France-based video sharing site Dailymotion reports indicated that hackers released the usernames and emails of 87.6 million users. According to the Dailymotion blog post, the breach was due to an external security problem. While the company claimed the hack was limited — roughly 18.3 million user accounts were associated with encrypted passwords — all partners and users were still advised to reset their passwords for safekeeping. Dailymotion is the 113th most-visited website in the world.

7. Tumblr: 65 Million Users — In May, 65 million Tumblr accounts were found for sale on the dark web. A cyberhacker using the alias Peace sold the data for $150. According to security researcher Troy Hunt, the data contained email and password information.

8. DropBox: More than 60 Million Users — In August 2016, Dropbox announced that it had reset the passwords of more than 60 million users after the company discovered that an old set of Dropbox user credentials was taken. While the company suspects that the records were originally obtained in 2012, the breach was not discovered and users were not notified until 2016. The released information contained usernames and encrypted passwords. It has been reported that a senior Dropbox employee verified the released data is legitimate.

9. Philippines’ Commission on Elections: 55 Million Voters — On March 27, a hacker group posted the entire database of the Philippines’ Commission on Elections (COMELEC) online. The attackers also shared three links where the information of 55 million registered voters in the Philippines could be downloaded. The distributed data included email addresses, passport numbers and expiration dates, and fingerprint records — information that cannot be replaced or reset. Various reports suggest this breach is the biggest government-related data breach in history.

10. Turkish Citizenship Database: 49.6 Million Citizens — In April 2016, the entire Turkish citizenship database was hacked. Attackers released the personal information of 49.6 million citizens. The information released included details that are found on a standard Turkey identification card, including national identifier, name, parents’ names, gender, birthdate, city of birth and full address. According to reports, hackers validated the data by publishing details of Turkey’s president and former prime minister Recep Tayyip Erdogan. It’s suspected that the hack was politically motivated, based on the following statement found in the released database: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”

Visit 10Fold at Security Never Sleeps During RSA
This year 10Fold is hosting its seventh annual Security Never Sleeps luncheon at RSA, which features a moderated panel discussion and audience Q&A with the cybersecurity industry’s leading executives, media and analysts. The event takes place on Wednesday, February 15 from 11:30 a.m. to 1:30 p.m. PST. Interested in attending this – Invitation Only – event ? Please send an email to: events@10fold.com and we’ll contact you to discuss your potential participation.

About 10Fold
10Fold is a leading North American public relations firm with regional offices in San Francisco, Pleasanton and Capistrano Beach, California. As a privately owned company founded in 1995, 10Fold provides strategic communications and content expertise to B2B organizations that specialize in networking, IT security, cloud, storage, Big Data, enterprise software, AppDev solutions, wireless, and telecom. The award-winning, highly-specialized account teams consist of multi-year public relations veterans, broadcasters and former journalists. 10Fold is a full-service firm that is widely known for its media and analyst relations, original content development, corporate messaging, social media and video production capabilities (through its division ProMotion Studios). For more information, visit www.10fold.com or follow us on Twitter (@10FoldComms) and Facebook (www.facebook.com/10FoldComms).

Network Breaches Are No Match for Veriflow

Based in San Jose, California, Veriflow provides a preventative solution for network administrators who worry about security vulnerabilities from change induced errors. The practical application of this service allows for network administrators who may not be knowledgeable in certain technologies to easily monitor changes in the network. Where Veriflow differs from its peers is the basis of its design; a mathematical formula called formal verification, which continuously evaluates changes and ensures they won’t bring harm to the network.

President and CEO James Brear is a proven industry executive with an impressive history of success. Annual revenues under James rose consistently with his leadership at Procera Networks, totaling nearly 1110% in total growth from the start of his tenure and gathering several awards. This led to the successful acquisition of the firm by Francisco Partners for $240M in 2015. Co-Founder Brighten Godfrey leads the technical research and development for the firm. He holds a Ph.D in computer science and is an expert in mathematical formal verification, which checks the validity of code as it is written.

Veriflow has been awarded several accolades for its unique services, including Innovation Challenge Winner and a silver medal from the Network Products Guide. The firm has also been able to attract investments from the Department of Defense, Menlo Venture Capital, and NEA Technologies.

For more information about Veriflow and their services browse through coverage 10Fold has helped them acquire here and here, and watch how Veriflow’s products work here:

10Fold- Security Never Sleeps- 104

Following Snowden’s Legacy, Contractor Accused of Stealing NSA Files

“Political motivations still unknown”

Stock prices of NSA contractor Booz Allen Hamilton took a nosedive Friday as reports of one of its contractors leaked that a former employee had been charged with two felony accounts of theft of government property and unauthorized removal of classified documents by the Department of Justice. The accused, Harold Martin Thomas III, faces up to 11 years in jail for his alleged crimes. Booz Allen also bears the weight of the formerly employing the highly controversial Edward Snowden, whose leaks to the public in 2013 revealed a mass United States surveillance program.

Expose Retaliation for BuzzFeed

“Retaliation for defamation articles against hacker group OurMine”

Interactive media site BuzzFeed was compromised Thursday by hacker group OurMine, bringing down articles and deleting information related to their members. The massive cyberattack came after BuzzFeed published stories that OurMine, which focuses primarily on the digital accounts of tech CEO’s, venture capitalists and celebrities, may be a lone Saudi Arabian teenager.

Mac Malware Monitor Your Webcam, Microphone

“New malware can penetrate even airtight Mac devices”

Malicious software that targets user’s microphone and webcam access is nothing knew, the NSA and cybercriminals alike have had programs for years that are capable of such feats. However, Mac devices have largely been a different, due primarily to the hardwired light indicating that webcams or microphones are active allowing users to notice their activation. This perceived safety may no longer be the case, according to researcher Patrick Wardle, His team’s analysis at Synack has examined several examples of malware being able to monitor microphone and webcam feeds without activating this light.

eCommerce Sites Lose Customer Data to Web Malware

“MageCart responsible for several incidents”

Cybercriminal campaign ‘MageCart’ has been the culprit of several hacking events involved with the loss of customer data and other sensitive information. MageCart has been active since at least March of this year, targeting other sites such as Powerfront and OpenCart.

10Fold- Security Never Sleeps- 104

Following Snowden’s Legacy, Booz Allen Contractor Charged with File Theft

“Could face up to 11 years in prison”

Former Booz Allen Hamilton employee Harold Thomas Martin III is accused by the Department of Justice of theft of government property and unauthorized removal of classified documents. Stock of the NSA contractor firm took a dip as the news broke. This further scars the company’s reputation that is already bearing the weight of the Edward Snowden revelations of 2013, bringing to light the mass United States government surveillance program that proved very controversial to the public. Whether the intentions of Martin are political is yet to be seen.

Expose Retaliation Hits BuzzFeed

“Hacking group targets interactive media site”

Hacking group OurMine seems to have targeted BuzzFeed, odd considering the group often sets its sights on digital accounts of CEO’s, venture capitalists, and celebrities. The attack on BuzzFeed focused on manipulating the text or completely deleting certain articles related to the groups reputation, in which the website exposed that OurMine may be a solo hacker teenager from Saudi Arabia.

New Malware Can Monitor Webcam, Microphone

“New piggyback virus can access software”

Malware used for covert surveillance is far from new. The NSA has several programs that can monitor voice or video without the notice of a laptops user. However this is not the case with Apple products, as they have a hardwired indicator that notifies the user when the webcam is on. Now this may no longer be the case. Researcher Patrick Wardle explains that a new piggyback virus is able to access webcam and speaker functions without any notification to the user.

eCommerce Malware Stealing Card Data

“Powerfront, OpenCart among affected”

Researchers are monitoring a cybercriminal campaign that have been plaguing several eCommerce sites since at least March of this year. Dubbed ‘Magecart’ by RiskIQ, the malicious software attacks the payment sources of the internet commerce sites, stealing customer personal information and card data.