Google Security Team Releases “Project Wycheproof”

“We’re excited to announce the release of Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses,” stated Daniel Bleichenbacher, Security Engineer and Thai Duong, Security Engineer, aka Cyber Overlord at Google, on the Google Security Blog.

“We’ve developed over 80 test cases which have uncovered more than 40 security bugs (some tests or bugs are not open sourced today, as they are being fixed by vendors),” they noted. “For example, we found that we could recover the private key of widely-used DSA and ECDHCimplementations. We also provide ready-to-use tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK.”

Read the full blog post here…

The main motivation for the project is to have an achievable goal. That’s why we’ve named it after the Mount Wycheproof, the smallest mountain in the world. The smaller the mountain the easier it is to climb it!

In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades’ worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means.

These observations have prompted us to develop Project Wycheproof, a collection of unit tests that detect known weaknesses or check for expected behaviors of some cryptographic algorithm. Our cryptographers have surveyed the literature and implemented most known attacks. As a result, Project Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto, and authenticated encryption.

Our first set of tests are written in Java, because Java has a common cryptographic interface. This allowed us to test multiple providers with a single test suite. While this interface is somewhat low level, and should not be used directly, we still apply a “defense in depth” argument and expect that the implementations are as robust as possible. For example, we consider weak default values to be a significant security flaw. We are converting as many tests into sets of test vectors to simplify porting the tests to other languages.

While we are committed to develop as many tests as possible and external contributions are welcome — if you want to contribute, please read CONTRIBUTINGbefore sending us pull requests — Project Wycheproof is by no means complete. Passing the tests does not imply that the library is secure, it just means that it is not vulnerable to the attacks that Project Wycheproof tries to detect. Cryptographers constantly discover new weaknesses in cryptographic protocols. Nevertheless, with Project Wycheproof developers and users now can check their libraries against a large number of known attacks without having to sift through hundreds of academic papers or become cryptographers themselves.

For more information about the tests and what you can do with them, please visit our homepage on GitHub.

The post Google Security Team Releases “Project Wycheproof” appeared first on SecurityProNews.

Read more here:: Security Pro News

DDoS Attack Kills Krebs Security Site

One of the largest Denial of Service (DDoS) attacks ever seen on the internet has caused Akamai to dump a site it hosted, The DDoS attack was apparently in retaliation for journalist Brian Krebs‘ recent article about vDOS, which is allegedly a cyberattack service. According to BI following Krebs reporting two Israeli men were arrested. and the site was taken down.

One Twitter post noted the irony in a security expert having his site taken down because of a DDoS attack. “Brian Krebs, the man who gives cybercriminals nightmares, has been hit with a Godzilla-sized DDoS attack,” noted cybercrime researcher, blogger and speaker, Graham Cluley, “Sad news, hope he’s back soon.”

The Attack Was Huge

Holy moly. Prolexic reports my site was just hit with the largest DDOS the internet has ever seen. 665 Gbps. Site’s still up. #FAIL

— briankrebs (@briankrebs) September 21, 2016

Before his site was take down Krebs posted about the attack on his website saying that was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. “The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed.”

It’s looking likely that KrebsOnSecurity will be offline for a while. Akamai’s kicking me off their network tonight.

— briankrebs (@briankrebs) September 22, 2016

Later Akamai did take down the site and Krebs was understanding:

Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don’t fault them at all.

— briankrebs (@briankrebs) September 23, 2016

“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second,” writes Krebs. “Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.”

Krebs said that Martin McKeay, Akamai’s senior security advocate, told him that this was the largest attack that they had seen. Earlier this year they clocked an attack at 363 Gbps, but there was a major difference: This attack was launched by a “very large” botnet of hacked devices, where typical DDoS attacks use the common amplifying technique that bulks up a small attack into a large one.

Krebs last tweets about the attack:

So long everyone. It’s been real.

— briankrebs (@briankrebs) September 22, 2016

there’s no place like

— briankrebs (@briankrebs) September 23, 2016

The post DDoS Attack Kills Krebs Security Site appeared first on SecurityProNews.

Read more here:: Security Pro News

Google: Cloud Computing More Secure Than Any On-Premise Solution

Google recently conducted a roundtable of in-house experts discussing how Google uniquely provides a secure platform for businesses to store their data online. Google experts tell the story of how Google invented innovative technology allowing them to keep their customers information and data safe from digital intruders.

“Information security has become such a hot topic,” stated Eran Feigenbaum, Director of Security for Google Apps. “With the increase in cybercrime, the trends in privacy, the changes in regulations, it’s something that businesses can’t ignore. Enterprises all over the world are concerned about security.”

Companies around the world are rapidly moving toward cloud computing spurred on by the success of Amazon’s AWS platform. Google has been working hard to catch up especially in regards to large enterprise companies that require an extreme level of security.

“The move of businesses to cloud computing has really increased,” said Feigenbaum. “Companies see the benefits of lower cost, but also the ability to innovate faster for users to collaborate. But one of the big areas of hesitation is security, right? Companies are not comfortable putting their own data into the cloud.”

Should Companies be Concerned About Cloud Security?

“I think we’re seeing a real sea change right now with respect to people understanding that the cloud is more secure than on any on-premise solution,” says Suzanne Frey, Director of Security, Privacy, and Trust at Google. “If you just think about it, mathematically, you’ve
got all these different on-premise solutions and individual teams trying to do the right thing.”

Frey says that Google is extremely focused on putting their best talent and expertise on making sure that the Google Cloud solution is secure. “If you take a look at our customer base, we have some of the world’s largest banks. We have some of the most stringent government customers. We’re FedRAMP certified here in the US, and the fact that we can solve for security for all of those customers is a great testimony to our capabilities,” she adds.

She sees Google as different than other cloud providers. “In addition, we solve for something special,” said Frey. “In talking to our customers, it’s our ability to innovate and to bring new ideas to bear that help enable them to be competitive, productive, and truly novel, and focus on the things that matter to them. That’s part of our really special secret sauce.”

Frey adds, “I often say to people, at Google, security comes in two forms, it’s both traditional cybersecurity, but it’s also security against technological stagnation.

Innovation Vs. Security

Can a cloud provider be too secure at the expense of innovation? “Actually, I like the observation about being too focused on security to the exclusion of innovation,” says Adrian Ludwig, Director of Android Security, in reply to Frey’s observation. “I hadn’t seen that phrased that way. But I think one of the changes that we’ve seen in the mobile space over the last few years is companies have focused first and foremost on innovation–Android being a great example of that– but we’ve tied it to a security model that is how people actually consume applications and services.”

“So we thought about the web and sandboxing model that was used on the web, and we incorporated that in the way we built application sandboxing,” Ludwid added. “I think a consequence of that is cloud services are becoming more and more important. Most applications that are built for Android, or that are built for mobile, regardless of your mobile platform, are really cloud-based. So I think those two are tied together, because both of them, we’re thinking about innovation first and foremost, and the security has sort
of unlocked that innovation.”

The Cloud Has Security Advantages

“We have a complex set of systems that we’re dealing with today and they get more and more complex over time,” said Tim Willis, Technical Manager of Chrome Security. “We also have adversaries with increasing levels of sophistication. So you’ve got that on one side and on the other side, we’ve got IT managers having to defend their networks. The problem with defense is you need to defend everything incredibly well. Attackers only need to find one hole into your network.”

Willis adds, “I think that’s where an advantage of moving to the cloud is that you have dedicated teams with robust experience. Some of the people who I work with wrote my textbooks in university and it’s one of those things that I get to work with these experts and that’s all they do. They focus on security, and that’s one of the huge benefits, in my point of view, of moving to the cloud.”

Safety of the Data that’s Not at Google

Do cloud providers have a responsibility for data safety when the data leaves the cloud?
“Safe Browsing would be a good example of something that we can do at very, very large scale, where we actually believe that the right approach is make the entire internet safer.,” says Stephan Somogyi, a Product Manager in Google’s Security and Privacy Engineering Team. “So we build systems that hunt around and find malware and find phishing and then we go and report this.

“An individual consumer can benefit from this, because their web browser will let them know,” adds Somogyi. “In a cloud environment, enterprises can take advantage of this data as well and keep themselves protected. We take this approach through a number of different areas– certificate transparency being another example– where we’re taking a look at the internet as a whole and finding ways to keep it safe at scale.”

Google Cloud Security Innovations Moving the Needle

“For the longest time, we have been talking about sort of two-factor authentication is critically important for most organizations to implement,” said Frey. “Many customers use Google Authenticator and other apps like that to generate a one-time passcode, and those are great. They’re certainly better than nothing, right? However, a hardware-based security key is just quantum leaps ahead in terms of they’re not hackable and they really do protect our customers from phishing in a way that, basically, the one-time passwords do not.”

“One of those (not so glamorous) things is encryption for me,” said Willis. “It may not seem incredibly innovative, but we’re working really hard to make sure that all of our traffic is encrypted at rest and at transit. One example where we’re being open with that is our HTTPS Transparency Report. Now, you can go to that site and you can see our progress towards our goal of 100% encryption in transit through all of our products.”

“Again, another example would be working with TLS 1.3.,” added Willis. “That’s the next generation of Transport Layer Security. Now, it may not sound glamorous, but we’re not only
helping to implement that, we’re helping author the next version. That shows that we’re in the mix and we know what technologies are around the corner.”

Willis explained that a practical application of that would be Progressive Web Apps. “These are low friction web applications, which are designed to help increase engagement and have an app-like experience for customers and businesses,” he said. “We’ve seen studies how that increases engagement, and it’s fantastic, it’s easy across the board.”

“Why am I talking about it?” asks Willis. “TLS is actually a hard requirement for those apps. So it’s one of these things where not only are we innovating, we’re making sure that security is baked in from the get-go. I think that’s one huge advantage of Google.”

“There’s a couple of elements about that that are interesting to me,” said Ludwig. “One of them is it’s not so much that the security itself is innovative, it’s about using an innovative product to make security available.”

Ludwig says that what they did early on with Android is thinking about the platform stack. “We were like, OK, you need to have a verified boot, and you need to have encryption, and you need to have sandboxing,” he said. “Those are all sort of, I think at this point, almost commodities for an operating system. But one of the things that Google brought to bear was security services. It’s going to be a cloud-connected device and we’re going to make all of those services available, by default, on all of the devices.”

“We started thinking about, how do you bind services into the operating system itself? We added things like SafetyNet and Verify Apps, where there are effectively hooks in the operating system where we can make sure that we’re adding security dynamically over time.
And so we can innovate in security even more quickly than we can innovate in the operating system itself,” added Ludwig.

Interestingly, Ludwig says that most people don’t even realize this about the Google Cloud. “But that’s OK, because they’re safer and they’re happier as a result of it.”

The post Google: Cloud Computing More Secure Than Any On-Premise Solution appeared first on SecurityProNews.

Read more here:: Security Pro News

Google Sees Its Cloud Platform as Most Secure

Neal Mueller, Security and Networking lead for Google Cloud, recently was interviewed about security and other important aspects of using the Google Cloud Platform to host websites, online retailers and other data intensive applications.

Should I move our online applications to the cloud and is it secure?

We get that question less and less these days. There are big advantages to moving to the cloud. You get to have all of the scale that you want immediately when you want it. You don’t pay for it when you don’t use it. And you don’t have to worry about the maintenance of the underlying machines. The advantages are so big, in fact, that we seldom get the question of, should I move to the cloud? More often, the question that we get is, how can I move to the cloud safely?

Where does Google’s responsibility for security begin?

It’s simple. Google’s responsibility is to control the underlying infrastructure. Your responsibility is to secure the data on top.

Why use Google as a cloud provider?

One of the reasons that we talk about a lot is that Google is the right cloud provider for you because we’ve got over 500 security engineers. These are 500 people that are foremost in their fields. They’ve been in peer-reviewed journals, they’re experts at security.

Let me give you an example of just one team within the 500. It’s called Project Zero. These are forward-facing engineers whose job it is to discover 0-Days, that is, new vulnerabilities, never before seen or disclosed. They discovered Heartbleed, which affects anybody with a browser. It’s a TLS vulnerability. They discovered rowhammer, which affects anybody that has a computer with RAM and they discovered 15 of the last 21 KVM vulnerabilities, which is really important to Google because we use KVM as our chosen hypervisor technology. All of these vulnerabilities, as soon as we discover them, we immediately disclose them so that the world is a safer place thanks to the work of Project Zero.

Can you tell us more about this?

Let’s talk about the word provenance. It’s a word in English that means come from. It’s a fundamental tenet of how we think of secure systems. We don’t just buy hardware that’s off the shelf. We return to first principles, figure out what functionality we need from the hardware and which ones we don’t, because functionality that’s included in the hardware off the shelf might introduce vulnerabilities that we don’t want. This leads us in many cases to custom-build secure systems. So we have custom-built ASICs, custom-built servers, custom-built racks, custom-built storage arrays inside custom-built data centers. All of this leads to a much more secure data center.

Infrastructure security, doesn’t that go beyond hardware?

Sure. It extends to the people inside that data center, too. These are full-time, badged Googlers that have submitted to a background check and have an array of physical security to make their job easier. We’re talking about stuff that you’ve seen in “Mission Impossible”– biometrics, lasers, vehicle barriers, bollards. All of this is custom-built, also, to make the data center more secure.

So is this unique to just Google?

Yeah, it’s unique to Google, but not for long. Part of being Google is giving back to your community. So as part of the Open Compute Project, just last week with Facebook, we released our design for a 48-volt rack. This is a very high-density, highly efficient, highly green rack. And although Google is the only one that can build it, now that everybody has the designs, everybody can build data centers as efficient.

What other cool stuff is Google Cloud doing?

What’s next? So with 500 security engineers on staff, there’s a lot that’s up next. But let me tell you about just two things that spring to mind. The first one is BeyondCorp. Here, we have separated ourself from the traditional enterprise security model. Traditional enterprise security has a hard firewall to guard the perimeter. However, we’ve seen what happens with recent breaches– what happens when an adversary gets inside that perimeter. He has relatively unfettered access to the resources inside the internet. What Google does is device authentication which allows our applications to be accessible by the internet, but be just as secure as if they were only accessible by the intranet. We believe that this makes our public cloud more secure.

What’s the second initiative?

On Google Cloud Platform, data at rest is encrypted by default. This is a real differentiator for us. We believe it’s good practice and good business. We’ve seen what happens when adversaries get a hold of breached PII and we think that encryption by default is a good preventative measure against that.

The post Google Sees Its Cloud Platform as Most Secure appeared first on SecurityProNews.

Read more here:: Security Pro News

Adblocking Goes Mobile

Some quick facts from the PageFair 2016 Mobile Adblocking Report:

  • At least 419 million people (22% of the world’s 1.9bn smartphone users) are blocking ads on the mobile web.
  • Both mobile web and in-app ads can now be blocked.
  • As of March 2016 an estimated 408 million people are actively using mobile adblocking browsers (i.e., a mobile browser that blocks ads by default).
  • As of March 2016 there are 159 million users of mobile adblocking browsers in China, 122 million in India, and 38 million in Indonesia.
  • As of March 2016 in Europe and North America there were 14 million monthly active users of mobile adblocking browsers.
  • A further 4.9 million content blocking and in-app adblocking apps were downloaded from the app stores in Europe and North America since September 2014.

“Although consumer adoption of mobile level ad blockers is lower than the desktop market, Juniper Research believes that adoption is set to witness a sizable increase,” said Juniper Research analyst Sam Barker. “Drivers of this include Apples inclusion of ad blocking compatibility with Safari and increasing consumer awareness.”

He adds, that much like desktop browsers, mobile ad blockers are not able to block all types of advertising:

  • Internet Search and Display Adverts will be blocked, however like the desktop space, native adverts are not able to be blocked.
  • Video Display Adverts are able to be blocked, except if the video is channelled through a mobile application.
  • The possibility of blocking in-app advertising has been explored, however when speaking to players in the market many feel the practice to be morally unethical or the technical challenges too costly.

“In comparison to the desktop space, the mobile ad blocking market is still fairly nascent,” said Barker. “Since the announcement from Apple in September 2015 that iOS’s native browser would be able to support ad blocking applications there has been a rise in the number of users adopting the technology.

The Bad News is AdBlock-Plus is Not Alone

IAB President Randall Rothenberg noted that for-profit adblockers have become the “darlings of the venture capital industry and angel investors” and include otherwise mainstream advertising technology and publishing companies.

There’s Shine, an Israeli startup that sells adblocking software for mobile phone networks so that they can block ads at the network level. Shine is backed by Horizons Ventures which backed Spotify and Facebook.

Then there’s Brave, that was launched by former Mozilla CEO Brendan Eich. Rothenberg says that “his business model not only strips advertisements from publishers’ pages – it replaces them with his own for-profit ads.”

“The ad-block profiteers are building for-profit companies whose business models are premised on impeding the movement of commercial, political, and public-service communication between and among producers and consumers,” says Rothenberg. “They offer to lift their toll gates for those wealthy enough to pay them off, or who submit to their demands that they constrict their freedom of speech to fit the shackles of their revenue schemes.”

The post Adblocking Goes Mobile appeared first on SecurityProNews.

Read more here:: Security Pro News

Hard Rock Finds Card Scraping Malware on its Payment System

The Hard Rock Hotel & Casino in Las Vegas discovered a major breach of their credit card processing data with card scraping malware placed on its payment-card system. Cardholders who purchased anything at Hard Rock Las Vegas including restaurant and retail outlets between October 27, 2015 and March 21, 2016, could have been affected. The popular Las Vegas party resort popular with celebrities first noticed irregularities in May.

The Hard Rock described the data that was taken:

“The investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved.”

“Once again, we see another hotel being breached by what is suspected to be malware that was placed on a payment-card system,” stated John Christly, who is a Cybersecurity Evangelist at Netsurion. “Customers like this need to understand that they are in a digital war with the hackers that want this type of data.” Christly bluntly calls this “a a war that is being won, in many instances, by these hackers and that absolutely needs to change.”

Zach Forsyth, Director of Product Strategy at Comodo tells us why hospitality organization are targeted by hackers:

“Hospitality organizations are ideal targets for the cybercriminal today because they handle highly valuable personal and financial information—the proverbial goldmine for the cyberthief. Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share.

Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers. It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left. By then, it’s too late. The focus for IT departments needs to be on protection, not detection, and installing modern secure Web gateways and advanced endpoint protection solutions that can stop malware and cyberattacks from compromising data and negatively impacting their businesses and customers.”

“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s still no secret that large brand name companies like Hard Rock are unfortunate targets for hackers— enticing them with large quantities of valuable information such as credit card data for patrons, sensitive employee data for staff, and sometimes even medical data used by in-house care facilities, added Christly. “Many recent breaches have involved malware that, once installed, works to steal sensitive data.”

“There’s no silver bullet strategy to defend against every threat. However, a strong line of defense is making sure that data doesn’t leave the network without the admin’s knowledge and if data is sent out, it only goes to verified Internet addresses. This is where having a relationship with a managed security provider can help, since it is very difficult to defend against the emerging threats of today’s cybersecurity world on your own.”

According to the Wall Street Journal, “In the past year, Hyatt Hotels Inc., Starwood Hotels & Resorts Worldwide Inc. and Hilton Worldwide Holdings Inc. all reported data breaches of their credit and debit-card processing systems.”

The post Hard Rock Finds Card Scraping Malware on its Payment System appeared first on SecurityProNews.

Read more here:: Security Pro News

DNC Hacked By Russian Government, “Sophistication Very Very High”

The Washington Post is reporting that Russian government hackers penetrated DNC computers over a year ago and have everything including all email and chat traffic. According to Washington Post sources their main purpose was to steal opposition research about Donald Trump.

The Post said that Russian spies were also targeting the networks of presidential candidates Hillary Clinton and Donald Trump and some GOP political action committees, but it is unknown if breaches were made at this time.

From the Washington Post:

The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.

The intrusions are an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president — much as American spies gather similar information on foreign candidates and leaders.

The depth of the penetration reflects the skill and determination of the United States’ top cyber adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations.

Shawn Henry, the president of CrowdStrike and former F.B.I. agent, spoke to MSNBC: “We were able to identify with a very high degree of confidence a group that we have attributed back to the Russian government targeting that D.N.C. network. Foreign intelligence services are constantly interested in political processes.”

“We were actually called by the DNC through their Counsel when they saw that there were some irregularities,” stated Henry. “They were concerned about a potential breach within their environment. We came in and did our typical incident response, we deployed certain pieces of technology that we use to try to get some visibility into the extent, the depth and breadth of this particular breach. In the course of this working very closely with the staff of the DNC we were able to identify with a very high degree of confidence a group that we have attributed back to the Russian government.”

Henry added, “We know with certainty, my time in the Bureau, that foreign intelligence services are constantly interested in political processes, their interested in strategies, their interested in foreign policies, ect. The DNC and others have been targeted over the years by this very very sophisticated group with a high degree of capability and some very very sophisticated technology.”

“Typically on our network we’ve got corporate strategies, email communication, documents, spreadsheets, PDF, calendars, etc.,” commented Henry. “The foreign intelligence services understand and recognize that organizations maintain this information and they’re looking to get any type of advantage as the political process continues to help them better develop their political strategies and to have a deep understanding of candidates. In this particular case, this groups level of sophistication is very very high, very very difficult to detect and they are able to maintain persistence for long periods of time without being uncovered. Because of that ability to remain stealth in the environment they’re able to look at these communications and documents for a protracted period of time.”

The post DNC Hacked By Russian Government, “Sophistication Very Very High” appeared first on SecurityProNews.

Read more here:: Security Pro News

Splunk Enterprise Security Strategies Discussed At SplunkLive!

The SplunkLive! event was in Boston yesterday to help users, consultants and others learn how … (per the event site) more than 11,000 enterprises, government agencies, universities and service providers in over 100 countries use Splunk® software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost! Got that?

Bob Brown of NetworkWorld was at SplunkLive! and gave us his report. Here’s a snippet:

With a company and product name like Splunk, you’ve gotta hang a bit loose, as I found upon sitting in at the company’s SplunkLive! event in Boston this week.

The first customer speaker of the day gave a frank assessment of his organization’s implementation (“the on-premises solution, we struggled with it…”) and his frustrations with the licensing model. You have to give Splunk credit for having enough confidence in its offerings to showcase such a kick-off case study.

Another customer whose Splunk implementation started with IT managers said he used to get “weird looks” from colleagues in finance and operations when it was suggested they use Splunk, too. And another customer who spoke at the event joked that “Get Drunk with Splunk” was one possible tagline for its use of the product that wound up on the cutting room floor.

Read Bob Brown’s article at NetworkWorld here.

Per Splunk, “Splunk Enterprise makes it simple to collect, analyze and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications—giving you the insights to drive operational performance and business results.”

Here’s a great video on what Splunk Enterprise is:

The post Splunk Enterprise Security Strategies Discussed At SplunkLive! appeared first on SecurityProNews.

Read more here:: Security Pro News


Gmail Phishing Emails

Phishing.jpg 300x200 Gmail Phishing Emails by Authcom, Nova Scotia\s Internet and Computing Solutions Provider in Kentville, Annapolis ValleyPhishing” is the industry term for emails asking you to connect to a website to enter your security information, such as your username & password.  They frequently appear to be from someone you know, or a reputable company warning you that your account is at risk.  For example, a common phishing scam involves an email warning you that “Your banking information may have been compromised, please click here to update your account password to avoid account closure.”  They simply toss the emails onto the net, and hope someone bites: hence phishing.

A new round of phishing emails purporting to be related to Google’s Gmail accounts are currently making the rounds, so here’s a few handy tips to avoid falling victims to such scams:

  • Most reputable companies never email links to update passwords, since most reputable companies are well aware of phishing attempts, so your first impulse should always be to assume it is not a legitimate email.  Barring that:
  • If you receive an email asking you to update ANY information for a reputable site you use, NEVER CLICK the emailed links.  Simply open up the website via a bookmark or app (or however you normally access that website) and check to see if there’s any system notifications for you.
  • If you would like additional confirmation, do not reply to the email for confirmation.  Go to the website, and use their contact form, or their official email address, or call technical support for the company, and ask for conformation.
  • If the message is coming from an email address for someone you know, please notify that individual via a different contact method (eg: phone, facebook, twitter).  If their email address has been compromised, simply replying to their email will not work.

The individuals perpetrating phishing scams have very little to lose, since it only takes a few bites for them to make it profitable.  Avoiding being one of those bites is easy by following the simple steps above.

Microsoft Announces New Service – Windows Defender Advanced Threat Protection

Microsoft announced a new service called Windows Defender Advanced Threat Protection, which it calls the next step in its efforts to protect enterprise customers.

The service helps enterprises detect, investigate, and respond to advanced attacks on their networks, building on existing security features in Windows 10. There’s a new post-breach layer of protection.

“With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations,” says Terry Myerson, Executive Vice President of Microsoft’s Windows and Devices Group.

“Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments,” Myerson says. “Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services.”

Myerson discusses how the offering detects advanced attacks, its response recommendations, and how it complements Microsoft’s other threat detection solutions here.

Microsoft of course insists that all Windows users upgrade to Windows 10 to have their most advanced security features.

The post Microsoft Announces New Service – Windows Defender Advanced Threat Protection appeared first on SecurityProNews.

Read more here:: Security Pro News