NijaSecure...: November 2017

CCleaner bundled Avast Free Antivirus to its installer

Avast Free Antivirus comes together with CCleaner in not the most appropriate way

Avast purchased Piriform in the middle of 2017, and it may have led to poor choices made today. Even though CCleaner is a successful system optimization tool for over a decade, it faced a significant downturn once its servers were compromised with the malicious variant of the product^[1].

It may be the reason why researchers have spotted that the security company offers Avast Free Antivirus bundled with the CCleaner installer^[2]. Despite the fact that it is a widely used marketing method, consumers tend to find it highly inappropriate since potentially unwanted programs (PUPs) are also distributed via the same way.

However, by combining CCleaner and Avast Free Antivirus together, many computer users might bring their system security to another level. Sadly, the chosen distribution method seems to deteriorate the safety services both companies provide^[3].

Bundling — method employed not only by Avast but also by shady developers of adware programs

This distribution technique is widely beloved by the contrivers of the potentially unwanted programs (PUPs)^[4]. It is quite ironic since the Avast products should protect you from them. Maybe that is the reason why so many experts and consumers contradict with this tactic employed by the security company.

Bundling brings the ability for developers to increase the rate of distribution. However, the computer users are not notified about the additional installation of the Avast Free Antivirus and lose their ability to choose whether they want it or not.

Therefore, if you have recently downloaded CCleaner, note that the Avast Free Antivirus might also be stealthily infiltrated on your system.

Besides, it becomes quite hard to determine the origins of the application offered in the software-bundles and many people might recognize it as an adware program. It may lead to a significant decrease in the consumer trust which the company has earned over the years.

Learn how to avoid the secret installation for the Avast Free Antivirus

You can protect your system from unwanted programs by following a few simple steps each time you download a new application.^[5] In this case, once you launch the CCleaner installer, choose Custom or Advanced settings and unmark the pre-selected “Get Avast Free Antivirus now” box.

Note that you should avoid opting for Quick or Recommended installation since it does not disclose the necessary information to prevent the infiltration of the adware and other unwanted programs.

Source: 2-spyware

Terdot is back: Zeus virus spin-off now steals social media

Updated version of Terdot trojan emerged
Spotted in the middle of 2016 Terdot virus,^[1] a variant of infamous Zeus Trojan,^[2] is back. Even though it started as a banking trojan, now it returned with a new strategy. The trojan was noticed stealing social media and email data. This feature makes trojan standout from other cyber threats.

The recently emerged updated version of Terdot is designed to steal information from Facebook, Twitter, Google Plus and YouTube. The virus might also use social networks to spread further by posting malicious links to download malware on the devices.

However, the interesting fact is that it does not target VKontakte – the biggest social media platform in Russia. It allows assuming that authors of the malware might be located in Russia or Eastern Europe.^[3]

Additionally, this cyber threat might monitor email activity. Malware reported of targeting email services, such as Microsoft live.com login page, Yahoo Mail, and Gmail.

The features of the Terdot virus

Terdot started as a banking trojan that used man-in-the-middle attacks to compromise websites and steal victim’s credentials. The banking malware mostly targeted Canada,^[4] the United States, the United Kingdom, Germany, and Australia.

PCFinancial,

Desjardins,

BMO,

Royal Bank,

the Toronto Dominion bank,

Banque Nationale, Scotiabank,

CIBC and Tangerine Bank.

The majority of phishing emails are spread with the help of Sundown Exploit Kit. The malicious emails include fake PDF document or icon that hides JavaScript code. As soon as users click it, they activate malware download process. The advanced payload delivery mechanism is created to protect it from obstacles or failures. Thus, the malicious program is designed to succeed and hard to remove.

The trojan also injects itself into web browser processes. It mostly targets Mozilla Firefox and Internet Explorer browsers. When it settles in the browsers and injects malicious codes, it starts data tracking activities to steal sensitive information. All the stolen data is sent to Command & Control server.

The complexity of the trojan might warn about new era of data-stealing trojans

Security experts warn that Terdot malware has automatic update feature that allows developers to execute new tasks using the same trojan. It means that the program might be updated anytime and become more destructive.

Financial institutions and banks are advised to prepare for better customers' accounts monitoring in order to spot suspicious or unusual activities that might be caused by cyber criminals. Banking trojans can steal credentials silently and empty bank accounts without being noticed.

To protect customers from losing their money, targeted companies should give necessary information and support that would help people to avoid financial loss.

The trojan uses a two-vector attack by sending phishing emails and using man-in-the-middle proxy. While companies should obtain multivector detection solution system^[5] to increase the security; users should not only check the compromised websites that include fake security certificates but learn how to detect phishing emails as well.

Source: 2-Spyware

Malicious apps were detected on the Google Play store

According to the Android experts, eight malicious apps were spotted on the Google Play store that were developed to infiltrate a multi-stage malware on the devices. Despite the excellent ability to circumvent antivirus systems, the bogus programs were identified as Android/TrojanDropper.Agent.BKY by the professional security software.

Luckily, none of these harmful applications received more than several hundred downloads and were removed from the Android app store immediately. However, those who suffered from the attack were mainly located in Netherlands and reached the final stage of the malware^[1].

Malicious program passes through 4 phases to load a banking Trojan

Researchers from ESET^[2] explain that the malware is able to hide itself since it doesn’t ask any suspicious permissions to gain administrative rights at first and impersonates a legitimate activity that the app is supposed to perform.

After the installation, the malicious app stealthily decrypts and executes malware payloads in a 4-stage process. This activity is invisible to the users because they are deluded by the regular app procedures. Usually, they offer system optimization or other innocent services.

The first phase decrypts and executes a second-stage payload as mentioned above, which contains an URL that is hardcoded. Shortly after, it downloads a third-stage payload that disguises under a well-known app such as Adobe Flash Player or its update.

To confuse the victims even more, it delays the request to install the application for several minutes. If the user permits the installation of the app, it drops a final payload and takes over the administrative rights of the device.

According to our research, the final phase launches a banking Trojan that displays fake log-in pop-ups that steal usernames, passwords, and other credentials of the victims^[3].

Bogus applications show links to the infamous Android virus

The term Android virus^[4] is used to describe a group of malicious apps that are designed to either steal personal information or encrypt data and demand a ransom. This attack is not an exception since it possesses similar distribution techniques as other phone threats which are attributed to the Android malware.

Be aware that you should carefully introspect applications you attempt to download since hackers manage to create new methods used to hide the presence of the malware. This multi-stage infection might inspire other criminals to examine possible system vulnerabilities^[5] and use them to deliver new bogus programs to the Google Play store.

Source: 2-spyware

MICROSOFT PATCHES 17-YEAR-OLD OFFICE BUG

Microsoft on Tuesday patched a 17-year-old remote code execution bug found in an Office executable called Microsoft Equation Editor. The vulnerability (CVE-2017-11882) was patched as part of Microsoft’s November Patch Tuesday release of 53 fixes.

While Microsoft rates the vulnerability only as “Important” in severity, researchers at Embedi who found the bug, call it “extremely dangerous.

In a report released Tuesday (PDF) by Embedi, researchers argue the vulnerability is a threat because all version of Microsoft Office for the past 17 years are vulnerable and that the CVE “works with all the Microsoft Windows versions (including Microsoft Windows 10 Creators Update).”

The Microsoft Equation Editor is installed by default with the Office suite. The application is used to insert and edit complex equations as Object Linking and Embedding (OLE) items in Microsoft Word documents.

The origins of Equation Editor date back to November 2000 when it was compiled. Since then, it has been part of Office 2000 through Office 2003. Researchers said in 2007 the component was replaced with a newer version. But, the old Equation Editor was left in Office to support files that utilized the old OLE-based (EQNEDT32.EXE) equations.

Further analysis by Embedi revealed that the EQNEDT32.EXE was unsafe because when executed, it ran outside of Office and didn’t benefit from many of the Microsoft Windows 10 and Office security features such as Control Flow Guard.

“The component is an OutProc COM server executed in a separate address space. This means that security mechanisms and policies of the office processes (e.g. WINWORD.EXE, EXCEL.EXE, etc.) do not affect exploitation of the vulnerability in any way, which provides an attacker with a wide array of possibilities,” Embedi wrote in its technical write-up.

Embedi researchers discovered the error using Microsoft’s own BinScope tool, which identified EQNEDT32.EXE as a vulnerable executable. BinScope works by analyzing files to see if they pass standards set by Microsoft’s Security Development Lifecycle, a core element of Microsoft’s Trustworthy Computing.

Embedi exploited this vulnerability using two buffer overflows that relied on several OLEs. “By inserting several OLEs that exploited the described vulnerability, it was possible to execute an arbitrary sequence of commands (e.g. to download an arbitrary file from the Internet and execute it),” researchers said.

Microsoft describes the CVE-2017-11882 as a Microsoft Office memory corruption vulnerability. “Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file,” Microsoft wrote.

As part of its research, Embedi created a proof-of-concept exploit that attacks all versions of Office dating back to 2000, including Office 365, running on Windows 7, Windows 8.1, and the Windows 10 Creators Update. In a video below, Embedi shows three different attacks on Office and Windows versions (Office 2010 on Windows 7, Office 2013 on Windows 8.1, and Office 2016 on Windows 10).

Along with downloading the patch to fix Equation Editor, Embedi is recommending companies disable EQNEDT32.EXE in the Windows registry to prevent further exploitation.

“Because the component has numerous security issues and the vulnerabilities it contains can be easily exploited, the best option for a user to ensure security is to disable registering of the component in Windows registry,” researchers wrote.

Source: Threatpost

CISCO WARNS OF CRITICAL FLAW IN VOICE OS-BASED PRODUCTS

Cisco Systems issued a security advisory warning customers key products tied to its Cisco Voice Operating System software platform were vulnerable to an attack where an unauthenticated, remote hacker could gain unauthorized and elevated access to impacted devices.

The Cisco Security Bulletin is rated Critical and was issued Wednesday. It is tied to a vulnerability (CVE-2017-12337) in its Voice Operating System software which is used in flagship products such as its Cisco Unified Communications Manager, which brings together voice, video, telepresence, messaging and presence. Cisco Unified Communications Manager was previously known as CallManager.

Cisco lists 12 products affected by the bug including versions of its Cisco Prime License Manager, Cisco SocialMiner, Cisco Emergency Responder and Cisco MediaSense.

“The vulnerability occurs when a refresh upgrade or Prime Collaboration Deployment (PCD)

migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password,” Cisco wrote in its bulletin.

Cisco said that attackers that manage to access the impacted devices over SSH File Transfer Protocol (SFTP) while still vulnerable, could gain root access to the device at that time. “This access could allow the attacker to compromise the affected system completely,” Cisco wrote.

SFTP enables secure file transfer capabilities between networked hosts and is sometimes referred to as Secure File Transfer Protocol.

“If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action,” according to Cisco.

Researchers also note “Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability.”

Cisco said a software update fixes the bug, and that no workaround to the vulnerability is available at this time.

The U.S. Department of Homeland Security also issued a warning via US-CERT of the vulnerability on Wednesday.

Source: Threatpost

PHISHING BIGGEST THREAT TO GOOGLE ACCOUNT SECURITY

Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks.

Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyze how cybercriminals operating underground markets for stolen credentials steal, use and monetize this date.

Looking at black market activity from March 2016 to March 2017 and its impact on exclusively Google accounts, the researchers said they wanted to know how the multitude of keyloggers, phishing kits and available data from publicly known breaches for sale can be turned around to learn valid email credentials and in turn control over a user’s online identity.

The news isn’t good.

In a paper presented at the recent Conference on Computer and Communications Security, Google said that between 7 percent and 25 percent of exposed passwords matched a victim’s Google account. Overall, Google and UC Berkeley estimates there are 1.9 billion usernames and passwords cultivated from breaches that are being traded on the black market. Tack on to that another 12.4 million victims of phishing kits and another 788,000 victims of commercial keyloggers and the climate is dire.

“We observe a remarkable lack of external pressure on bad actors, with phishing kit playbooks and keylogger capabilities remaining largely unchanged since the mid-2000s,” the researchers wrote.

Of the black markets tracked in this research, Google said there are 25,000 tools for phishing and keyloggers at attackers’ disposal. Even though attackers are failing to access Google accounts three out of four times, it’s not for a lack of effort.

“Because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity,” Google said in a blog postaccompanying the report. “We found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model.

“By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches,” Google said.

Phishing remains one of the most successful phenomena in security, despite more than a decade of education and examples of successful attacks based on the technique.

“Hijackers also have varying success at emulating the historical login behavior and device profile of targeted accounts. We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user,” the researchers wrote. “In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. This discrepancy results from phishing kits actively stealing risk profile information to impersonate a victim, with 83 percent of phishing kits collecting geolocations, 18 percent phone numbers, and 16 percent User-Agent data.”

Backing this up, the researchers found more than 4,000 phishing kits used in active attacks during the period of time studied compared to 52 keyloggers. Phishing kits are packages of all-in-one tools for creating and configuring content used in these attacks, including email and website creation. These kits generally are used to collect a victim’s username and password, but also geolocation information and a lot more. The credentials are forwarded to the attacker over SMPT, FTP or uploading them to a website. Most phishing kits—and keyloggers—are configured to steal Gmail credentials, the study said. Yahoo webmail users, however, were the biggest victims of credential leaks. Yahoo has reported that at one time all of its 3 billion users’ data has been exposed to attackers.

Google said it has already used this data to reinforce the security of Gmail.

“Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution,” the researchers wrote.

Source: threatpost

Malware forecast for 2018: More ransomware, Android & Mac viruses

Get to know the malware forecast for 2018

A recent analysis by SophosLabs reveals the top security threats of 2017 which are likely to grow in 2018. This year, we have seen a rise in malicious cryptocurrency miners, at least three major global ransomware outbreaks (WannaCry, Petya, Bad Rabbit^[1]), numerous malware variants on Google Play Store, and series of security vulnerabilities in Windows OS software.

2017 showed us that cybercrime economy is growing so rapidly that it actually gets hard for inexperienced computer users to keep up with the latest tricks the crooks use. Nowadays, it is essential to install the latest updates and avoid any online content that looks at least a bit suspicious.

If you want to stay safe on the Internet in 2018, be aware of these critical threats of 2018. Also, it is vital to stay in the know by following the latest malware trends and especially malware distribution techniques. We also suggest you not to delay any software updates suggested by your computer or mobile operating system provider.

Having the latest copies of the operating system as well as software installed on your device helps to prevent cybercriminals from taking advantage of security vulnerabilities found in earlier versions.

Key malware trends of 2018

1. Ransomware

While in the first quarter of 2017 Cerber and Locky dominated as the most dangerous ransomware viruses, their names faded into insignificance after WannaCry, NotPetya/ExPetr, and Bad Rabbit ransomware outbreaks.

According to SophosLabs statistics, Cerber still remains one of the most prolific file-encrypting malware family which takes 44.2% of the ransomware landscape. The global cyber attack of May 2017 pushed Cerber out of the first place and guaranteed the first position for WannaCry ransomware virus, which scored 45.3% of all spotted ransomware variants in clients’ computers.

The success of WannaCry relies on the EternalBlue exploit^[2] that allowed distribution of the ransomware using a vulnerability in Server Message Block (SMB) used by Windows computers.

The subsequent ransomware outbreak in June 2017 brought NotPetya/ExPetr virus known as a similar copy of the previously-known Petya ransomware. The malware developers also took advantage of the EternalBlue exploit to address a security flaw in SMB protocols and distribute the ransomware rapidly.

Finally, the third ransomware outbreak introduced Bad Rabbit ransomware which is believed to be an updated variant of the NotPetya wiper virus. The malware mainly affected Russia and Ukraine as it was distributed via dozens of compromised websites pushing fake Adobe Flash Player update.

Besides, security experts point out that the growth of the ransomware threat is directly influenced by ransomware-as-a-service. Cybercriminals have recently realized that they could turn their illegal activities into a well-paying business by allowing other criminals use their virtual extortion tools or boost their distribution across the globe.

Therefore, nowadays scammers do not even have to know how to code – they can join ransomware affiliate schemes and start generating revenue right away.

2. Android virus

In 2017, Google Play Store failed to prove that it can fix its security systems and protect its users from malicious applications. We’ve seen numerous cases of malware on the official Android app store, and while all of the dangerous apps were taken down rapidly, they still managed to infect thousands of devices worldwide. Some of the compromised applications even contained malicious Monero-mining scripts.^[3]

However, even more, severe malware hides in applications downloaded from shady Internet sources. DoubleLocker ransomware, LokiBot, GhostClicker, and Sockbot are just a few of examples that target Android OS users daily.

Probably the most worrying fact is that out of all 10 million shady Android apps processed by SophosLabs, the majority (77%) turned out to be malicious. The remaining 23% are potentially unwanted applications.

3. Malware that targets Mac OS X

For many years people used to believe that Macs are not vulnerable to malware. However, despite that Macs are less popular than Windows computers, cybercriminals already started creating malware and spyware for this operating system as well. So far, the only good thing is that at the moment there are more potentially unwanted applications and spyware variants than severe malware for Macs. However, it doesn’t mean that hackers won’t create critical viruses for OS X users in the future.

Researchers report that the most active annoyances for Mac users are Advanced Mac Cleaner, TuneUpMyMac, Genieo^[4], and SpiGot software. Speaking of more dangerous viruses, we must mention Mac ransomware such as MacRansom and MacSpy.

4. Windows threats

Finally, the fourth key threat is vulnerabilities in Microsoft Windows. Researchers share a list of the most exploited vulnerabilities in 2017:

CVE-2017-0199 (36%)^[4];

CVE-2012-0158 (32%);

CVE-2016-7193 (10%);

CVE-2015-1641 (7%);

CVE-2011-0611 (4%);

Others (11%).

The majority of the vulnerabilities are critical as they allow cybercriminals to execute code on victim’s computer remotely. To put it simply, hackers can take advantage of these weaknesses and use them to install malicious programs on the unprotected system.

Protecting your computer from malware in 2018

Computer users are advised to follow these general security tips to avoid rampageous malware variants in 2018:

Keep all your programs up-to-date. However, remember that you must install software updates from official software developers’ sites only. For instance, fake updates of well-known software such as Flash Player can infect your PC with malware like Bad Rabbit.

Keep track of the latest Microsoft security patches and install the updates as soon as they become available.

Use a security software with a real-time protection feature.

Create a data backup.

Never open email attachments if you do not know the sender personally or if you did not expect to receive a message from him/her.

Never enable Macros function^[5] in Microsoft Office documents you receive unless you are 100% that the file is safe. We highly recommend scanning such files with a security software first.

Source: 2-spyware

Black Friday 2017: 6 main tips to avoid scams

Common scam strategies and tips to avoid getting deceived

Black Friday is the anticipated event not only for consumers, but it is a perfect occasion for online fraudsters to manifest their crafty deception strategies. Shopping scam fever does not only occur at this time of the year but before big year events: Christmas and New Year, as well. Therefore, arming up with the knowledge about scam prevention might be a wise decision.

Check Facebook offer information on an official service provider site

Online racketeers find Facebook a perfect haven for their felonies. Unfortunately, past cases reveal that the community still does not learn from their mistakes.

Fake airplane tickets can be called annual Facebook shopping scam. This year one of them involved Delta, AirAsia or Emirates Airlines companies.^[1] Free flight ticket giveaways turned out not only to be a surprise for customers but for the very companies as well.

At that time, fraudsters attempted to wheedle out users by using infected websites. In order to avoid getting scammed, check the official websites of the companies to verify the information. If you tend to purchase goods from Facebook Marketplace, make the purchase and exchange of the product at the same time.^[2]

Beware of shopping scam messages on social apps

As Facebook virus^[3] reveals the number of users, who take the same bait twice, you might also expect similar felonies on social apps. Recently, UK users were targeted with a new ASDA scam^[4]. The latter is a popular supermarket retailer in the country.

WhatsApp users got messages suggesting them to visit http://www.asda.com/mycoupon. The message also contained grammar mistakes which suggested the deceptive origin. The latter page does not exist. Nonetheless, marketers foisted Javascript in the link redirecting users to counterfeited pages asking for personal information.

Avoid installing fake iPhone or Android shopping apps

If you are a pro-app user, you might certainly have one or two app which helps you find proper deals. Note that finding one might be a difficult task as well. There are tons of fake applications. Such software may not only bother you with frustrating adware pop-ups but may infect you with the mobile version of ransomware or another sort of infection.

While Google Play is struggling to ward off crypto-coin miners, iPhone users should not let their guard down as well. There has been a trend of counterfeited apps plaguing App store as well. Besides nagging users with commercial notifications, they also target your personal and credit card information.^[5]

Use secure internet connection

Whether you intend to purchase goods or services from a specific website, pay attention whether it has SSL certificate. i.e., “https” indicator in front of the site URL name. It is one of the key signs of a reliable site. Naturally, you should also look for other indicators: explicit privacy policy, terms of use and contact credentials.

Choose verified payment platform

Cyber felons tend to offer their own payment domains. Likewise, it is always a better solution to opt for Paypal or other reliable payment platforms, which provide money transfer and return guarantee in case of a dispute or technical difficulties.

Avoid opening failed packaged delivery email attachments

Spam emails are urging you to review the invoice or failed package delivery attachments is often a common trick used by ransomware developers. Such messages may contain grammar mistakes and typos.

On the other hand, some felons also this method. They may load users with refund offers. Unlike in real cases, such message will contain little information and instead urge you to review the attachment. Note that a proper email attachment always includes a screenshot of the content.

Source: 2-Spyware

Encryption is a Costume to Hide Threats on the Internet

It is the time of the year where adults and children alike put on costumes and go out to gather candy or create mischief. The costumes are scary or cute, but always achieve the goal of obfuscating the individual and hiding their true identity and intent. The person wearing the costume does not express their goal until they are interacting with their target.

Encryption of content on the internet serves the same purpose. People and devices are surfing the internet and accessing applications owned by different businesses. These businesses do not know the intent of the user connecting to their application unless they are using various IT security inspection solutions such as next-generation firewalls (NGFW), intrusion prevention systems (IPS), and web application firewalls (WAF). Encryption of the content makes it impossible for these security solutions to inspect the traffic for malicious behavior unless they have the ability to decrypt the connection to expose the clear-text information within the payload.

Trick or treat?

Encrypted content makes it hard to determine who the user is. It is even harder to determine the intent of the user. Encryption makes everyone look similar when surveying the field. Many of the identifying keys that security solutions use are hidden within the encrypted payload.

This makes it essential for businesses to use technologies that can unencrypt the content to discover the real purpose of the user. Decryption removes the costume to reveal the person’s true goal. Once the content is decrypted, the existing security solutions can do their job to identify the potential threats.

Don’t throw out the good with the bad

Not all encrypted connections hide malicious intent. There are good reasons to use encryption as well. People want privacy to protect their personal information such as medical or financial records. Encryption provides data integrity to ensure that the information received is exactly what was sent.

A proper solution is needed to address the positive and negative goals of encryption, alike. We need to inspect the encrypted traffic for the malicious content while protecting the information of the legitimate users. Most of the costumed people are friendly and looking for treats, but we need to be able to identify and stop the few people that may want to throw eggs at your house or worse.

The solution is not unlike the security checkpoints at the airport. A universal system to decrypt the traffic at one centralized location can decrypt the content, perform an initial triage analysis and then steer the traffic to the different security solutions as unencrypted data. Once the security solutions have performed their task, the content is re-encrypted and sent on to its destination.

Encryption is agnostic

Encryption has neither good nor bad intent. It is designed to hide the intent of the content that is being obfuscated. The technology is doing the same job the holiday costumes are performing for the people. There is a reason the content is encrypted, and it is up to the business to determine the intent whether the user is looking for that trick or treat.

Source: radware blog

Data Center Application Layer Attacks

This post originally appeared on the Cisco blog: Data Center Application Layer Attacks

There have been a number of articles written on data center outages and their business costs of lost productivity, infrastructure damage, loss of brand reputation and goodwill in the marketplace, and litigation costs. Data center outages can occur from a number of factors such as such as component quality issues, power supply disturbances, or human error. Even turning systems off for routine maintenance could lead to a potentially costly incident to the business. However a multiyear Ponemon study, “Cost of Data Center Outages” found that the fastest growing cause of data center outages was cybercrime.

The negative impact from cybercrime is not only the data theft, regulatory fines, or litigation costs but also the downtime of critical systems. Businesses rely on their data center availability to drive employee productivity, engage with their customers, and generate revenue. The Cisco 2017 Security Capabilities Benchmark Study found that outages due to security breaches often have a lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Forty-one percent of these outages affected between 11 percent and 30 percent of systems.

Attackers can leverage a number of techniques to attack the data center; from sophisticated malware to a rise in DDoS (distributed denial of service) attacks targeting the application layer. In those application layer DDoS attacks, web servers, application servers, or online services are targeted and flooded with just enough traffic to knock them offline. They target applications in a way that they appear to be actual requests from users. Since they can be smaller than traditional volumetric DDoS attacks they may go unnoticed by security solutions until it is too late.

To protect against application-layer DDoS attacks, Cisco integrated comprehensive, behavioral DDoS mitigation from Radware into its Firepower 4100 Series and 9300 next generation firewall (NGFW) appliances. Radware’s Virtual DefensePro capabilities add application layer DDoS protection to Firepower’s tightly integrated, multi-layered threat protection including application firewalling, next generation intrusion prevention (NGIPS), and advanced malware protection (AMP). Context and intelligence is shared among security functions to accelerate threat detection and response and maximize your security investment.

Integrating Radware DDoS to Firepower NGFW protects data center resources to better function in a DDoS attack and prevent sensitive information from being compromised. Firepower NGFW resiliency is improved in a DDoS attack, allowing it to better distinguish between legitimate and illegitimate traffic. Firewalls by design track stateful connections and may become easily overwhelmed by DDoS attack traffic. Many attackers target the firewall directly in DDoS attacks, trying to cripple it to leave the network unprotected so this layer of resiliency can be important.

For more information on Cisco Firepower NGFW’s, please visit: https ://www.cisco.com /go/ngfw

Source: radware blog

WhatsApp officially launches unsend feature to delete messages

Earlier this week, WhatsApp updated its FAQ page with instructions on how people can use its new unsend feature that lets users purge the embarrassing messages they sent before their intended recipient has had a chance to read them. But unfortunately, most users still didn’t have access to the new functionality.

This changes today. The Facebook subsidiary has announced in a new blog postthat it has begun rolling out the unsend feature to all of its users worldwide. “This feature is rolling out for users around the world on the latest versions of iPhone, Android, Windows Phone as well as desktop,” the post read.

Here is what you can expect:

To access ‘Delete for everyone,’ make sure you’ve updated to the latest version on WhatsApp. Another thing to keep in mind is that using the feature won’t work unless “[b]oth you and the message recipient” are running the app’s latest iteration.

To give you some context, though ‘Delete for everyone’ is only making its way to the official release now, WhatsApp has been testing the feature since at least June.

To avoid sending a message you will regret (thinking you could unsend it whenever you want), it might be worth catching a peek at all the particularities of using ‘Delete for everyone.’

Source: TNW