Search This Blog

Showing posts with label IT Security News. Show all posts

Russians will be able to buy alcohol using a mobile application instead of a paper passport


The digital experiment on the introduction of electronic passports in Russia will help to ensure the safety of citizens and identify the level of fraud attempts, said Russian Deputy Prime Minister Maxim Akimov.

According to him, the experiment will begin in the first half of 2020 in Moscow.

Earlier, E Hacking News published information that the Russian government has determined the basic parameters of the future electronic passport. Prime Minister Dmitry Medvedev said that the main version is a plastic card with a chip, which will be complemented by the secure mobile application "My passport".

Akimov specified that the experiment will be extended to services where there are no legally significant transactions. A mobile application “My passport” replacing a paper passport will work as a payment for goods and services using wireless data transmission technology.

For example, an electronic passport can be presented when buying alcohol or cigarettes, Akimov explained.

"The application will use Russian cryptography. In general, it will work approximately the way payment for goods and services using NFC (Near field communication) is working now," the Deputy Prime Minister said.

Moreover, during the experiment, people will be able to choose the design of the application and the color scheme, as well as to evaluate the usability and functionality.

Special readers such as touchscreens for reading fingerprints or devices with face recognition technology will be installed to control and block the sale of alcohol to people with strong alcohol intoxication or who are driving car.

The Deputy Prime Minister admitted that driver tracking systems using facial recognition technology can become mandatory in Russia within a few years to prevent people to drive while intoxicated. According to him, this is quite serious technology.

It is planned to put the surname, name, date and place of birth of the person, as well as the validity of the passport on the plastic card with the chip (the card will be valid within ten years). In addition, the electronic passport will contain the data of migration registration, Individual insurance account number (SNILS) and Individual Taxpayer Number (ITN), as well as the driver’s license.


Moscow metro launched a new secure Wi-Fi network


MaximaTelecom launched a closed network in the Moscow metro, which will be free for users who agree to watch ads. Most likely, the company, operating in the metro for seven years, decided to do it after the scandal with the data leak.

It should be noted that MaximaTelecom is the Russian telecommunication company engaged in the development and commercialization of public wireless networks since 2004; the operator of Europe's largest public Wi-Fi network.

The company MaximaTelecom begins open testing of the closed Wi-Fi network in the Metropolitan using Hotspot 2.0 technology. Since January 2019, testing of this network was available only to employees of the company.

According to Boris Volpe, MaximTelecom CEO, Wi-Fi in the Moscow metro will become the largest secure public network in Europe after the introduction of Hotspot 2.0 technologies. Open technology testing will take three months.

According to a company representative, this network has protection against automatic connection to phishing points. In addition, the Hotspot 2.0 technology includes radio encryption. Thus, the user is protected from traffic interception between the access point and the client device.

It is interesting to note that the launch of the new network could be a delayed reaction of the company to the scandal with the leak of user data. Recall that in April programmer Vladimir Serov reported a major vulnerability in Wi-Fi of MaximaTelecom. According to him, it allowed attackers to obtain phone numbers of all connected passengers, as well as unencrypted data about users, such as phone number, gender, age.

MaximaTelecom recognized the existence of the vulnerability and reported that it was promptly closed turning off the option to store data on the movement of users between stations. Roskomnadzor sent a request to find out details, but violations of the rights of users were not recorded.

"With the development of LTE services by mobile operators, the need for Wi-Fi services in the subway, encrypted or not, is reduced," commented MForum expert Alexei Boyko.

Earlier E Hacking News reported that it was found out that Tele2 is monitoring subscribers using a dangerous script. The company gets access to the data due to the mass implementation of scripts via CDN.

Russian cyber security specialists massively quit from Russian banks



The Central Bank’s requirements for information security, which have dramatically increased over the past year, led to the departure of specialists in this field from banks to other industries. This situation has risks for banks and their customers. Experts noted that hackers who in 2019 refocused the attack from banks to government offices and industrial companies, can come back.

The banking market is in a dangerous situation, because the leading information security experts leave banks, finding application in other industries.

According to Alexander Vinogradov, the former head of the information security service at Zlatkombank, only among his acquaintances, 11 important Bank security officers who held senior positions resigned from credit institutions and found work in other areas — Telecom, retail, etc.

"The guys are just tired: the load on information security specialists has increased many times over the past year, the requirements have increased many times, many do not stand the load,” he said.

"The maximum responsibility and requirements with a very dubious return," — said Denis Malygia, the former head of the service of the Bank "Garant-invest", commenting on his decision to leave the post.

According to the information security experts, there is another problem, it is the unwillingness of banks to allocate budgets, which is why the risks of successful hacker attacks increase. Specialists of Group-IB said that 74% of the banks are not ready for hacker attacks.

Experts believe that the departure of information security specialists from banks is a dangerous trend. Maria Voronova, the Director of Consulting at InfoWatch Group of Companies, said that personnel risks, in particular, shortage of personnel, are one of the main operational risks in the field of information security.

According to experts, it is rather difficult to find a replacement for those who quit the bank. It may take about six months to find a new head of information security service.

It is interesting to note that in the first quarter of 2019, cyber attacks on the financial sector amounted to 6% of the total number of attacks on legal entities. State institutions (16%), medical (10%) and industrial companies (10%) became the most popular among hackers. If the bank security system will be more vulnerable, hackers can switch to this area.

The Central Bank of Russia has found problems with cybersecurity in all verified Banks


This year, the Bank of Russia checked 75 Banks for compliance with cybersecurity requirements and found all violations of the requirements. The head of the CBR Elvira Nabiullina informed about this, speaking at the II International Cybersecurity Congress (ICC).

Nabiullina said, "Since last year, the Central Bank as a regulator has the authority to supervise financial institutions in terms of how they fulfill cyber security requirements. Last year we checked 58 Banks, this year - 75. Problems and violations were found in all of them."

The Chairman of the Central Bank added that the problems found in Banks should not be considered critical, but they can become such over time, if not to take measures to prevent possible cybercrime.

Nabiullina noted that protection from cyber risks and the level of cybersecurity in the near future will become a competitive advantage for all companies. At the same time, the main drawback is that the business processes of Banks do not include the management of cyber risks.

The Chairman of the Central Bank drew attention to the fact that Russian bankers have no particular fear of hackers. Apparently, for this reason, certain shortcomings or problems were identified in each financial organization.

According to Nabiullina, there is a neglect of cybersecurity in society, and the heads of companies do not understand the problem.

Nabiullina stressed, “Our task is to use new technologies and try to go a step further, keeping up with hackers.”

Russian Prime Minister Dmitry Medvedev also spoke at the ICC. He said that it was necessary "to develop global security standards". Also, Medvedev noted that crimes that are committed with the help of the Internet "have no boundaries."

It should be noted that earlier German Gref, CEO, Chairman of the Executive Board of Sberbank, expressed the opinion that the heads of large companies should be paranoid in the fight against cyber threats: "We are responsible not only for ourselves, but we have hundreds of millions of our customers."

Security flaws found in taxi booking apps

Experts of the Russian Quality System (http://roskachestvo.gov.ru/) made a decision that the most popular applications for ordering a taxi can cause the leakage of personal data, such as Bank card information.

Experts tested such programs as "Yandex.Taxi", Uber Russia, Maxim, Gett, City-Mobil, Rutaxi and Fasten. It turned out that almost half of the applications are vulnerable to DDoS attacks which can cause a blocking of the service.

The test showed that there are a number of potential vulnerabilities in applications, for example, weak hashing and encryption algorithms and insecure SSL implementation.

In turn, Taxi services specified that their programs use a secure data transfer protocol, and all information is stored in encrypted form.

According to experts, people should not order a taxi when connected to an open Wi-Fi network or they must install a VPN client on the device.

The idea of taxi applications nowadays is very practical and comfortable, but the quality of services leaves much to be desired. It turns out that in reality companies are not responsible for the qualification of taxi drivers, as well as for its absence when it comes to litigation. It will not be surprising if next time companies will not take the consequences for the leakage of personal data.

The database of patients of Moscow region ambulance leaked to the Internet

The database of patients of ambulance service of Moscow region is publicly available on the Web and is stored on file hosting service with a capacity of 17.8 GB. The document contains information, such as the name of the person who called the ambulance, the contact phone number, the address, the date and time of the call, a description of the patient's condition upon the arrival of the doctors.

The representative of the Ministry of Health said that the management system of the ambulance service applied all the necessary measures to protect information in accordance with the current law. The data of citizens is securely protected and only authorized employees have access to it.

The company Group-IB explained that the leak occurred through the database management system MongoDB.

Anastasia Tikhonova, Head of the group-IB threats research group, said that the database was almost in the open access and did not require authorization or other security settings.

In addition, Anastasia added that a group of Ukrainian hacktivists THack3forU leaked the base to the network. They are activists who use computer hacking to promote the ideology of free speech and political freedom. Such cybercriminals use leakage for dirty political purposes.

Andrei Arsentiev, an analyst of InfoWatch, explained that the reason for the leak was the fact that the operator left the MongoDB cloud server unprotected, forgetting to protect it with a password.

Denis Legato, an anti-virus expert of Kaspersky Lab, stressed that the main problem in this situation was the inattention of administrators to the security settings.

It is worth noting that a month ago it became known about the leakage of the database of patients in the Lipetsk region. As a result, the Head of the Department of material and technical support of the Health Department lost his post.

Security Vulnerability in McDonald's India allows hackers to access Customer data

 
If you are from India and have ordered Burger in McDonald's, your personal details are at risk.

Security researchers from  Fallible found a serious vulnerability McDonald’s India application that allows hackers to access millions of customer data.

There is no authentication or authorization check in API used in the application.   Sending request to "http://services.mcdelivery.co.in/ProcessUser.svc/GetUserProfile" with customer id in the header allows to access customer details.

The customer id is a sequential number.  All an attacker needs to do is create a script and increase the number to dump all customer data.

"The lack of strong data protection and privacy laws or penalties in India, unlike the European Union , United States or Singapore has led to companies ignoring user data protection" The researcher said.

"We have in the past discovered more than 50 instances of data leaks in several Indian organizations." The researcher said.

The vulnerability allows attackers to obtain name, address, email address, phone number,  Date of birth, GPS Co-ordinates and social profile details.

The researchers reported the issue to McDelivery on 4th February, 2017.  After few days(13th Feb), they received an acknowledgement from the McDelivery IT Manager.  From 7th march,  Fallible tried to contact the McDelivery to know the status.  However, there is no response from their side.  The bug is still not fixed, at the time of writing.

In Jan 2017, a researcher Tijme Gommers found two critical bugs "an insecure cryptographic storage vulnerability" and XSS in McDonald.

Hackers could easily bypass SBI's OTP security

One Time Password (OTP) has become the new security feature on most of the websites, including the banks. This feature allows a user to make online transactions after the identity of the customer is verified by putting the OTP password sent to the registered mobile number from the bank. But who knew this security feature could be easily bypassed and lead to huge loss of money.

A white-hat hacker, bug bounty hunter and web application security researcher, Neeraj Edwards shared his research on how he could easily bypass the OTP of one of the most popular bank, State Bank of India (SBI) and could make the transaction with any amount.



While making a transaction, the last page of SBI’s website shows a One Time Password screen where there is a parameter called ‘smartotpflag is set to Y i.e. smartotpflag=Y’.


Smartotpflag parameter is used to generate OTP, and Y represents ‘yes’ to send the code to the registered mobile. However, the risk factor arises if someone changes ‘Y’ to ‘N’ which means ‘No’. The transaction then will be completed without entering the OTP.


Though after Edwards discovery, the vulnerability was patched but it was highly disappointing that the person who could have easily benefited from this vulnerability, but choose not to, was neither rewarded nor acknowledged for his work.

The press too could not make this important news to the papers, thus keeping the public in dark and keeping the discoverer from any achievement.

The POC Video:
https://www.youtube.com/watch?v=2kYm1G2jBcM

IT security firm Trustwave sued for Failing to Stop Data Breach

IT security firm Trustwave has been accused of failing to properly investigate the card breach suffered by the Las Vegas-based casino operator Affinity Gaming in 2013.

Affinity Gaming filed a complaint in the district court of Nevada in December alleged Trustwave of misrepresenting themselves and failed to perform the adequate investigation, identify the breach, and falsely misinform them about the correction of the breach.

In December 2013, Affinity Gaming suffered a security breach that penetrated their payment card systems. They called Trustwave to investigate the matter.

According to the complaint filed “Trustwave informed the company that the malware was removed from its systems and that the breach was contained.”

After Trustwave completed its investigation, Affinity Gaming called Ernst & Young to conduct penetration testing. While penetration testing testers identified suspicious activity associated with a piece of malware.

Now Affinity Gaming  called FireEye-owned forensic specialist Mandiant  for further investigation.

The complaint was filed based on the latest investigation done by Mandiant.

“Trustwave had failed to diagnose that the data breach actually was the result of unidentified outside persons or organizations who were able to compromise Affinity’s data through Affinity Gaming’s Virtual Private Network (VPN), and that the ‘backdoor’ these persons/organizations had created — which Trustwave had speculated may have existed but concluded was ‘inert’ — was very real and accessible,” reads the complaint.

“Mandiant also determined that the unauthorized access and renewed data breach occurred on a continuous basis both before and after Trustwave claimed that the data breach had been contained,” it continues.

Affinity is looking for damages in excess of $100,000 / €92,000.

A trojan that evades security products and stole data

Spymel, a new Trojan discovered by Zscaler (a US-based cyber-security vendor), reaches computer through spam emails and remain undetected from security products.

This Trojan is attached to emails as an archive file. Once it is downloaded and decompressed, the archive file starts executing a JavaScript file that downloads and installs the actual malware executable, a .NET binary.
It is notion that the  archive file does not contain the malware, so the antivirus products fails to flag the danger. .Net binary is also not detected because of the  digital certificate that is issued by  SBO INVEST via DigiCert.

According to Zscaler  Spymel infections was  first detected in early December 2015. As soon as they informed the case to DigiCert and had the certificate revoked. But the group behind Spymel quickly updated their certificate
.
Spymel can act like a malware payload downloader , make screenshots of a user's desktop, record videos of the desktop, log keystrokes, and upload stolen data to a remote server.

Spymel is a perfect example of  malware, where malware can use archive files boobytrapped with JavaScript code and digital certificates to hide.

MagSpoof which costs $10 can steal your credit card number


Someone has made a device that costs $10 which could steal credit card information when anyone has lost his credit card and applied for a new card. And before he gets it, the device helps hacers to steal or at least guess the credit card number.

The device dubbed MagSpoof was made by Samy Kamkar. The device can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals.

According to the hackers, MagSpoof can spoof any magnetic stripe or credit card entirely wirelessly, it also disable chip and PIN (EMV) protection and accurately predict the card number and expiration date on American Express credit cards.

“MagSpoof can be used as a traditional credit card and simply store all of your credit cards (and with modification, can technically disable chip requirements) in various impressive and exciting form factors, or can be used for security research in any area that would traditionally require a magstripe, such as readers for credit cards, drivers licenses, hotel room keys, automated parking lot tickets, etc,” Kamkar said in a blog post.

MagSpoof emulates a magnetic stripe by quickly changing the polarization of an electromagnet, producing a magnetic field similar to that of a normal magnetic stripe as if it's being swiped. The magstripe reader requires no form of wireless receiver, NFC, or RFID. MagSpoof works wirelessly, even with standard magstripe readers. The stronger the electromagnet, the further away you can use it.

The device actually guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards.


The hacker has notified American Express and said the company is fixing the flaw. 

FBI denies paying $1 million to attack Tor



FBI has refused an accusation of paying at least $1 million to Carnegie Mellon University (CMU) researchers to infiltrate Tor, a free software implementation of second-generation onion routing that enables its users to communicate anonymously on the internet.

The intelligence agency told Ars Technica, that these accusations of paying the security researchers of the university to disclose the Tor users as well as Reveal their IP addresses as part of a criminal investigation was 'inaccurate'.

"The allegation that we paid (Carnegie Mellon University) $1 million to hack into Tor is inaccurate," the FBI said.

However, the Tor Project team had discovered last year in July that more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services, web servers hosted on Tor that offers more privacy.

The attackers used a combination of nodes and exit relays along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses.

After discovering the flaws, the team updated its software and rolled out new versions of code to block similar attacks in the future. But, during that time the team could not find the hackers behind the flaws.

“We teach law enforcement agents that they can use Tor to do their investigations ethically, and we support such use of Tor -- but the mere veneer of a law enforcement investigation cannot justify wholesale invasion of people's privacy, and certainly cannot give it the color of "legitimate research," the Tor team said in a blog post.

"Whatever academic security research should be in the 21st century, it certainly does not include "experiments" for pay that indiscriminately endanger strangers without their knowledge or consent," the post added.


Now, the Tor claims to have patched the vulnerabilities but this doesn't solve the core problem.

5.6 million fingerprints stolen, but the reason is still unknown

Some people are blaming Office of Personnel Management (OPM), which serves as a sort of human resources department for the federal government,  some are saying unchangeable biometrics and others are blaming Chinese hackers behind the massive breach in U.S of the OPM’s servers during which fingerprints of 5.6 million people were stolen.

No matter, what was the reason but the tension is about those millions people whose fingerprints have been stolen. What would be the consequence? Or there is nothing to worry about?

The authority concerned needs to come up with some program to address the issue.

Now, the U.S. officials have blamed Chinese government hackers without any evidence. China has also denied to have any involvement in the breach.

The OPM has said that the federal experts believe there is low chance of fingerprints being misused. However, there is a possibility that future technologies could take advantage of this information.

The OPM had earlier confirmed that the number of people was 1.1 million only. However, the number has now increased to 5.6 million.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology, told Boing Boing. “I’m surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

Not only the fingerprints, it is said that about 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.

As per the OPM, now, Department of Homeland Security and Defense Department representatives are planning to review the implications of the stolen fingerprint data.

Two Ukrainian defendants to pay $ 30 million to the Securities and Exchange Commission

Ukrainian based firm, Jaspen Capital Partners Limited and Chief Executive Officer (CEO), Andriy Supranonok had agreed to pay $30 million to settle U.S. Securities and Exchange Commission (SEC) civil insider trading charges on Monday (September 14).

SEC had charged the two to have traded on information from illegally obtained news releases.
The company had become the first of 34 defendants to settle SEC charges over allegations of theft of more than 150,000 press releases from Newswire before the news became public.

Traders would sometimes create what prosecutors called “shopping lists” of companies that were expected to make announcements and pass them on to hackers.

The illegal profit generated by traders over a period of five years is estimated to be around $ 100 million while Jaspen and Supranonok made approximately $25 million buying and selling contracts-for-differences (CFDs), which are derivatives allowing for leveraged stock price bets, to trade from 2010-2015 trading on press releases stolen from newswire service.

The case was filed in U.S. District Court for the District of New Jersey, which entered an asset freeze and other emergency relief against Jaspen and Supranonok, among others. Nine of the defendants also face criminal charges, though Jaspen and Supranonok were not criminally charged.

Without admitting or denying the SEC’s allegations, the two defendants agreed to transfer $30 million of ill-gotten gains from the accounts which were frozen a month ago.

"Today's settlement demonstrates that even those beyond our borders who trade on stolen nonpublic information and use complex instruments in an attempt to avoid detection will ultimately be caught,” said SEC enforcement chief, Andrew Ceresney.

The settlement between Jaspen and Mr. Supranonok must be approved by a court.

The SEC said its civil case will continue against the other 32 defendants.


  

Researcher says Laser Pen can Halt Driverless Car


Where the world is waiting for self driving cars to become more popular to reach the masses, a security researcher has found a major flaw in the driverless car that can possibly drive it off the road.

Principal scientist at software security company, Security Innovation, Jonathan Petit, discovered that a laser pointer that costs only $ 60 could interfere with the laser ranging (Lidar) system of the car that could bring it to a halt.

Most self-driving cars rely on to navigate on this system of Lidar which creates a three dimensional map and allows the car to see potential hazards by bouncing a laser beam off obstacles.

Focusing the laser pointer at an automated or a semi automated car will be picked up by the Lidar system and can trick the car into thinking of some objects ahead it while there’s nothing actually. This act will force the car to slow down. A hacker can also overwhelm it with spurious signals which will force the car to remain stationary.

During his tests, Petit recorded laser pulses reflected by a commercial Lidar system, and then mimicked them with the laser back at the navigation system. This method worked from a distance of 300 feet from the car, and didn’t require perfect accuracy with the laser beam.

According to him, the movement of cars, pedestrians or stationary obstacles can be imitated from 50 to 1000 feet away from the car and the same attack can be carried out using a Raspberry Pi or an Arduino single-board computer.

On detecting a phantom object, the car may exhibit both short and long term response. The short term reaction may only consist of an unnecessary stop but a long term stop may trick the car into believing a blockage on the road thus taking an alternative route which will affect the trip.

The automakers need to ensure that simple hacks don't render driverless vehicles useless or worse.

If proper steps are not taken on security implications of internet-connected cars right now, they will be vulnerable to hackers in the same way as PCs, laptops and tablets.

Director of smart connected vehicles at Cisco, Andreas Mai believes that an advanced end-to-end security reference architecture and close collaboration among automakers, suppliers, technology providers and government agencies should be maintained in order to deal with modern cyber attacks.

In a world, where data breaches takes place every time and all sorts of corporations look up to cyber security to protect their customer’s personal and financial information, car companies have something major to worry for.

Automated cars were developed with thought for safety as the conventional, human-driven cars produced many instances of bad decisions of humans while driving. Road accidents happen because of human errors on when to accelerate and when to put brakes.

But Google, which has led the way on self-driving cars, has experienced several accidents since hitting the road. In July, one of the firm’s Lexus SUV driverless cars was rear-ended in Google's home city of Mountain View, California.

For car companies, the worry of hacking does not end with financial crimes and frauds like in other corporations but here hacking can result in real-world and real-time physical problems and injuries.

While automated cars could be beneficial in future, the companies that bring them to the masses have to make people comfortable about them. They won't be successful if they aren't perceived as completely safe.

Man jailed for 18 months for hacking into 900 Aviva phones

Richard Neele (40) has been sentenced to 18 months in prison for hacking into 900 phones of insurance company Aviva.

Neele deleted the data on all the 900 smart phones making the company lose out on 5,00,000 pounds onf business.

Neele was a director at Esselar. a company which had been contracted by Aviva to manage its security network.

Neele has said that he carried out hte attacks becauys eof falling out with his colleagues.

He hacked the system at Aviva in May 2014 when Esselar was giving a security demonstration to Aviva.

Splunk buys Caspida for $190M

Splunk announced on July 9 that it had purchased Caspida, a Palo Alto startup that uses machine learning techniques to help identify cyber-security threats from inside and outside the company, for $190 million.

“Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190 million, including approximately $127 million in cash and $63 million in restricted Splunk securities,” the Splunk posted on its blog.

Haiyan Song, SVP of security markets at Splunk said it helped both companies to deal with the onslaught of machine data coming from IT systems using data science techniques and automation to make sense of it. Part of that is a growing security business, which accounted for a third of the company revenue in its most recent quarter.

“With Caspida, Splunk accelerates its focus on solving advanced threats - both external and from insiders - by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to, and automate actions, Splunk has further reinforced its position as the security nerve center,” he added.

It is said that Splunk is adding a new tool to its security arsenal to beef up the ability to locate threats using the machine learning techniques that Caspida has developed.

“Like everyone, Splunk has watched the growing number of breaches over the last year, and its customers have been asking for better security detection tools to help battle these threats, many of which use with compromised credentials. This kind of attack is difficult to detect with conventional security techniques looking for signatures or rules. If someone comes in through the front door using valid credentials, there are no rules or patterns. They look like a valid user,” Song explained.

According to the blog post, the 35 Caspida employees will join Splunk immediately.

Caspida, which was launched in 2014, came out with its first product at the end of last year.

“We founded Caspida with a vision of applying data science to help solve the most pressing cybersecurity challenges - advanced threats and insider threats,” said Muddu Sudhakar, CEO of Caspida.

“By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets. We are very excited to join the Splunk family and deliver new detection capabilities to customers,” he explained.

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”


Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 

Cisco announces its intent to acquire OpenDNS

 
Cisco announced on June 30 its intent to acquire OpenDNS, a security company which provides advanced threat protection for any device, anywhere and anytime based in San Francisco.

It is said that the acquisition will boost Cisco's Security everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

According to the press statement issued by the organization, the OpenDNS team will join the Cisco Security Business Group. As per the agreement, Cisco will pay $635 million in cash and assumed equity awards, plus retention based incentives for OpenDNS. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

The press statement said that the burgeoning digital economy and the Internet of Everything (IoE) are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks. The faster customers can deploy a solution, the faster they can detect, block and remediate these emerging security threats.

“OpenDNS' cloud platform offers security delivered in a Software-as-a- Service (SaaS) model, making it quick and easy for customers to deploy and integrate as part of their defense architecture or incident response strategies. By providing comprehensive threat awareness and pervasive visibility, the combination of Cisco and OpenDNS will enhance advanced threat protection across the full attack continuum before, during and after an attack,” the statement read.

The statement added that OpenDNS' broad visibility, unique predictive threat intelligence and cloud platform with Cisco's robust security and threat capabilities will increase awareness across the extended network, both on- and off-premise, reduce the time to detect and respond to threats, and mitigate risk of a security breach.

Hilton Romanski, Cisco chief technology and strategy officer, said that many people, processes, data and things connected because of which opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.

“OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device,” Romanski added.

A Bug allows anyone to crash the iPhone with a Message

(pc- Google images)
A new bug in the latest version of iOS shows a string of Arabic characters and symbols in a special text message which is followed by the crashing of the phone.

(pc- Google images)
It affects the Messages App so much so that the lines of the message after being copied and texted to another iPhone, shuts it off as well.

Affecting iOS 7 and iOS 8 now, it is due to the banner notifications processing the Unicode text using CoreText API.

This susceptibility of the iPhone to stop working can happen in any mode; but in Jailbreaking iOS, it enters into the safe mode.

The only patch to this vulnerability is to send a photo or text to the original dispatcher with the help of the share sheet in another app.

The Reddit website has been flooded with comments after the recent attack of the malicious iMessage on their iPhones.