Archive for February, 2014

When considering a move to the cloud, there are a number of security questions that should be considered as you select a potential cloud provider. Almost all analyst and industry surveys list privacy and data security as top concern for CIOs and CISOs. Through our years of moving SMBs and large enterprises to the cloud, we’ve compiled a list of questions to help you determine the level of security the provider offers.

1. What is your data encryption viewpoint, and how do you encrypt data? Do you Encrypt data at rest or in transit? Is there an encryption offering and if so what level of encryption and what data protection certifications do you currently hold?
2. How do you manage the encryption keys?
3. Do you offer periodic reports confirming compliance with security requirements and SLAs?
4. What certifications for data protection have you achieved?
5. Who can see or have access to my information? How do you isolate and safeguard my data from other clients?
6. What are your disaster recovery processes?
7. What are your methods for backing up our data? What offerings are available to back up data?
8. Where is your data center, and what physical security measures are in place?
9. How do you screen your employees and contractors?
10. What actions do you have in place to prevent unauthorized viewing of customer information?
11. What actions do you do to destroy data after it is released by a customer?
12. What happens if you misplace some of my data?
13. What happens in the event of data corruption?
14. How is activity in my account monitored and documented? What auditing capabilities are provided: Admin/MGMT, Billing, System Information?
15. How much data replication is enough, and what level of data durability do you provide?
16. How much control do I retain over my data?
17. Can I leverage existing credentials and password policies? Do you offer SAML/SSO capabilities for authentication? What types of multifactor authentication is supported?
18. Can I disable access immediately to my data in the event of a breach?
19. Can you continue to provide protection as my workloads evolve? How scalable is the solution, including disaster recovery?
20. How often are backups made? How many copies of my data are stored, and where are they stored?
21. How reliable is your network infrastructure? What certifications do you currently hold for your data centers?
22. What is your current uptime and SLA option? What if SLA is not met?
23. Do you alert your customers of important changes like security practices and regulations or data center locations?
24. What country (or countries) is my data stored in – both on your infrastructure and for backups?
25. Will my needs be served by dedicated instances/infrastructure or shared instances/infrastructure?
26. Will my internal and external incident response resources be able to access your infrastructure in the event of an incident? If not, how will you perform the investigation on my behalf?
27. What third party security validation can you provide me with? How often do you have external assessments performed?
28. How do you dispose of end-of-life hardware?
29. How do you dispose of failed data storage devices?
30. What is your process for responding to a legal hold request?

Source : cloudsecurityalliance

wifi

Today almost all household and commercial environments are equipped with Wi-Fi Networks. The heart of such a network is the Wireless access point. When it comes to households and small commercial environments Wireless routers playing a major role than the Wireless Access points. Bootstrap programs and the instructions of these devices located in a special type of memory known as ”Firmware”. Recently researchers found that there is a malware in the wild which focusing on those special memories on ‘Linksys” wireless routers, and it can replicate to similar devices by itself. This happens by exploiting authentication bypass and code-execution vulnerabilities in the Linksys wireless routers. The Malware named as ‘THE MOON’, scans for other vulnerable devices to spread from router to router and the researches confirmed that the malicious worm has already infected around 1,000 Linksys E1000, E1200, and E2400 routers.

In order to hack the Router, malware remotely calls the Home Network Administration Protocol (HNAP), allows identification, configuration and management of networking devices. The Malware first request the model and firmware version of the router using HNAP and if the device founds vulnerable, it sends a CGI script exploit to get the local command execution access to the device. Linksys’s parent company has confirmed that HNAP implementation has a security flaw whose exploit code is publicly available on the Internet.

‘To what extent this worm can be dangerous’ is yet a question.

You can use the following command to verify that your device is vulnerable or not.

echo [-e] “GET /HNAP1/ HTTP/1.1\r\nHost: test\r\n\r\n” | nc routerip 8080

If you receive an XML HNAP reply, you are likely to be victimized for the worm affecting Linksys devices and some preventive measures are to be taken. Also keep an eye on the logs of port 80 and 8080. Users are recommended to Disable Remote Administration of their device or limits the administration right to a limited number of trusted IP addresses.

Source : THN, SANS

Adobe released an emergency update today for its Flash Player to guard against a zero-day exploit, which could allow attackers to gain remote access to an affected machine. The security flaw has been elevated to “critical” status, which is Adobe’s highest threat level. Ars Technica reports the exploit can be triggered by “underlying code that could be exploited to execute arbitrary code” if a person navigates to a malicious site hosting an attack.

Windows and Mac users are affected by this zero-day exploit if running Adobe FLash Player 12.0.0.43 and earlier versions. Linux users are also affected if running 11.2.202.335 or earlier versions of Flash Player. Users running Google Chrome or Internet Explorer 10/11 will automatically be updated to the latest Adobe Flash Player version, 12.0.0.44, which will be bundled with the browser. Other users are advised to install the update as soon as possible.

Source: Adobe , softonic

Untitled

1.Smart Appliances

Smart TVs, smart fridges and other internet-connected home appliances, ranging from medical equipment to security cameras, are widely expected to become a “magnet for hackers” says Kevin Haley, director of Symantec Security Response in a blog post.

Companies building internet-connected appliances such as smart TVs often don’t recognize potential security risks, says internet security firm Symantec. (Thomas Peter/Reuters)

“The companies building gadgets that connect to the internet don’t even realize they have an oncoming security problem,” Haley wrote.

“These systems are not only vulnerable to an attack — they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities.”

One of the concerns is that hackers logging into such appliances may be able to get information about who is home at a given time of day, noted Fortiguard, adding, “This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.”

Fortiguard predicts we’ll see the first mass malware for home devices such as smart TVs and appliances later in 2014.

2. Social networks

Attacks by cybercriminals are becoming more targeted, and social networks are becoming a useful source of data for crafting these types of attacks.

Websense predicts that in 2014 hackers will increasingly make use of services such as LinkedIn to lure executives and other potentially lucrative targets.

“This highly targeted method will be used to gather intelligence and compromise networks.”

Haley of Symantec adds that cybercriminals won’t just be turning to big social networks.

“Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure,” he wrote. “Users who feel it’s just them and their friends on these new sites are in for a big (and unpleasant) surprise.”

3. The cloud

Businesses are increasingly storing their data in the cloud and on servers outside their own network, and Websense predicts that criminals will increasingly turn their attention to that data this year.

“Hackers will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls’ of an on-premise enterprise network,” WebSense says.

Sophos predicts that cybercriminals will target mobile devices and the credentials of individual employees to gain access to the cloud, perhaps employing blackmail via “ransomware” that threatens to go public with confidential data if the criminals aren’t given what they ask for.

4. Android

According to Sophos, malware aimed at Google’s Android grew exponentially in 2013, and is expected to keep growing in 2014 because of the operating system’s dominant share of the smartphone market.

Trend Micro predicts the number of malicious and high-risk apps for the Android operating system will hit three million in the coming year.

“While we expect that new security features in the Android platform will make a positive change in infection rates over time, their adoption will be slow, leaving most users exposed to simple social engineering attacks,” the company wrote.

It added that the mobile devices that run Android are “an attractive launching pad for attacks aimed at social networks and cloud platforms.”

Trend Micro predicts the number of malicious and high-risk Android apps will hit three million in the coming year.

Fortiguard expects Android malware to expand beyond mobile devices in 2014 to industrial control systems in devices such as smart home appliances.

5. Java

Plug-ins that allow browsers to run apps in the Java programming language – already responsible for some high-profile cyberattacks – will continue to be exploited in 2014, security experts say.

“In 2014, cybercriminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks,” the company predicted.

Security patches for older versions of Java and Windows are no longer being issued, even when new exploits are found, despite the fact that there are many systems still using this software.

Trend Micro predicts that in the coming year, that “lack of support” will expose millions of PCs to attack.

Source : cbc.ca