Wie können Unternehmen den Zugriff auf Cloud-Dienste absichern?

Wie können Unternehmen den Zugriff auf Cloud-Dienste absichern?

http://ift.tt/2ywd3ls

Unternehmen nutzen immer mehr Cloud-Dienste und müssen deswegen viele Zugangsdaten verwalten. Dazu bieten sich IDaaS- und CASB-Dienstleister an. Ihre Nutzung birgt aber Risiken.

Security News

via Alle Artikel und News von SearchSecurityDE http://ift.tt/2wNvFNw

October 18, 2017 at 03:51AM

Ingram Micro forciert Unified Communications as a Service

Ingram Micro forciert Unified Communications as a Service

http://ift.tt/2gNVowh

Neuer Showroom

Ingram Micro forciert Unified Communications as a Service

Ingram Micro setzt beim Thema Unified Communications zunehmend auf Services aus der Cloud, dies macht auch der neue Showroom des Distributors deutlich. Zudem hat das Unternehmen eine neue Organisationsstruktur für den Value-Bereich eingeführt.

Security News

via com! professional http://ift.tt/2wN2Hwm

October 18, 2017 at 03:42AM

Unpatched Flaws Possibly Stolen From Microsoft in 2013 Hack: Report

Unpatched Flaws Possibly Stolen From Microsoft in 2013 Hack: Report

http://ift.tt/2x4Fsf0

Hackers may have stolen information on unpatched vulnerabilities after breaching Microsoft’s systems and gaining access to a bug tracker back in 2013, Reuters reported on Monday.

At the time of the breach, Microsoft informed customers that it had been targeted in an attack similar to the ones aimed at Facebook and Apple.

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing,” Microsoft said at the time.

Reuters learned from five former Microsoft employees that the attackers also breached a database that stored information on unpatched flaws affecting Windows and other products. The database had been protected only with a password.

While Microsoft fixed all the vulnerabilities within months of the intrusion and found no evidence of the flaws being exploited in other attacks, it’s still possible that the malicious actor created exploits that it used in other campaigns.

The former employees said Microsoft analyzed breaches suffered by other organizations at the time, but found no clear evidence that the stolen vulnerability information had been abused.

However, three of the former employees claim the study had too little data and noted that Microsoft relied on automated reports generated by software crashes to find exploits. However, experts argued that sophisticated attacks may have not generated crashes that would tip off Microsoft. In fact, the company did observe attacks exploiting the vulnerabilities, but concluded that they could have been obtained elsewhere.

SecurityWeek has reached out to Microsoft for comment and will update this article if the company responds.

The hacker group that targeted Microsoft, Apple, Twitter and Facebook back in 2013 is known as Butterfly, Morpho and Wild Neuton. The threat actor, described as a financially motivated espionage group, is believed to have been active since at least 2011.

The hackers leveraged watering holes, Java zero-day exploits, and Windows and Mac backdoors to target the tech giants. The attackers went silent for nearly a year after these campaigns and reemerged in late 2013, when they started targeting organizations in the legal, real estate, investment, IT and healthcare sectors around the world. They also launched attacks on individual users and Bitcoin companies.

Microsoft is not the only company whose bug-tracking database has been breached. Back in 2015, Mozilla informed users that an attacker breached its Bugzilla bug tracker using stolen credentials and accessed information on 185 non-public vulnerabilities affecting Firefox and other products.

Related: Hackers Steal Law Enforcement Inquiry Documents from Microsoft

Related: Duqu 2.0 Attack Hits Kaspersky Lab, Venues Tied to Iran Nuclear Talks

Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:

Tags:

Security News

via SecurityWeek RSS Feed http://ift.tt/T5XpCH

October 18, 2017 at 03:25AM

Allianz warnt vor Hackerattacken auf Autos

Allianz warnt vor Hackerattacken auf Autos

http://ift.tt/2ypQLm7

Connected Car

Allianz warnt vor Hackerattacken auf Autos

Moderne Automobile werden mehr und mehr zu fahrenden Computern. Die Allianz-Versicherung fürchtet daher, dass das Connected Car zunehmend auch ein interessantes Ziel für Hackerangriffe werden könnte.

Security News

via com! professional http://ift.tt/2wN2Hwm

October 18, 2017 at 03:11AM

One Identity research exposes major problem with employees snooping on the corporate network

One Identity research exposes major problem with employees snooping on the corporate network

http://ift.tt/2x5ufuD

One Identity, a specialist in helping organisations get identity and access management (IAM) right, released new global research revealing that the overwhelming majority of employees are deliberately seeking out information they are not permitted to access, exposing a major “snooping” problem among workforce.

The survey, conducted by Dimensional Research, polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key findings, a remarkable 92% of respondents report that employees at their organisations try to access information that is not necessary for their day-to-day work – with nearly one in four (23%) admitting this behavior happens frequently.

Most alarmingly, the report indicates that IT security professionals themselves are among the worst offenders of corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work – indicating ongoing abuse of elevated rights attributed to the IT security role.

Other findings related to IT security professionals’ shocking snooping behavior include:

  • Company performance information is a hot commodity: More than one in three (36%) of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
  • IT security executives are the guiltiest by level:71% of executives admit to seeking out extraneous information, compared to 56% of non-manager-level IT security team members. Additionally, 45% of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17% of non-manager team members.
  • The smaller the company, the bigger the snoop: 38% of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29% of professionals at companies with more than 5,000 employees.
  • Workers in technology companies most likely to go on a sensitive information hunt: 44% of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36% in financial services, 31% in manufacturing, and just 21% in healthcare.

John Milburn

“While insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility – and it could be that meddling that ends up putting their employers in hot water,” said John Milburn, president and general manager of One Identity.

“Without proper governance of access permissions and rights, organisations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business’s reputation or financial standing.”

Managing snooping & other access-based threats

Results released today reinforce a general finding prevalent within One Identity’s Global State of IAM Study: Companies are not adhering to basic identity and access management (IAM) best practices. In the case of employee snooping, role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information.

With regard to snooping done by IT security professionals specifically, organisations can leverage identity intelligence to identify who has elevated rights and help pinpoint exactly where abuse of those rights is occurring to address this behavior. Additionally, a separate report based on the global study recently found that best practices around removing inactive accounts, revoking access to ex-employees, and updating rights of employees whose roles have changed are also overwhelmingly poorly applied.

One Identity is committed to helping organisations eradicate these ongoing challenges, and offers a full suite of access management, identity governance, privileged management and identity as a service solutions and services that help businesses “Get IAM Right” while enabling business agility.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

Security News,IoT News

via IoT Now https://www.iot-now.com

October 18, 2017 at 03:03AM

New research confirms cybersecurity is top concern in corporate IoT deployments

New research confirms cybersecurity is top concern in corporate IoT deployments

http://ift.tt/2yx83gF

BlackBerry Limited announced findings from a new global research whitepaper, which surveyed IT decision makers on corporate IoT deployments. Conducted by 451 Research, the whitepaper titled, “Securing the Enterprise of Things: Opportunity for securing IoT with a unified platform emerging as IoT popularity grows,” reveals that huge opportunities are balanced against significant cybersecurity concerns.

“The proliferation of IoT is being led by enterprises, and they continue to require a unified endpoint management strategy that is capable of scaling to handle billions of connected devices,” said Marty Beard, chief operating officer, BlackBerry. “We are focused on securing the EoT because for all its promise, the expanding adoption of connected things means that companies are only as secure as their most vulnerable endpoint.”

Survey respondents represent a wide range of vertical industries, including financial services, government and healthcare. Below are some key themes from the research:  

78% of respondents indicated interest in a solution that allows them to manage all their endpoints in one place.
63% noted that security is the “top” concern regarding digital technologies and processes. However, only a little over one-third (37%) actually have a formal digital transformation strategy in place.
Organisations are least prepared against external threats, with nearly two-thirds (61%) citing hackers and cyberwarfare as top concerns.
39% of respondents from very large organisations (more than 10,000 employees) revealed that a lack of collaboration among internal departments is a potential barrier to unified endpoint management, while 51% of mid-sized organisations felt the same way.

Marty Beard and Brian Partridge, VP of IoT at 451 Research will host a webinar on Thursday, October 19, 2017 at 1:00 PM ET to discuss the key findings from the survey and provide insight on how companies can manage and secure the expanding Enterprise of Things. Media are encouraged to register here.

The new whitepaper is available for download here.

For more information about BlackBerry’s EOT solutions, please click here.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post New research confirms cybersecurity is top concern in corporate IoT deployments appeared first on IoT Now – How to run an IoT enabled business.

Security News,IoT News

via IoT Now https://www.iot-now.com

October 18, 2017 at 02:42AM

The Transatel SIM 901: an innovative solution to secure its mobile data around the world

The Transatel SIM 901: an innovative solution to secure its mobile data around the world

http://ift.tt/2yu8PJl

The Internet of Things (IoT) is the new 21st century revolution. The number of connected things is expected to reach 50 billion by 2020, using a large range of connectivity options.

Today more than ever, the question of cybersecurity is raised. However, many professionals seem to have not yet taken the measure of the challenges they face. It’s even more surprising given that massive cyber-attacks are taking place throughout the world in recent years.

For most of them, the main damage remains theft, loss of privacy or ransom claims. These attacks can however have more serious consequences especially if a car or a plane, for example, are hacked and then became out of control.

To the extent that every IoT program today should have security as a priority, Transatel has chosen to explore solutions to identify – and thereby, secure – a device through strong authentication and to protect data transmission via a Secure Private Network.

Thus, with the SIM 901, Transatel proposes today one of the rare solutions to offer true end-to-end security for the IoT allowing both authentication and global network management.

For more information about this subject, please find attached the last white paper by Transatel on the security for the IoT.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post The Transatel SIM 901: an innovative solution to secure its mobile data around the world appeared first on IoT Now – How to run an IoT enabled business.

Security News,IoT News

via IoT Now https://www.iot-now.com

October 18, 2017 at 01:52AM

How to protect your home: 10 tips to prevent digital hacks on IoT connected homes

How to protect your home: 10 tips to prevent digital hacks on IoT connected homes

http://ift.tt/2ijN4I6

Modern connected homes come with risks – unprotected home Wi-Fi can be hacked into, with some dangerous consequences. It becomes especially dangerous if the home is equipped with many connected IoT (Internet of Things) devices.

Hacking into one would allow criminals to access the whole network, forcing smart devices to behave in any way that they want. Identity theft can also result in a takeover of bank accounts, Social Security numbers and other private, vulnerable information.

Some methods that are usually used to detect and fix network problems can become powerful and easy-to-use hacking devices in the hands of criminals. For example, sniffing is a method that allows to see the data on a user’s network by tricking the network into passing the data to hacker’s computer first.

“New smart devices might actually have more problems than a house computer, which usually undergoes more rigid security control. Manufacturers keep producing various new Internet-connected things, often without taking the time to use the most secure technology,” said Marty P. Kamden, CMO of NordVPN (Virtual Private Network). “Your most vulnerable device could be a video camera or a network-connected printer. That device can compromise all network. Some of the most vulnerable IoTs that can have the most serious consequences if hacked include self-driving cars and medical devices.”

NordVPN provides basic security advice that each home needs to follow in order to protect their network.

  1. Use antivirus software. One of the basic rules is to use a reliable antivirus. Unfortunately, users must do their own research in order to choose the antivirus they trust, since opinions vary among different experts. Not all antivirus software is safe, as shown in the recent case with the Russian Kaspersky Lab antivirus that was used by Russian hackers to obtain NSA files.
  2. Use a firewall. The router must have up to date firewall software to protect from the newest potential hacker-installed malware that could, for instance, be used to steal one’s personal data.
  3. Enable two-factor authentication on your online accounts. Signing up for tw0-factor authentication with online accounts makes it harder for fraudsters to steal one’s identity. And even if it’s not foolproof protection from hackers, having a two-factor authentication is definitely better than signing in without it.
  4. When shopping online, use mobile or e-wallets. E-wallets are said to make online checkouts simpler and more secure. Payment processors, such as Apple Pay, PayPal, Google Wallet and others are already starting to implement this one-click method of payment.
  5. Install a VPN. VPNs are one of essential security mechanisms to protect personal networks from prying eyes., as they encrypt all the data shared between the Internet and VPN server. NordVPN uses advanced encryption protocols, has extensive global coverage and no logs policy.
  6. Change the default login information on the home router. It’s easy to change the default admin name and password – and it would make a hacker’s job much more difficult. After new changes are made, it’s important to log out.
  7. Don’t click on suspicious emails. Emails used for phishing will bear attachments, and they can even seemingly come from a friend. Clicking on a link that comes with a legitimate-looking email can expose the whole home network to the danger of being hacked.
  8. Always update the systems of all connected devices. The operating systems on all house computers, tablets, phones and other devices should be up to date.
  9. Double-check the security features of each new device that is brought home. A new camera or printer might be efficient and perform very well, but it’s important to double-check their security features. It’s also better to turn their web interfaces off.
  10. Create another network. Create a new network – most routers will allow guest network connection. Exclude IoT devices that look least secure from the new network.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

Security News,IoT News

via IoT Now https://www.iot-now.com

October 18, 2017 at 01:45AM

CVE-2016-10515

CVE-2016-10515

http://ift.tt/2ghXdRd

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 18, 2017 at 01:25AM

CVE-2017-15568

CVE-2017-15568

http://ift.tt/2yqm0xe

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 18, 2017 at 01:25AM