BlackBerry has unveiled a comprehensive mobile-security platform for a wide range of Internet of Things devices connected to enterprises.
Officially named BlackBerry Secure, the mobile security software and related services will combine key technologies from recent BlackBerry acquisitions including Good Technology, WatchDox, AtHoc and Encription. The company detailed its efforts in a blog post.
BlackBerry emphasized that the new approach will simplify management and security for smartphones, tablets, sensors and industrial devices, among other objects, that it calls the “Enterprise of Things.” With this new approach, customers will be able to simplify management and lower cost.
“Blackberry is no longer about the smartphone, but about the smart in the phone and in cars and containers and medical devices and wearables and industrial devices,” BlackBerry Chief Operating Officer Marty Beard said in a late afternoon conference call.
“We believe this is the most comprehensive mobile security platform for the emerging Enterprise of Things,” Beard said.
BlackBerry officials said BlackBerry Secure is more than a re-branding of previous offers made to enterprises, since it combines disparate software platforms — a process that took company engineers nearly a year to complete. Customers will be able to access device management and security from a single back-end and a single front-end.
Customers will also be able to pick and choose capabilities under a set of five different suites revolving around the BlackBerry BES12 software that meets their needs. Payment will be made using an annual subscription model.
Carl Weise, president of global sales, said BlackBerry Secure is already in early trials with dozens of existing BlackBerry customers, though no customers were named. “We’ve gotten very good feedback on the early trials,” he said.
BlackBerry Secure will be available in the first 10 days of January, he said.
Source- http://www.thegurureview.net/mobile-category/blackberry-unveils-new-mobile-security-platform.html
Intel has sold the Intel Security business for $3.5bn less than it paid for it six years ago.
Intel Security, previously and better known as McAfee, has been sold to private equity firm TPG for $4.2bn, despite Intel paying $7.7bn for it in 2010.
The chip firm will receive $3.1bn in cash as part of the transaction and retain a 49 per cent minority stake. TPG will take control with a 51 per cent stake, and will invest $1.1bn in the company.
Intel Security is based on the McAfee business and was renamed two years ago. The company will revert to the better known McAfee brand, despite John McAfee reportedly suing Intel over the use of his name.
The transaction is expected to close in the second quarter of 2017, and Chris Young, general manager of Intel Security Group, will become CEO of McAfee.
Young described TPG in an open letter to stakeholders as a “seasoned technology investor” that was “attracted to our current momentum and long-term potential”.
He claimed that McAfee currently protects “more than a quarter of a billion endpoints” and more than 200 million consumers, and is present in two thirds of the world’s 2,000 largest companies.
Intel CEO Brian Krzanich claimed that, despite the sale, security “remains important in everything we do at Intel”.
“We will continue to integrate industry-leading security and privacy capabilities in our products from the cloud to billions of smart, connected computing devices,” he added.
Bryan Taylor, a partner at TPG, said that the company had “long identified the cyber security sector, which has experienced strong growth due to the increasing volume and severity of cyber attacks, as one of the most important areas in technology”.
Intel’s acquisition of McAfee Security in 2010 was intended to enable the company to beef up security around PCs and sell McAfee antivirus and other security software around its core business.
However, the combination never worked as the money to be made in the security business became increasingly focused on the data center and cloud computing.
Courtesy-TheInq
Carnegie Mellon University professor Lorrie Cranor, who is the US FTC’s technology guru, has debunked a myth that it is a good idea to change your password often.
Talking to Ars Technica she said that while frequent password changes can lock hackers out they make make security worse.
She told the BSides security conference in Las Vegas that frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.
A study published in 2010 by researchers from the University of North Carolina at Chapel Hill more or less confirmed her views. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.
By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1″, for instance (excluding the quotation marks) frequently became “tArheels#1″ after the first change, “taRheels#1″ on the second change and so on. Or it might be changed to “tarheels#11″ on the first change and “tarheels#111″ on the second. Another common technique was to substitute a digit to make it “tarheels#2″, “tarheels#3″, and so on.
“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change it in some small way, and they come up with a new password.”
The researchers used the transformations they uncovered to develop algorithms that could predict changes with great accuracy.
A separate study from researchers at Carleton University showed that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.
Courtesy-Fud
You should probably be leery of what you see since, apparently, your computer monitor can be hacked.
Researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.
Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.
They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.
During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.
It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.
However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.
The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.
The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.
For instance, cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it, Kataria said. Or they could even spy on users’ monitors, by logging the pixels generated.
However, the two researchers said they made their presentation to raise awareness about computer monitor security. They’ve posted the code to their research online.
“Is monitor security important? I think it is,” Cui said.
Dell couldn’t be reached for immediate comment.
Source- http://www.thegurureview.net/computing-category/computer-monitors-are-also-vulnerable-to-hacking.html
A bunch of tech firms including ARM and Symantec have joined forces to create a security protocol designed to protect Internet of Things (IoT) devices.
The group, which also includes Intercede and Solacia, has created The Open Trust Protocol (OTrP) that is now available for download for prototyping and testing from the IETF website.
The OTrP is designed to bring system-level root trust to devices, using secure architecture and trusted code management, akin to how apps on smartphones and tablets that contain sensitive information are kept separate from the main OS.
This will allow IoT manufacturers to incorporate the technology into devices, ensuring that they are protected without having to give full access to a device OS.
Marc Canel, vice president of security systems at ARM, explained that the OTrP will put security and trust at the core of the IoT.
“In an internet-connected world it is imperative to establish trust between all devices and service providers,” he said.
“Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
Brian Witten, senior director of IoT security at Symantec, echoed this sentiment. “The IoT and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect onboard encryption keys,” he said.
The next stage is for the OTrP to be further developed by a standards-defining organisation after feedback from the wider technology community, so that it can become a fully interoperable standard suitable for mass adoption.
Courtesy-TheInq
Omni Hotels & Resorts has reported that point-of-sale systems at some of its hotel locations were attacked by malware targeting payment card information.
The hacking of the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.
Omni — in Dallas, Texas — said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.
The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations. The malware may have been in operation between Dec. 23 last year and June 14 this year, although most of the systems were affected during a shorter timeframe, according to the hotel.
The hotel chain, which operates hotels and resorts in the U.S., Canada and Mexico, could not be immediately reached for comment over the weekend for further details.
Omni said after discovering the malware attack, it had immediately hired IT investigation and security firms and has now contained the intrusion. It did not specify why it had delayed to inform customers.
Courtesy-http://www.thegurureview.net/aroundnet-category/omni-hotels-reports-hacking.html
Facebook Inc announced that it began testing end-to-end encryption on its popular Messenger application to prevent snooping on digital conversations.
The limited testing on Messenger, which has more than 900 million users, comes three months after Facebook rolled out end-to-end encryption to its more popular WhatsApp, a messaging application with over 1 billion users that it acquired in October 2014.
The move comes amid widespread global debate over the extent to which technology companies should help law enforcement snoop on digital communications.
End-to-end encryption is also offered on Apple Inc’s iMessage platform as well as apps including LINE, Signal, Viber, Telegram and Wickr.
Facebook Messenger uses the same encryption technology as WhatsApp, which uses a protocol known as Signal that was developed by privately held Open Whisper Systems.
“It seems well designed,” said Matthew Green, a Johns Hopkins University cryptologist who helped review an early version of the protocol for Facebook.
While WhatsApp messages are encrypted by default, Facebook Messenger users must turn on the feature to get the extra additional security protection, which scrambles communications so they can only be read on devices at either end of a conversation.
Facebook said that it was requiring users to opt in to encryption because the extra security is not compatible with some widely used Messenger features.
“Many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” the company said in an announcement on its website. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
Facebook also said that Messenger users cannot send videos or make payments in encrypted conversations.
Courtesy-http://www.thegurureview.net/aroundnet-category/end-to-end-encryption-comes-to-facebook-messenger.html
U.S. hospitals should brace for a surge in “ransomware” attacks by cyber criminals who take computer networks hostage, then demand payment in return for unlocking them, a non-profit healthcare group warned on Friday.
The Health Information Trust Alliance conducted a study of some 30 mid-sized U.S. hospitals late last year and found that 52 percent of them were infected with malicious software, HITRUST Chief Executive Daniel Nutkis told Reuters.
The most common type of malware was ransomware, Nutkis said, which was present in 35 percent of the hospitals included in the study of network traffic conducted by security software maker Trend Micro Inc.
Ransomware is malicious software that locks up data in computers and leaves messages demanding payment to recover the data. Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems.
This week, an attack on MedStar Health forced the largest healthcare provider in Washington, D.C., to shut down much of its computer network. The Baltimore Sun reported a ransom of $18,500 was sought. MedStar declined to comment.
HITRUST said it expects such attacks to become more frequent because ransomware has turned into a profitable business for cyber criminals.
The results of the study, which HITRUST has yet to share with the public, demonstrate that hackers have moved away from focusing on stealing patient data, Nutkis said.
“If stuff isn’t working, they move on. If stuff is working, they keep doing it,” said Nutkis. “Organizations that are paying have considered their options, and unfortunately they don’t have a lot of options.”
Extortion has become more popular with cyber criminals because it is seen as a way to generate fast money, said Larry Whiteside, a healthcare expert with cyber security firm Optiv.
Stealing healthcare data is far more labor intensive, requiring attackers to keep their presence in a victim’s network undetected for months as they steal data, then they need to find buyers, he added.
“With ransomware I’m going to get paid immediately,” Whiteside said.
Courtesy- http://www.thegurureview.net/aroundnet-category/hospitals-should-brace-for-surge-in-ransomware-attacks.html
Kaspersky have found another scary trojan to wave under our noses and cause us to consider getting off the internet.
This one is called Triada and it targets Android devices with Windows-style malware swagger. Anyone running Android 4.4.4 and earlier is in trouble, according to Kaspersky, as they face an opponent created by “very professional cyber criminals” that can allow for in-app purchase theft and all the problems that come with privilege escalation.
And guess what? Android users dangle themselves in the way of the Triada threat when they download things from untrusted sources. Does no one listen to anything these days? Does it even matter? Kaspersky said in a blog post that the likely apps can “sometimes” make their way onto the official Android store.
There is something different about this attack. Kaspersky reports on a lot of these things, but Triada exploits Zygote, and that is a first.
“A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications,” Kaspersky explained.
“This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.
“After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions.”
The security firm added that the complexity of Triada’s functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.
Kaspersky reckons that it is nigh on impossible to rid a device of the malware, and suggested that you might as well nuke your phone and start again.
Courtesy-TheInq
Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.
We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.
Enterprises, it seems, have myriad problems, of which Microsoft is just one.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.
“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.
“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.
“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”
It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.
“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.
“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.
“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”
Courtesy-TheInq
Comments