Tech News - Cybersecurity

In today’s world, organizations and companies go to great lengths to protect themselves from network breaches. However, even a pinhole is enough for the attackers to intrude into any system. Last week, routers by Cisco and Huawei were hacked by two separate groups using different methods. Cisco’s routers were hacked using a backdoor attack while Huawei routers were exploited using a much older vulnerability programming code. An abnormal rise in the Cisco router backdoors Cisco in the year 2004 had written the IETF proposal for a “lawful intercept” backdoor for their routers. This proposal stated that the law enforcement teams could use the intercept to remotely log in to routers. These routers which are sold to ISPs and other large enterprises would allow the law enforcement agents to wiretap IP networks. These law enforcement agents are supposed to gain such an access only via a court order or other legal access request. [box type="shadow" align="" class="" width=""]A backdoor is a malware type which can surpass the normal authentication process for accessing any system or application. Some backdoors are legitimate and assist, for instance, manufacturers to regain lost passwords. However, these backdoors can be used by attackers to remotely access the systems without anyone on the system knowing it.[/box] However, later in the year 2010, an IBM security researcher stated that such a protocol would give an easy access to malicious attackers and would take over Cisco IOS routers. Also, the ISPs related to these routers would also end up being hacked. Some undocumented backdoors were discovered in the year 2013, 2014, 2015, and 2017. According to Tom’s Hardware, this year alone, Cisco recorded five different backdoors within their routers, which resulted in a security flaw for the company’s routers. Let’s have a look at the list of undocumented backdoors found and when. The month of March recorded two backdoors. Firstly, a hardcoded account with the username ‘cisco’, which would have provided an intrusion within more than 8.5 million Cisco routers and switches in a remote mode. Another hardcoded password was found for Cisco's Prime Collaboration Provisioning (PCP) software. This software is used for the remote installation of Cisco voice and video products. May revealed another backdoor in Cisco’s Digital Network Architecture (DNA) Center. This center is used by enterprises to provision devices across a network. Further, in the month of June, Cisco’s Wide Area Application Services (WAAS) found a backdoor account. Note that this is a software tool for traffic optimizations in the Wide Area Network (WAN). The most recent backdoor, found this month, was in the Cisco Policy Suite, which is a software suite for ISPs and large companies that can manage a network’s bandwidth policies. Using this backdoor, the attacker gets a root access to the network with no mitigations against it. However, this backdoor has been patched with Cisco’s software update. The question that arises from these incidents is whether these backdoors were created accidentally or actually by intruders? The recurrence of such incidents does not paint a good picture of Cisco as a responsible, reliable and trustworthy network for end users. Botnet built in a day brings down Huawei routers Researchers from the NewSky security spotted a new botnet last week, which nearly enslaved 18,000 Huawei’s IoT devices within a day. [box type="shadow" align="" class="" width=""]Botnets are huge networks of enslaved devices and can be used to perform distributed denial-of-service attack (DDoS attack), send malicious packets of data to a device, and remotely execute code.[/box] The most striking feature of this huge botnet is that it was built within a day and with a vulnerability which was previously known, as CVE-2017-17215. Anubhav said, “It's painfully hilarious how attackers can construct big bot armies with known vulns"This botnet was created by a hacker, nicknamed Anarchy, says Ankit Anubhav, security researcher at NewSky security. Other security firms including Rapid7 and Qihoo 360 Netlab also confirmed the existence of this new botnet. They first noticed a huge increase in Huawei’s device scanning. Anubhav states that the hacker revealed to him an IP list of victims. This list has not been made public yet. He further adds that the same code was released as public in January this year. The same code was used in the Satori and Brickerbot botnets, and also within other botnets based on Mirai botnets (Mirai botnets were used in 2016 to disrupt Internet services across the US on a huge scale). The NetSky security researcher suspects that Anarchy may be the same hacker known as Wicked, who was linked with the creation of the Owari/Sora botnets. Moreover, Anarchy/Wicked told the researcher that they also plan to start a scan for Realtek router vulnerability CVE-2014-8361, in order to enslave more devices. After receiving such a warning from the hacker himself, what new security measures will be taken henceforth? Read more about this Huawei botnet attack on ZDNet. Is Facebook planning to spy on you through your mobile’s microphones? Social engineering attacks – things to watch out for while online DCLeaks and Guccifer 2.0: How hackers used social engineering to manipulate the 2016 U.S. elections

Have you ever visited YouTube for watching some breaking news videos expecting to get all the info in one go but did not get what you expected? Videos use luring thumbnails and clickbait titles to attract more views and traffic. Most breaking news videos that follow such patterns are either fake, have a high level of misinformation or don’t clarify what the news really is. The news that continuously keeps popping up is most of the time, catchy. Google engineer, Guillaume Chaslot, who worked on the recommendation algorithm for YouTube, stated that this was purely designed to boost user engagement. To tackle this fake thread going around the popular video-sharing website, YouTube has initiated a $25 million plan to counter fake news and misinformation. In a Wired interview held in March, YouTube CEO, Susan Wojcicki announced new features which include updates to breaking news and conspiracy theories by adding information cues to every video. Information cues are short blocks of text based on moon landing and chemtrails, for example. Susan further added, “When there are videos that are focused around something that’s a conspiracy — and we’re using a list of well-known internet conspiracies from Wikipedia — then we will show a companion unit of information from Wikipedia showing that here is information about the event.” https://twitter.com/movandy/status/973688202530869248 Now, YouTube also features ‘authoritative’ content in their breaking news shelf. This means, news in this ‘authoritative’ section comes only from authoritative sources such as Google News and other providers who have applied to be part of Google News program. YouTube then uses a different set of algorithms to determine who within that group is authoritative. Later, based on this YouTube uses those news providers in their breaking news shelf, and their home feed. YouTube chief product officer Neal Mohan said, “Rather than recommending a video first, the algorithm will point to a text-based story surfaced by Google News. Results will be accompanied by a label reminding users that the story is still developing, and the info is "subject to change." These updated features for anti-fake news plan are currently active in 17 countries, including the US and YouTube is planning to double the reach in coming months. Python founder resigns. Guido van Rossum, goes ‘on a permanent vacation from being BDFL’ Facebook to launch AR ads on its news feed to let you try on products virtually Microsoft launches a free version of its Teams app to take Slack head on

In the real world, a person having multiple identities is said to have Dissociative identity disorder (DID); but what about the virtual world? Social media sites such as Facebook, Twitter, and so on have an equal number or even more fake identity profiles than real ones. It has set out on a mission to excise these fake and suspicious profiles from its platform. The committee plans to depreciate 214% more accounts on a yearly basis for violating its spam policies. Source: Twitter blog Twitter initiated this drive to improve the authenticity of conversations on the platform. It also aims to ensure users have access to information that is highly credible, relevant, and of a high-quality. Following this, it started off its battle against the fake profiles and has been constantly suspending fake accounts which are inauthentic, spammy or created via malicious automated bots. Instead of waiting for people to report on these accounts, the company is proactively dodging across problematic accounts and observing their behavior by using machine learning tools. These tools identify spam or automated accounts and automatically take necessary actions. Some plans Twitter has, to avoid fake account creation, include: Enabling a read-only mode to reduce visibility of suspicious accounts It plans to monitor the behaviour of every profile and update its account metrics in near-real time. This will help in knowing the number of followers an account has, or the number of likes or Retweets a Tweet receives, and so on. The account may even be converted into a read-only mode, if found behaving suspiciously. The account will be removed from follower figures and engagement counts until it has passed a challenge of conforming the account with a phone number. A warning is displayed against such read-only accounts to prevent new accounts from following it. Once the account passes the challenge, its footprint is restored. Improving Twitter’s sign-up process Twitter will make it all the more difficult for spam accounts to register for an account. The new accounts will also have to confirm either an email address or phone number when they sign up to Twitter. It also plans to working closely with its Trust and Safety Council and other expert NGOs to ensure this change does not affect people working in a high-risk environment where anonymity is necessary. This process would be rolled-out later this year. Auditing existing accounts for signs of automated sign-up It is also conducting an audit to secure a number of legacy systems used to create accounts. This process will ensure that every account created on Twitter passes some simple, automatic security checks designed to prevent automated signups. The new protections Twitter has recently developed as a result of this audit have already aided them in preventing more than 50,000 spam sign-ups per day. Malicious behavior detection systems being expanded They are also planning to automate some processes where suspicious account activity is detected by the behavior detection systems. Activities such as exceptionally high-volume tweeting using the same hashtag, or the same @username without a reply from the account. These tests vary in intensity, and may simply request the account owner to complete a simple reCAPTCHA process or a password reset request. Complex cases are automatically passed to the team for review. Twitter has fastened its seat belt and won’t stop until it takes down all the fake accounts from its platform. While this move is bold and commendable for a social network platform given the steep rise in fake news and other allied unsavory consequences of an ever-connected world, Twitter’s investors did not take it well. The company shares fell to around 9.7% on Monday, after it announced that it is suspending more than 1 million accounts a day. As per a Twitter statement, the account suspension doubled since October last year. Many speculate that this is a response to the congressional pressure the platform has been receiving regarding the alleged Russian fake accounts found on Twitter to interfere with the U.S elections held last year. The number reached around 7 million in May and June, and a similar pace continues in July. Though this move raises serious concerns around their falling user growth rate, this is an important step for the organization to improve the health of their social platform. Chief Financial Officer, Ned Segal, tweeted, "most accounts we remove are not included in our reported metrics as they have not been active on the platform for 30 days or more, or we catch them at sign up and they are never counted." I, for one, ‘like’ Twitter’s decision. Minor inconveniences are a small price to pay for a more honest commune and information sharing. Read more about this news on The Washington Post’s original coverage. Top 5 cybersecurity assessment tools for networking professionals Top 5 Cybersecurity Myths Debunked Top 10 IT certifications for cloud and networking professionals in 2018  

Facebook’s public image suffered quite a few setbacks in recent times. The Cambridge analytica scandal has opened up a pandora’s box full of questions about user data security and privacy. In the recent senate hearings, Facebook CEO, Mark Zuckerberg had an apologetic tone and he promised to give utmost importance to user data security. The misfortunes however, doesn’t seem to be over for Zuckerberg and Facebook. In a latest security scare, a bug had caused quite a ruckus for the tech giant. Facebook composer bug Now let’s talk about the bugs, yes, you read that correctly, there were more than one recent Facebook bugs affecting user data and privacy. The first bug was related to the Facebook message composer. According to Facebook’s Chief Privacy Officer Erin Egan, the bug affected composer’s privacy settings in a way that when the users were creating new posts, it automatically changed the privacy settings to public. This meant that user updates which might have been private, were available publicly. This bug had affected 14 million users worldwide and it was active during 18th May to 22nd May 2018. It took Facebook till 27th May to identify the bug and then rectify the problem. As a trust building measure, Facebook had sent notifications to all the users affected by this breach. A snapshot of the Facebook notification looked like this:   Source: Techcrunch Automatic Unblocking bug The second incident occurred was between 29th May to 5th June. This particular incident was reported via a Facebook blog post which stated that a bug that had affected around 800k Facebook users, had temporarily unblocked contacts and enabled previously blocked contacts to message or view the details of the respective users. This security breach was in a way potentially dangerous since it openly allowed stalking or even harassment. Facebook had although stated that this bug had unblocked one contact per user. The official Facebook notification to the affected users looked like this: Source: Facebook Blog Facebook Analytics Data leak The story of bugs is not over yet. There were recent reports that the Facebook analytics data of around 3 percent Facebook apps were leaked to testers accidentally. This was  due to a faulty automated email system according to Facebook. Although Facebook insists on the fact that no personal user data was leaked, still this incident doesn’t go down well keeping in mind the company’s latest record of user privacy and data secrecy. Facebook is trying to be transparent in its approach to tackle this menace of recurring bugs, but how successful their efforts will be, only time and their future actions will tell. The Cambridge Analytica scandal and ethics in data science Mark Zuckerberg’s Congressional testimony: 5 things we learned F8 AR Announcements  

On June 25, 2018, Wi-Fi Alliance introduced the next generation of Wi-Fi security, WPA3. It took over a decade to introduce the successor of WPA2 protocol that brings new capabilities of enhancing personal and enterprise Wi-Fi networks. Individuals along with organizations were awaiting for this update especially after last years KRACK vulnerability, which was later fixed on many devices. This update comes with a variety of added features that include more robust authentication and increased cryptographic strength for highly sensitive data markets. With this update Wi-Fi industries transit to WPA3 security, however, WPA2 devices will continue to interoperate and provide recognized security. In order to maintain flexibility of mission critical networks, WPA3 networks will: Prohibit outdated legacy protocols, Deliver the latest security methods, and Use PMF (Protected Management Frames) WPA3 security supports the market through two distinct modes of operation: WPA3-Personal and WPA3-Enterprise. WPA3-Personal If users choose passwords that fall short of typical complexity recommendation, WPA3 leverages SAE (Simultaneous Authentication of Equals) a secure key establishment protocol between devices to provide more robust protection for users against third party password guessing attempts. With this level of security enhancement your network is more resilient. WPA3-Enterprise The WPA3-Enterprise protocol proves beneficial to organizations transmitting sensitive data such as finance or government, as it provides 192-bit cryptographic strength along with additional protection to these networks. This 192-bit bundle has a consistent combination of cryptographic tools deployed across WPA3 networks. Earlier this year, Wi-Fi Alliance introduced new features and some enhancements for Wi-Fi protected access. This addition ensures that WPA2 maintains robust security protection in the evolving wireless landscape. WPA2 is still a mandatory requirement for all Wi-Fi CERTIFIED devices as it would still take some time for WPA3 market adoption to grow. Through a transitional mode of operation, WPA3 will still maintains interoperability with WPA2 devices, and Wi-Fi users can remain confident that their devices are well-protected when connected to secured Wi-Fi CERTIFIED networks. Users and Wi-Fi device vendors need not worry as WPA3 protections won’t come into action overnight; it may still take some time to evolve or maybe even many-years-long process. To get WPA3 in place you need a new router that supports it or you can hope your old one can be updated to support it. This is also true for all your gadgets. You have to buy new gadgets that support WPA3 or can hope your old devices are updated to the required standards. However, WPA3 can still connect with devices that use WPA2, so you need not worry about your device not working just because you brought in a new connectivity hardware at home. WPA3 adoption has been on a positive side as organizations such as Hewlett Packard, Qualcomm, Huawei Wireless, Intel, Cisco and many more have announced their support towards next-gen Wi-Fi security for personal and enterprise networks. Qualcomm announces a new chipset for standalone AR/VR headsets at Augmented World Expo Intel’s Spectre variant 4 patch impacts CPU performance Top 5 cybersecurity assessment tools for networking professionals

High profile security attacks have put cybersecurity high on the agenda. For most companies it's at best a headache and at worst a full-blown crisis. But if you're in the business of solving these problems, it only makes you more valuable. That's what has happened to Balbix. Balbix is a security solution that allows users to "predict & proactively mitigate breaches before they happen." It does this by using predictive analytics and machine learning to identify possible threats. According to TechCrunch, the company has received the series B investment from a number of different sources. This includes Singtel's Innov8 fund (based in Singapore). Balbix is bringing together machine learning and cybersecurity However, the most interesting part of the story is what Balbix is trying to do. The fact that it's seeing early signs of eager investment indicates that it's moving down the right track when it comes to cybersecurity. The company spends some time outlining how the tool works on its website. Balbix's Breach Control product uses "sensors deployed across your entire enterprise network automatically and continuously discover and monitor all devices, apps and users for hundreds of attack vectors." An 'attack vector' is really just a method of attack, like, for example, phishing or social engineering. The product then uses what the company calls the 'Balbix Brain' to analyse risks within the network. The Balbix Brain is an artificial intelligence system that is designed to do a number of things. It assesses how likely different assets and areas of the network are to be compromised, and highlights the potential impact such a compromise might have. This adds an additional level of intelligence that allows organizations that use the product to make informed decisions about how to act and what to prioritize. But Balbix BreachControl also combines chaos engineering and penetration testing by simulating small-scale attacks across a given network. "Every possible breach path is modeled across all attack vectors to calculate breach risk. " Balbix is aiming to exploit the need for improved security at an enterprise level. In an interview with TechCrunch, CEO  Gaurav Bhanga said “At enterprise scale, keeping everything up to snuff is very hard,” CEO Bangha told TechCrunch in an interview. “Most organizations have little visibility into attack surfaces, the right decisions aren’t made and projects aren’t secured.”

Have you heard about the latest VPNFilter Malware attack? In brief, the software networking firm and its network analysis department known as ‘Talos’ identified a malware known as VPNFilter a few weeks ago. Something about these attacks made them particularly risky. If you are an individual or any small or medium business organization accessing the internet using routers from companies such as Linksys, Netgear, QNAP, TP-Link, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE then you are vulnerable to the VPNFilter malware attack. Read on to understand where do you stand and what you can do to avoid falling victim of this vicious malware attack. How VPNFilter malware works? The first thing that you need to understand is that VPNFilter has a 3 stage attack procedure. The first stage, which is one of the most potent and dangerous one too, plants itself into the router firmware. In most malware attack cases, a reboot would make the malware go away. That’s where VPNFilter stands out. It persists through the reboot and after the reboot it initiates the second stage. The second stage is about spying on the user activity and data and then storing and accessing user data, tracking the URLs and getting to know more about the victim. The most terrifying factor is that the user never realizes that they have been attacked. The reason being that VPNFilter uses the technique of “Man in the Middle” or MitT attack. What happens in this form of cyber attack is that the spyware gets attached to the router and then collects user data and prepares for a larger assault while the user is completely unaware of it. The image below explains the process.     Source: Yeahhub.com If this seems scary to you then you haven’t yet heard the interesting bit yet. The third stage is about introducing different plugins which can perform different types of actions. One of them is it can downgrade the security level of your requests from HTTPS to HTTP protocol. This in turn makes your data unencrypted and also makes your passwords and other valuable data open to anyone who is snooping on your network. The rest of the hacking process then eventually becomes much easier. Imagine what could happen if you logged in to a social media platform or into your netbanking application and the data is phished away. The worst part is that you won’t even know that your account is hacked until the hackers expose themselves by making malicious transactions. The horror story doesn’t end here, it also comes with a “Remote Destroy” button. This enables the hackers to delete important network and configuration files from your router before destroying the malware and this means your router will be rendered useless after they choose to do so. This gives them the power to disrupt internet connectivity on a global scale since the number of routers presently affected can be anywhere around 500k. Is there a way out? How can you save your router from this onslaught. Rebooting doesn’t work. The only way that some groups have suggested is to restore factory defaults of your router, upgrade the firmware of your router, and log in with your credentials. This three step process might be the only way you can get away from this attack. How to know that your router is no good? Try updating it to the latest version of firmware, if it says unable to upgrade, you can be damn sure of the fact that it’s time for you to buy a new one. BeyondCorp is transforming enterprise security Top 5 cybersecurity assessment tools for networking professionals IoT Forensics: Security in an always connected world where things talk

Intel recently announced their fix for Spectre variant 4 attack that would significantly decrease CPU performance. While working on this fix, Intel anticipated some performance questions that were around the combined software and firmware microcode updates that helps mitigate Spectre variant 4. As discovered by Jann Horn of Google Project Zero and Ken Johnson of Microsoft Spectre variant 4 is a speculative store bypass. Speculative bypass is a variant 4 vulnerability, with this an attacker can leverage variant 4 to read older memory values in a CPU’s stack or other memory locations. This vulnerability allows less privileged code to read arbitrary privileged data and run older commands speculatively. Intel call its mitigation of this Spectre attack as Speculative Store Bypass Disable (SSBD). Intel delivers this as a microcode update to appliance manufacturers, operating system vendors and other ecosystem partners. According to Intel, this patch will be ‘off” by default but if enabled Intel has observed an impact on the the performance from 2%-8% approximately but this would all depend on the overall scores from benchmarks such as SPECint, SYSmark® 2014 SE, and more. Back in January, Intel was less forthcoming in communicating about the CPU performance impact caused by Spectre variant 2 mitigation. They just waved-off such concerns with claiming that the performance would vary depending on the workload. However, Google pushed back stating the impact was severe and ended-up developing its very own Retpoline software alternative. Recently, Intel tested the impact of SSBD running it on an unspecified Intel reference hardware and 8th Gen Intel Core desktop microprocessor. The results on the performance impact of the overall score are as follows: SYSmark 2014 SE: 4% SPECint_rate_base2006 (n copy): 2% SPECint_rate_base2006 (1 copy): 8% These benchmark results are similar even on a Skylake architecture Xeon processor. Intel has clearly stated that this mitigation will be set to ‘off’ by default giving customers a choice to enable it. This is because Intel speculates that most industry software partners will go with the default option to avoid overall performance degradation. They also noted that SSBD would add an extra layer of protection to the hardware of consumers and original equipment manufacturers to prevent the Speculative Store Bypass from occurring. They also stated that the existing browser mitigations against Spectre variant 1 will help to an extend in mitigating variant 4. You can know more about the latest security updates on Intel products form Intel security center. Top 5 penetration testing tools for ethical hackers 12 common malware types you should know Pentest tool in focus: Metasploit  

Barracuda Networks recently announced its new Cloud-Delivered Web Application Firewall service. This new service offers organizations various novel ways to manage, deploy and integrate application security into an application delivery stack. A WAF is a type of firewall purpose-built to help defend against application-layer threats and attacks. WAFs can be used to protect against known vulnerabilities in applications, such as input validation and SQL injection types of risks. Barracuda's WAF-as-a-Service application security is offered through a cloud service. It aims to simplify overall management and speed of deployments for customers. Barracuda also enables developers to use its WAF-as-a-Service for DevOps via an API. The WAF API allows developers to modify behavior of application traffic. Some features of the Cloud-Delivered Web Application Firewall service are: Secure Web applications: It delivers high level of protection via its synchronous integration with Barracuda's real-time threat intelligence network. The service defends against the OWASP Top 10, bots, DDoS, and other sophisticated attacks. For example, attacks that use XML or JSON, and even the most advanced zero-day threats. Automated vulnerability remediation and granular policy configuration: No extensive security expertise is required. This is because, the firewall service offers a simple 5-step setup wizard that starts protecting web applications in minutes. One can take full control and fine tune security policies for every application. One can even build baseline application security policies automatically with out-of-the-box automated vulnerability remediation, and pre-built templates for common applications such as WordPress and SharePoint and then take control and fine-tune as needed. Simplified cloud-delivered service: This new service is fast, with an intuitive UI. Now that one does not require any device to deploy or manage, it removes the complexity of WAF deployment. One can integrate security directly into the application development lifecycle as this solution is always available, and can reduce or eliminate the need to manually test code. To know more about this new Cloud-Delivered Web Application Firewall service visit Barracuda’s official blog post. Top 5 penetration testing tools for ethical hackers What is Digital Forensics? IoT Forensics: Security in an always connected world where things talk  

In less than ten months of Wireshark’s last release, the Wireshark community has now released Wireshark 2.6. Wireshark is one of the popular tools to analyze traffic over a network interface or a network stream. It is used for troubleshooting, analysis, development and education. Wireshark is based on the Gerald Combs-initiated "Ethereal" project, released under the terms of the GNU General Public License (GNU GPL). Wireshark 2.6 is released with numerous innovations, improvements and bug fixes. The highlight of Wireshark 2.6 is that, it is the last release that will support the legacy (GTK+) user interface. It will not be supported or available in Wireshark 3.0. Major improvements since 2.5, the last version, include: This version now supports HTTP Request sequences. Support for MaxMind DB files, GeoIP and GeoLite Legacy databases has been removed. Windows packages are now built using Microsoft Visual Studio 2017. The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed. Some other improvements since the version 2.4 Display filter buttons can now be edited, disabled, and removed via a context menu directly from the toolbar Support for hardware-timestamping of packets has been added Application startup time has been reduced. Some keyboard shortcut mix-ups have been resolved by assigning new shortcuts to Edit → Copy methods New Protocol Support: Many protocols have been added including the following. ActiveMQ Artemis Core Protocol: This supports interceptors to intercept packets entering and exiting the server. Bluetooth Mesh Protocol : This allows (Bluetooth Low Energy) BLE devices to network together to carry data back to a gateway device, where it can be further routed to the internet. Steam In-Home Streaming discovery protocol: This allows one to use input and output on a single computer, and lets another computer actually handle the rendering, calculations, networking etc. Bug Fix: Dumpcap, a network traffic dump tool which lets one capture packet data from a live network and write the packets to a file, might not quit if Wireshark or TShark crashes. (Bug 1419) To know more about the updates in detail, read Wireshark 2.6.0 Release Notes What is Digital Forensics? Microsoft Cloud Services get GDPR Enhancements IoT Forensics: Security in an always connected world where things talk

With the GDPR deadline looming closer everyday, Microsoft has started to apply General Data Protection Regulation (GDPR) to its cloud services. Microsoft recently announced that they are providing some enhancements to help organizations using Azure and Office 365 services meet GDPR requirements. With these improvements they aim at ensuring that both Microsoft's services and the organizations benefiting from them will be GDPR-compliant by the law's enforcement date. Microsoft tools supporting GDPR compliance are as follows: Service Trust Portal, provides GDPR information resources Security and Compliance Center in the Office 365 Admin Center Office 365 Advanced Data Governance for classifying data Azure Information Protection for tracking and revoking documents Compliance Manager for keeping track of regulatory compliance Azure Active Directory Terms of Use for obtaining user informed consent Microsoft recently released a preview of a new Data Subject Access Request interface in the Security and Compliance Center and the Azure Portal via a new tab. According to Microsoft 365 team, this interface is also available in the Service Trust Portal. Microsoft Tech Community post also claims that the portal will be getting a "Data Protection Impacts Assessments" section in the coming weeks. Organizations can now perform a search for "relevant data across Office 365 locations" with the new Data Subject Access Request interface preview. This helps organizations search across Exchange, SharePoint, OneDrive, Groups and Microsoft Teams. As explained by Microsoft, once searched the data is exported for review prior to being transferred to the requestor. According to Microsoft, the Data Subject Access Request capabilities will be out of preview before the GDPR deadline of May 25th. It also claims that IT professionals will be able to execute DSRs (Data Subject Requests) against system-generated logs. To know more in detail you can visit Microsoft’s blog post.

In the era of cloud deployment and DevOps, cloud adoption has seen a steady rise since 2017. Forbes report state that global public cloud market will rise up to $178B in 2018, as compared to $146B in 2017, and it will continue to grow at a staggering rate of 22% compound annual growth rate (CAGR). Though all major cloud service providers offer a wide range of efficient services related to Security, it still remains a looming concern when it comes to cloud adoption. Service providers definitely try to address the major concerns with respect to security, but it is always advisable to have a tab on all the major cloud security threats that can haunt you. Following are the top 5 trending cloud security threats for 2018: Data breaches and losses As the name suggests, breach of any confidential data pertaining to personal information, health or financial information is termed as a data breach. US reported the highest number of security breaches (1579) in 2017, with the business sector accounting for 55% of it. Data breaches can be a primary objective of any malicious attack, or a result of poor security best practices. Data loss can be a result of any cyber-attack, natural disaster, or just an accidental deletion. The best way to avoid a data loss is to keep strong back-ups at different geographical locations. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks This is one of the most popular forms of attack and very simple to execute for any cyber hacker. DoS is also trending in the Dark Web ecosystem, so it becomes even simpler for the attackers as a Dark Web service and can be availed easily by trading few cryptocurrencies. Some security countermeasures like implementing intrusion prevention system, or setting clear expectations with the ISP for clean bandwidth can help you to prevent DoS attacks to a limited extent. Also, DDoS as-a-Service, which has been popular since decades, remains trending even in 2018. GitHub experienced the biggest-ever DDoS attack with an intensity as big as 1.35Tbps via 126.9 million packets per second. Insecurity in APIs Application Programming Interface (APIs) is a set of software user interfaces that is provided by cloud service providers, so that user can interact with the cloud environment. Exploiting an API vulnerability attack is the best way to gain access to all the confidential information, hence it needs to be secure thoroughly. A critical vulnerability discovered in a popular browser extension i.e grammarly is a perfect example of threat posed by insecure APIs.  API testing methodology is considered an effective way to secure cloud APIs before they go live. We can also perform API change reporting on a regular basis to ensure API security. Lack of secure Identity and Access management Attackers masquerading as developers, users, and operators can read, modify or miss-use the data on cloud. Hence lack of secure credentials, or access management can lead to a breach of information through unauthorized access to data and potentially leading to a big loss to the organization. A critical flaw was discovered CYBERARK Enterprise Password Vault application which allowed the attacker to gain unauthorized access to the system and data. Malware attacks 2017 was the year for malware attacks with popular malwares like Ransomware, Petya, Meltdown and Spectre disrupting the entire security mechanism of many organizations. This has affected everything, right from smartphones to servers and continues to be a looming threat for cloud as well. There are minor patch works that can be implemented to prevent these attacks, but they seem to degrade the performance of cloud servers to a great extent. Having a close eye on these security vulnerabilities will help you secure your cloud solutions and ecosystems. With machine learning based cyber attacks and hacking becoming bolder and more common, it is not enough to stay current in your knowledge of these threats and cyber security solutions available in the market. To learn how to secure your cloud environments, you can get your hands on a few of our books;  Mastering AWS Security, Cloud Security Automation, and Enterprise Cloud Security and Governance. Check out other latest news: Vevo’s YouTube account Hacked: Popular videos deleted Cryptojacking is a growing cybersecurity threat, report warns    

With cybercrime on the rise, companies have started adopting the hard ways of preventing system breaches. Cybersecurity has become the need of the hour. This article will explore how cyberattacks bring companies down to their knees giving rise to cybersecurity. The article also looks at some of the cybersecurity strategies that an organization can adopt to safeguard itself from the prevalent attacks. Malware, Phishing, Ransomware, DDoS - these terms have become widespread today due to the increasing number of cyberattacks. The cyber threats that organizations face have grown steadily during the last few years and can disrupt even the most resilient organizations. 3 cyber attacks that shook the digital world 2011: Sony Who can forget the notorious Sony hack of April 2011? Sony’s PlayStation Network was hacked by a hacking group called “OurMine,” compromising the personal data of 77 million users. This cyberattack made Sony pay more than 15 million dollars in compensation to the people whose accounts were hacked. A hack made possible through a simple SQL inject could have been prevented using data encryption. Not long after this hack, in 2014, Sony Pictures was attacked through a malware by a hacker group called “Guardians of Peace” stealing more than 100 terabytes of confidential data. Sony had once again not paid heed to its security audit, which showed flaws in the firewall and several routers and servers resulting in the failure of infrastructure management and a monetary loss of 8 million dollars in compensation. 2013: 3 billion Yahoo accounts hacked Yahoo has been the target of the attackers thrice. During its takeover by Verizon, Yahoo disclosed that every one of Yahoo's 3 billion accounts had been hacked in 2013. However, one of the worst things about this attack was that it was discovered only in 2016, a whopping two years after the breach. 2017: WannaCry One of the most infamous ransomware of 2017, WannaCry spanned more than 150 countries targeting businesses running outdated Windows machines by leveraging some of the leaked NSA tools. The cyber attack that has been linked to North Korea hit thousands of targets, including public services and large corporations. The effects of WannaCry were so rampant that Microsoft, in an unusual move to curb the ransomware, released Windows patches for the systems it had stopped updating. On a somewhat unsurprising note, WannaCry owed its success to the use of outdated technologies (such as SMBv1) and improper maintaining their systems update for months, failing to protect themselves from the lurking attack. How cyber attacks damage businesses Cyberattacks are clearly bad for business. They lead to: Monetary loss Data loss Breach of confidential information Breach of trust Infrastructure damages Impending litigations and compensations Remediations Bad reputation Marketability This is why cybersecurity is so important - investing in it is smart from a business perspective as it could save you a lot of money in the long run. Emerging cybersecurity trends Tech journalist and analyst Art Wittmann once said "the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided". It's a valuable thing to remember when thinking about cybersecurity today. It's about more than just buying software; it's also about infrastructure design, culture and organizational practices. Cybersecurity is really a range of techniques and strategies designed to tackle different threats from a variety of sources. Gartner predicts that worldwide cybersecurity spending will climb to $96 billion in 2018. This rapid market growth is being driven by numerous emerging trends, including: Cloud computing Internet of things Machine learning Artificial Intelligence Biometrics and multi-factor authentication Remote access and BYOD--Bring your own device Effective cybersecurity strategies The most effective strategy to mitigate and minimize the effects of a cyberattack is to build a solid cybersecurity. Here are some of the ways in which an organization can strengthen their cybersecurity efforts: Understand the importance of security In the cyberage, you have to take the role of security seriously. You need to protect the organization with the help of a security team. When building a security team, you should take into accountthe types of risks that could affect the organization, how these risks will impact the business, and remedial measures in case of a breach Top notch security systems You cannot compromise on the quality of systems installed to secure your systems. Always remember what is at stake. Shoulda situation of attack arise, you need the best quality of security for your business. Implement a Red and Blue Team The organization must use the Red Team and Blue Team tactics, where the Red Team tactics can be used in penetration for accessing sensitive data, and the Blue Team tactics will defend your system from complex attacks. This team can be appointed internally or this job could be outsourced to the experts. Security audits Security audits are conducted with the aim of protect, detect, and respond. The security team must actively investigate their own security systems to make sure that everything is at par to defend against the lurking attack if it should occur. The security team must also be proactive with countermeasures to defend the organization walls against these malicious lurkers. Employees must also be properly educated to take proper precautions and act wisely in case of occurrence of a breach. Continuous monitoring Securing your organization against cyberattacks is a continuous process. It is not a one-time-only activity. The security team must be appointed to do regular audits of the security systems of the organizations. There should be a systematic and regular process, penetration testing must be conducted at regular intervals. The results of these tests must be looked at seriously to take mitigation steps to correct any weak or problematic systems. Enhance your security posture In an event of a breach, once the security team has confirmed the breach, they need to react quickly. However, don't start investigating without a plan. The compromised device should be located, its behavior should be analyzed and remedial actions should be underway. Vigilance In the words of the world’s most famous hacker, Kevin Mitnick, “Companies spend millions of dollars on firewalls, encryption,and secure access devices, and its money wasted; none of these measures address the weakest link in the security chain.” It cannot be stressed enough how important it is to be ever vigilant. The security team must stay current with the latest threat intelligence and always be on the lookout for the latest malicious programs that disrupt the organizations. Think ahead The question is never “if”, the real question is “when.”The attackers come sneaking when you are not looking. It is absolutely critical that organizations take a proactive stance to protect themselves by dropping the “if” attitude and adopting the “when” attitude. If you liked this post explore the book from which it was taken: Cybersecurity - Attack and Defense Strategies. Written by Yuri Diogenes and Erdal Ozkaya, Cybersecurity - Attack and Defense Strategiesuses a practical approach to the cybersecurity kill chain to explain the different phases of the attack, which includes the rationale behind each phase, followed by scenarios and examples that bring the theory into practice. Yuri Diogenes is a Senior Program Manager @ Microsoft C+E Security CxP Team and a professor at EC-Council University for their master's degree in cybersecurity program. Erdal Ozkaya is a doctor of philosophy in cybersecurity, works for Microsoft as a cybersecurity architect and security advisorand is also a part-time lecturer at Australian Charles Sturt University.