Cross-sector collaboration aims to strengthen Singapore's cyber security capabilities

StarHub has announced plans to grow the local cyber security ecosystem at the launch of its Cyber Security Centre of Excellence (COE). It’s teamed with five industry partners, four IHLs.

StarHub and the COE partners will jointly invest S$200 million over the next five years to support a sustainable cyber security ecosystem.

According to the telco’s news release, StarHub today launched its new Cyber Security Center of Excellence (COE), and announced that StarHub and its partners will undertake initiatives to develop talent, innovation, and industry collaboration to bolster local cyber security.

Five industry partners, namely Blue Coat, Cyberbit, EY, Fortinet and Wedge Networks, and four institutes of higher learning (IHL), including Nanyang Polytechnic (NYP), Republic Polytechnic, Temasek Polytechnic and Singapore University of Technology and Design have thus far joined the COE.

StarHub shares that it plans to rope in more industry and IHL partners to the COE to drive value and results.

To help cyber security professionals enhance their knowledge and career development, StarHub plans to work with leading centres for professional development in cyber security to design and offer relevant training courses. StarHub is also committed to addressing the shortage of cyber security talent in Singapore by training at least 300 specialists on different cyber related capabilities and skill sets over the next five years. It is teaming up with the four IHLs and the Cyber Security Agency of Singapore (CSA) to enhance cyber security training curriculum and programmes, and to collaborate on research and development.

As a first step, StarHub and NYP have jointly established a lab on NYP campus to provide hands-on training for students of Cyber Security & Forensics. These students will subsequently have the opportunity to learn directly from experienced cyber security professionals during their internship placements at StarHub or its industry partners.

Meanwhile, Professor Yitzhak Ben-Israel has been appointed as the advisor to the COE. He is a member of Singapore’s Research, Innovation and Enterprise Council, as well as the International Advisory Panel for Singapore's National Cybersecurity Research and Development Programme. Ben-Israel is also Singapore’s Agency for Science, Technology & Research, and heads the Security Studies programme at Tel Aviv University.

1 in 6 emails contains a virus: study

After Locky, here comes KePanger, PowerWare and Petya. According to a current analysis by Retarus security experts, 17% of all incoming email messages are blocked due to a suspected virus. The security experts are currently observing a significantly higher incidence of the crypto trojan Locky, as well as new variations. This corresponds to a fivefold rise in comparison with the previous month and can be explained primarily by the large increase in ransomware.

On average, in March, one in six emails sent to mailboxes used for business purposes contained a virus. In total, this means just as many infected messages occurred per hour as occurred per month in 2015 on average.

The analysis by the Retarus experts revealed that this can be explained by the huge rise in the incidence of crypto trojans. Whilst in February only around 3% of all incoming emails were infected, the number of messages filtered in March due to viruses had already risen to 17%. The reason: During this period, numerous additional versions of the virus appeared after the first Locky threat wave.

As crypto trojans can morph their structure quickly and frequently and, as a result, are able to assume the most diverse forms at lightning speed, ransomware is not detected immediately by every virus scanner. Nevertheless, security can be increased using professional cloud services. Specialized email security services access several scanners in parallel, thereby continuously expanding their filter rules, which means they can always offer the latest protection levels. Additional mechanisms, such as a four-level virus scan, also increase the likelihood of identifying and blocking extortion trojans in good time.

Heightened vigilance is essential
To ensure the best possible protection from attacks by Locky and similar ransomware, email users must be highly vigilant. Retarus recommends that users deactivate the automatic execution of embedded macro code in Office programs and that macros should only be activated if they are absolutely essential and where the corresponding documents originate from known sources.

In principle, users should only open email attachments if the sender or the process described in the email is trustworthy. So that potentially affected data can be restored quickly and - wherever possible - without losses, important data should be backed up on a regular basis. Here it should be noted that Locky can also attack external data media if this is permanently connected to the computer.

Caution is also advised in the event of an extremely slow processor response, elevated hard drive activity without a detectable reason, or files with the extension .locky on the hard drive. To close existing gaps in security, the latest versions of virus scanners should always be installed and regular patches performed.

Blackhat Asia 2016

Glad to be back at this amazing conference. I attended the last one held in 2015, with access to all briefings and the session content are intriguing and scary at the same time.

But as they say, no defense is 100% foolproof. They WILL get in anyhow, it's how long you take to to detect and respond.

Some highlights from Arsenal:

o   CrackMapExec

§  Aims to be a one-stop-shop for pentesting Active Directory environments! Think smbexec on steroids, combining the latest and greatest techniques for AD ownage in a single tool!

§  From enumerating logged on users and spidering SMB shares to executing psexec style attacks, concurrently auto-injecting Mimikatz/Shellcode/DLL's into memory using Powershell, dumping the NTDS.dit, querying and executing commands through MSSQL DB's and more!

§  The biggest improvements over the current tools are:

·         Pure Python script, no external tools required

·         Fully concurrent threading

·         Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc...

·         Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc...)

§  Fully open-source and hosted on Github!

o   VirusTotal

§  A free online file and URL scanner that everyone knows.

§  However there are many free features that many users don't know about such as:

·         A free public API for anyone to automate file or URL analysis.

·         IP address and domain reputation. See malware files known to be associated with a particular IP address or domain, and history Passive DNS info

·         Sysinternals, Carbon black, etc. integrations

·         Static analysis of files, structural analysis of many file types (PE, ELF, APK, ZIP, RAR, MACHO, .NET, office, etc)

·         Sandbox dynamic analysis of PE, APK, Apple Mach-O, and applications.

·         ROMS, BIOS, and firmware files

·         SSDEEP, authentihash, imphash, and other similarity indexes

·         Certificate checks on signed files

·         Whitelisting of trusted files

·         Free desktop scanning applications for Windows, MAC, and open source for compilation on linux.

Had a short chat with the developer of CrackMapExec, he mentioned that this tool runs entirely in memory and does not have any footprint. It is basically undetectable, except that the only tell-tale signs of execution would be spikes in the CPU and RAM usage.

Demonstration of CrackMapExec by @byt3bl33d3r 

GitHub recovers from major outage; cause unknown

GitHub, a frequent target of distributed denial of service (DDoS) attacks, experienced a major outage early Tuesday morning, Eastern Time; however, the software development hosting service tweeted shortly thereafter that it identified the problem and that its online operations were running normally again.

As of press time, it is not publicly known if the outage stemmed from an internal error or from the latest in a series of external cyberattacks against the service. GitHub's site performance was noticeably impacted just this past Mar. 23 following a DDoS assault against the website.

Asked for an update and an explanation of the underlying issue, a member of GitHub's communications department directed SCMagazine.com to its online status page, which showed that from around 4:30 a.m. to 6 a.m. ET, app server availability ostensibly plummeted to zero percent, while response times spiked.

Travis Smith, senior security research engineer at cybersecurity software firm Tripwire, said in a statement emailed to SCMagazine.com. “While a drop in service such as this may be attributed to an operational malfunction internally at GitHub, it can't be ruled out that this was a targeted attack” against not just GitHub, but also “any number of their customers who leverage GitHub's service in production environments.”

GitHub experienced an especially severe DDoS attack in March 2015 — an attack that many researchers have attributed to state-sponsored Chinese hackers.

The typo that can get you hacked

Here’s another reason to be extra careful about what you type into your web browser.

Cybersecurity firm Endgame has unearthed a new spin on the good old “typosquatting” scam — the practice of purchasing domain names similar to legitimate websites (Think Gooogle.com) in hopes that a small keyboard snafu nets hackers access to your computer.

The new scam aims to install malware on devices after users accidentally type “.om” instead of “.com” after popular urls. Endgame discovered the scheme after one of its employees mistakenly typed “Netflix.om” instead of Netflix.com when attempting to watch the latest season of House of Cards earlier this month.

Per a company blog post:

“He did not get a DNS resolution error, which would have indicated the domain he 

typed doesn’t exist. Instead, due to the registration of “netflix.om” by a malicious 

actor, the domain resolved successfully. His browser was immediately redirected 

several times, and eventually landed on a ‘Flash Updater’ page with all the usual 

annoying (and to an untrained user, terrifying) scareware pop-ups.”

After doing some more research, Endgame found the streaming service wasn’t the only popular url being “om’ed. Though some sites bearing that ending were legitimate, 319 .om domains appeared to have some type of scheme attached to them. (Fake Flash Updates, for instance, are commonly linked to a well-known malware named Genio that attaches itself to web browsers and mines for data.)

You can see a full list of the potentially dangerous domains here. It’s important to note you could also be in trouble if you typed the “c”, but misplaced the period. (Example: bestbuyc.om or cnnc.om.) This particular typosquatting game was easy for hackers to play, Endgame said, since “.om” is the country-specific domain name for Oman.

Protecting Yourself
Phishing and malware schemes are common attempts by scammers to get your personal information. For better Internet safety, it’s generally recommended you stick to trusted and encrypted websites (double-check, of course, the spelling of each address); refrain from clicking on links in unsolicited emails and keep your security software up to date.

It’s also good to monitor financial accounts regularly for fraud, and keep a close eye on your credit since a sudden drop in credit scores or unfamiliar line items on a credit report are signs identity theft is occurring. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com.)  If have fallen victim to an Internet scam, you might also consider freezing your credit reports to keep new accounts from being opened in your name. And you can go here to learn what to do if you’ve already spotted identity theft on your credit report.

Surprise! Microsoft announces SQL Server on Linux

Microsoft has surprised the industry by announcing plans to bring SQL Server to Linux, a move that would accelerate the overall adoption of SQL Server.

“We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017,” wrote Scott Guthrie, Executive Vice President, Cloud and Enterprise Group, Microsoft, in a blog.

Guthrie notes that SQL Server on Linux will provide customers with even more flexibility in their data solution.

“This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers,” said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

“We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux,” said Paul Cormier, President, Products and Technologies, Red Hat.  “As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.”

“We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.”

The private preview of SQL Server on Linux is available already.

SQL Server 2016
Meanwhile, CEO Satya Nadella and other senior Microsoft leaders recently showcased Microsoft SQL Server 2016, the next release of the company’s flagship business analytics and data management platform, which will be generally available later this year.

Microsoft says SQL Server 2016 supports hybrid transactional/analytical processing, advanced analytics and machine learning, mobile BI, data integration, always encrypted query processing capabilities and in-memory transactions with persistence.

The new release’s security encryption capabilities enable data to always be encrypted at rest, in motion and in-memory to deliver maximum security protection.  In-memory database support for every workload with performance increases up to 30-100x.

SQL Server 2016 also offers business intelligence for every employee on every device – including new mobile BI support for iOS, Android and Windows Phone devices.

Advanced analytics using Microsoft’s new R support enables customers to do real-time predictive analytics on both operational and analytic data.

Microsoft also says that the SQL Server 2016 is available on Linux in private preview, making SQL Server 2016 more accessible to a broader set of users

Easy Migration
Microsoft also announced a new program to help more businesses move to SQL Server 2016. Businesses currently running applications or workloads on non-Microsoft paid commercial RDBMS platforms will be able to offset the costs of licensing, migration planning and training when moving to SQL Server 2016.  They will also be able to migrate their applications to SQL Server without having to purchase SQL Server licenses.

Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!
Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here's why:
Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016.

Who are affected?
As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.

The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.

However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?
Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.

From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP: 5.104.175.212), the investigative team discovered.

The infected Linux ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoor Tsunami, giving the attackers access to the system via IRC servers.
Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed
Denial of Service (DDoS) attacks.

Hackers vs. Linux Mint SysAdmins
However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.

Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.

The Linux Mint official website is currently offline until the team investigates the issue entirely.
However, the hackers' motive behind the hack is not clear yet.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," Lefebvre added.

Hackers Selling Linux Mint Website's Database
The hackers are selling the Linux Mint full website's database for a just $85, which shows a sign of their lack of knowledge.

The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.
Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience.

Here's How to Protect your Linux Machine
Users with the ISO image can check its signature in an effort to make sure it is valid.
To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre's blog post.

If found infected, users are advised to follow these steps:

• Take the computer offline.
• Backup all your personal data.
• Reinstall the operating system (with a clean ISO) or format the partition.
• Change passwords for sensitive websites and emails.

You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.

Netflix has a black market for passwords, and they sell for just 25 cents

Attention Netflix users! Have you noticed odd activity in your ‘Recently Watched’ queue? There’s a possibility your account may have been compromised after a recent malware and phishing campaign targeting users has led to an influx of credentials for sale on the Dark Web for the low price of just 25 cents.

It’s long been known that hackers are nabbing and selling Netflix passwords, but a new report this week from security firm Symantec suggests the problem is growing following the streaming site’s recent international expansion to 130 new regions.

For hackers, the expanding membership base of Netflix, which is now available in a total of 190 regions globally, means there are more opportunities than ever to steal and sell passwords.

While the cost of a subscription for the streaming service already seems pretty reasonable when you look at the (legal) alternatives, the rise of the black market in Netflix passwords shows some people are willing to pay a lot less even if it means breaking the law.

According to Symantec, hackers grab passwords mainly through phishing attacks where a Netflix user is tricked into hitting a malicious link in an email or website that leads them unknowingly to a fake login page for the service. Malware is also being used to harvest account information, the California-based security firm said.

It also reveals that some cybercriminals are selling Netflix passwords on the dark Web for as little as 25 cents a pop. An ad lifted from the Web by Symantec shows a password vendor offering a minimum purchase of four accounts for a total of $1, adding that it has 300,000 passwords in stock. Its “terms of service” instructs customers not to change any account details as this would obviously alert the genuine subscriber to unauthorized activity.

Assuming the account details are indeed left untouched by the intruder, as a legitimate user you could still notice that your account’s been compromised if your “recently watched” list says you’ve already steamed through the entire season of Making a Murderer when you know darn well you haven’t (though why haven’t you?).

The video-streaming service now has 75 million users worldwide, a figure that indicates there’s plenty of potential for the black market in stolen Netflix passwords to expand and go on operating.

If you suspect that your Netflix account has been receiving an unwelcome visitor (or visitors), be sure to run a check:

• Go to website haveibeenpwned.com. 
• Check out the email address associated with your Netflix acount

Of course, if you’d rather be safe than sorry, you can skip that step and go straight to the fix: change your password. The important thing to remember is that you should change the password of any other account that uses the same one.

Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently

Don’t Try this at Home! An interesting software bug has been discovered in Apple's iOS operating system that could kill your iPhone, iPad or iPod Dead Permanently.

Yes, you heard me right.

An issue with the date and time system in iOS had emerged recently when Reddit users started warning people that changing your iPhone's or any iOS device's date to January 1, 1970, will brick your iPhone forever.

You can watch the whole process in the video given below. Even regular recovery tricks do not work

So, you are recommended to Not Try This Trick with your iOS device really – unless you book a trip to your local Apple Store.

While I don’t have any intention or desire to try it out with my iPhone 6s to confirm the authenticity of the bug, it is pretty much clear based on reports that seem legitimate.

YouTuber Zach Straley first discovered the issue, which was later confirmed by iClarified, who tested the trick on an iOS device.

Affected iOS Devices
This bug affects any iOS device that uses 64-bit A7, A8, A8X, A9 and A9X processors and runs iOS 8 or newer, including iPhones, iPads, and iPod touches. However, for those running on 32-bit iOS versions are not affected by this issue.

How the Bug Kills the iPhone?
Basically, the whole process is due to this:

• Set up the date to January 1, 1970, via settings on your iOS device
• Reboot your device, and you are done.

Your iPhone or iPad will no longer boot and will be stuck to the Apple logo. Even recovery mode restore or DFU mode will not let you restore your device; it will remain stuck on the bootup screen.


Your device will reportedly not come back, and the only way to get it back to work once again is to take your iOS device to an Apple Store.

The Only Way to Get Your iPhone Back
The bug is believed to be related to UNIX timestamp epoch that causes the kernel to crash. The only way to get it back is to open the device's casing and physically disconnect the battery from the logic board. This could only be done with the help of Apple's Genius Bar.

This process will reset the iPhone's date and allow it to boot.

While there isn't any other fix at the moment, Apple is expected to come up with a software update to fix and unbrick the affected iOS devices.

Though some users are saying that letting the battery drain could make the iPhone work once again, or changing the SIM card could fix the issue, or waiting for the device to back after 5 hours, you are still advised to not try this on your device as there is no guarantee these tricks are going to work.

'Critical' Israel power grid attack was just boring ransomware

Ransomware via a phishing attack hit Israel Electric Authority, not the power grid, but it still freaks out the world as the incident is dubbed a 'severe cyber attack;' that morphed in the media into an attack that took out the Israeli power grid.

Minister puts nation on alert, SANS Institute says move along, nothing to see here ...

The SANS Institute has moved to quell reports that Israel's energy grid has been hit by malware, revealing instead that the attacks were ransomware infecting the nation's utility regulatory authority.

Reports emerged after energy minister Dr Yuval Steinitz said a "severe" attack had hit the authority in what he reportedly called "one of the largest cyber attacks" the agency had experienced.

"We are handling the situation and I hope that soon, this very serious event will be over," Steinitz says.

Reports emerged suggesting the incident could impact the energy grid similarly to the targeted and sophisticated attacks against Ukraine, revealed earlier this year.

SANS security man Robert Lee says Israel-based analyst Eyal Sela of ClearSky Security says the reports are misleading.

"The Israel Electric Authority the Minister mentioned is in no way related to the networks of the Israeli electric companies, transmission, or distribution sites," Lee says.

"The Israeli Electric Authority is a regulatory body of roughly 30 individuals and this cyber attack is only referencing their networks.

"...new reporting shows that the cyber attack was simply ransomware delivered via phishing emails to the regulatory body's office network, and it appears it in no way endangered any infrastructure."

It is not known what ransomware infected the machines.

The latest versions of the most sophisticated malware – such as CryptoWall – cannot be removed without paying ransoms, while new and less-popular ransomware offerings contain encryption implementation flaws that allow the scumware to be removed without footing the extortion.

Secret SSH backdoor in Fortinet hardware found in more products

A recently identified backdoor in hardware sold by security company Fortinet has been found in several new products, many that were running current software, the company warned this week.

Discovery comes a month after competitor Juniper disclosed unauthorized code.

The undocumented account with a hard-coded password came to light last week when attack code exploiting the backdoor was posted online. In response, Fortinet officials said it affected only older versions of Fortinet's FortiOS software. The company went on to say the undocumented method for logging into servers using the secure shell (SSH) protocol was a "remote management" feature that had been removed in July 2014.

In a blog post published this week, Fortinet revised the statement to say the backdoor was still active in several current company products, including some versions of its FortiSwitch, FortiAnalyzer, and FortiCache devices. The company said it made the discovery after conducting a review of its products. Company officials wrote:

As previously stated, this vulnerability is an unintentional consequence of a feature that was designed with the intent of providing seamless access from an authorized FortiManager to registered FortiGate devices. It is important to note, this is not a case of a malicious backdoor implemented to grant unauthorized user access.

 In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above. We are actively working with customers and strongly recommend that all customers using the following products update their systems with the highest priority:

• FortiAnalyzer: 5.0.0 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
• FortiSwitch: 3.3.0 to 3.3.2
• FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
• FortiOS 4.1.0 to 4.1.10
• FortiOS 4.2.0 to 4.2.15
• FortiOS 4.3.0 to 4.3.16
• FortiOS 5.0.0 to 5.0.7

Undocumented backdoors have long been a security concern because they make it possible for outsiders to gain unauthorized access to sensitive devices. Backdoors have received increased scrutiny since network hardware maker Juniper dropped last month's bombshell that there was unauthorized code added to its Netscreen line of firewalls. Among other things, the unauthorized code in the Juniper product allowed attackers to surreptitiously decrypt encrypted traffic. While Fortinet officials say the backdoor in its products had no malicious intentions, there's little doubt it could be used for covert eavesdropping by people with knowledge of its presence.

Is it time to move from Windows 7, 8 and 8.1 to Windows 10?

While standing in line at a burger joint recently, we spotted a sign in the manager's office that proclaimed, "Happy employees are productive." That pretty much sums up the Windows 10 experience from the user perspective. It's fast, feature-filled, easy to use and works across many types of devices. Although a unified experience across multiple devices (and using one account) was introduced in Windows 8, it remains a key factor in Windows OS usability. But because the mouse and keyboard still rule the desktop, it's equally important that the Start menu is back in Windows 10, in all its full glory.

Since its introduction in July 2015, Windows 10 has been well-received by consumers, partly because of the free upgrade and partly because it's a great OS for end users. These days, Windows 10 is also finally gaining traction with businesses. A Spiceworks survey of IT executives indicates that 73 percent expect to deploy the software by 2017. Let's take a look at the pros and cons involved in making that upgrade.

Why upgrade?
The unified experience is here to stay, offering a "one app platform, one security model, and one management approach" that should resonate with IT managers who must mind the budget and allocate staff time resourcefully. Microsoft has said that Windows 10 is its best and final full OS release. Going forward, the company will focus on its Windows as a Service (WaaS) model, in which updates and incremental upgrades will be rolled out as they are needed. WaaS should help organizations remain current on "upgrades," making for a more secure environment along with a less costly and time-consuming update-handling process.

Microsoft points to several good reasons to upgrade to Windows 10, such as the addition of new features and functionality, a more responsive system, easy provisioning and less overall burden on IT staff. In our opinion, a few key factors worth upgrading for include the following:

• More control over deployments: Windows Update for Business provides feature upgrades and servicing updates from the cloud, which can target groups of endpoints for staggered and more controlled upgrade deployments. Essentially, IT staff can specify which groups of devices get updated and when such updates will occur. This is particularly important when mission-critical or line-of-business applications need to be tested in advance before deploying updates, so as not to "break" anything when updates are applied.
• In-place upgrades: Microsoft has removed most of the complexity and effort involving in upgrading from Windows 7 or 8/8.1. Performing an in-place upgrade is easy and, for the most part, seamless. In our experience, in-place upgrades have taken about 30 minutes on average, with little to no user input needed during the process (and where automated answer files can easily handle such input for hands-off implementations). Clean installs are rarely necessary, and this applies to any device being upgraded, not just desktops and laptops.
• Component independence: The OS treats system components as independent parts, which means they can be updated separately from the Windows core operating system. Likewise, Windows 10 provides excellent device handling, andWindows 10 is usually on-target in the drivers that it installs by default (and where issues may manifest, images can be customized easily to include such drivers for automated installations).
• Security: The new OS includes trusted boot, which prevents malware from springing up before the boot process is complete. With UEFI Secure Boot, trusted boot allows only trusted software to run during start-up. And multi-factor authentication, which includes PINs, biometrics, a trusted PC and more, is highly streamlined and enables users to sign on to devices easily and with lightning speed.

Furthermore, Mobile Device Management (MDM) is also available across Windows 10 devices and supports laptops, tablets, smartphones and Internet of Things (IoT) devices. Enterprises can use Windows 10 IoT lockdown capabilities to prevent access to unauthorized USB devices, for example, and allow only trusted apps to run on devices.

Upgrade concerns
All of the rah-rah aside, there are indeed some downsides to upgrading, but they apply to nearly any major upgrade and not just Windows 10. For starters, an organization-wide OS upgrade is a major undertaking that requires thorough planning and testing before any production machine is affected. Legacy equipment and OSes generally cause the most issues, especially where automated deployments are concerned. Old hardware and supporting equipment may need to be upgraded or replaced outright. All of that takes time and money.

Organizations must also consider licensing costs, which can be substantial. Consumers and small businesses can upgrade from qualified OSes for free (at least for a while), but large organizations and enterprises must purchase enterprise licenses and software assurance contracts. One bright light for enterprise managers is that customers can license Windows on a per-user basis with a primary device running Windows Pro or other qualified OS. This eliminates the need to keep track of every device from the perspective of licensing.

Consider that an upgrade from Windows XP to Windows 7 costs an average of about $1,000. Although upgrading to Windows 10 should come in well under that figure, even $500 per user (as an example) in a large environment still produces an eye-popping number.

Apple Can Still Read Your End-to-End Encrypted iMessages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW!

In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products.

When it comes to Apple's iMessage service, the company claims that it can't read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it.

Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them.


"If the government laid a subpoena to get iMessages, we can't provide it," Apple CEO Tim Cook told Charlie Rose back in 2014. "It is encrypted, and we do not have a key."

But Wait!

There are still hundreds of Millions of Apple users whose data are stored on Apple's servers in plain text even after Apple's end-to-end encryption practice.

Apple Stores Your Backup in Encrypted Form, But with its Own Key

It turns out that Apple forgets to offer its so-called privacy benefits to users with iCloud Backup enabled.

If you have enabled iCloud Backup on your Apple devices, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by the company, and not you.

This allows Apple, and hence anyone who breaks into your account, to see your personal and confidential data.

In past, we have seen incidents like The Fappening in which hackers broke into Apple's iCloud accounts to steal nude selfies of over hundred famous celebrities and thus circulated them on the Internet.

Apple allows you to switch off iCloud Backup whenever you want, but it doesn't offer a way to locally encrypt iCloud backups that would allow the company to store your personal data, including iMessage and SMS messages, on its servers but not access it.

Give the Encryption Keys in Hands of Users
Yes, it is possible to do encrypted non-cloud backups locally through iTunes, though it isn't always a so obvious choice to average users.

No doubt, Apple provides end-to-end encryption for your messages that even Apple can not access or read it, but only if you avoid the backup feature that it encourages its customers to use every time.

In fact, the company asks users to set up an iCloud account as soon as they activate their new iPhone or iPad.

However, Apple doesn't clearly states that by doing so, users otherwise 'unreadable' iMessages and other personal data become very much readable to the company as well as to anyone – whether it's law enforcement agents with a court order or hackers with access to your account.

Although it's difficult to say how many Apple users are affected, the most recent estimation from Asymco indicates there were around 500 Million iCloud users in March of 2014.

However, the exact number of users actually using iCloud Backups isn't clear yet.

Motherboard reached out to the company, but neither Apple told the estimated percentage of people using iCloud backup, nor it gave a reason for not giving users the option to store cloud backups that are encrypted locally.

One reason could be:  By allowing such backups, Apple doesn't want that its users who forget the passcode could not decrypt their data.

How to Turn Off iCloud Backup on the iPhone
We know, there is a war against the federal authorities and Apple over encryption. The law enforcement agencies are not at all happy with Apple using stronger encryption in its devices that makes it impossible for them to collar criminals.

In this situation, if Apple ignores such critical loopholes in its products, it would be possible for the federal officials to force the company to hand over its users data citing law orders.

For many users, the encryption offered by Apple is more than enough. However, if you do not want the company to access your data, the only solution is:

• Backup your personal data locally through Apple's iTunes.
• Turn off iCloud Backup. Go to Settings → iCloud → Storage & Backup → iCloud Backup.
• Now, tap the OK button to confirm that your iPhone will no longer be backing up your data automatically to your iCloud storage.

New year, new job – but beware of fake offers looking to scam you

January is traditionally a month of change for most people, be it starting new fitness and diet regimes, promising to travel more, vowing to make better use of their time, or even just giving their house a good clear out. For others, however, the beginning of a new year is a time of dramatic change, with many taking to the internet in search of a new job.

A recent survey carried out in the UK by employment website Indeed found that over 30% of employees were actively looking for new employment as part of their new year goals, while a further 11% of respondents said that finding new work was definitely on their list for 2016. Considering the increase in people scrambling for new career opportunities at this time of the year, it isn’t surprising that some criminals have seen this as a chance to take advantage of unsuspecting victims.

False offers that demand payments
One such example of a false job offer discovered in the United States required the candidate, who having successfully passed the first phase of the selection process, to log onto Yahoo Messenger for another interview. It was during this stage that she was told that to be contracted for the role she would need a number of software programs, but that the company would provide them for her if she passed them on her bank account information.

After becoming suspicious at this point, the potential candidate did some investigating online and discovered that, despite the company existing, scammers were using its name to pull off cybercrimes and that the job offer was in fact bogus.

Another such scam was spotted on Facebook, with cybercriminals yet again using the name of a reputed company to post false job offers. The process was similar to the previous one, with supposed employer requesting that applicants send payment as part of their application.

How to spot bogus job offers
If you are applying for a job offer online, here are a few quick tips to help you spot an offer that might just be too good to be true:

• Never part with your money! No matter how good the job offer is, nobody should have to give money to a potential employee when being offered a job.
• Don’t give out bank information during interviews. There is no need for a potential employee to have access to this information for an interview.
• Try to online use reputed job listing websites. If you are in doubt, double check on the company’s website to see if it is listed there. Many of these scams use the names of legitimate companies to trick people.
• Be cautious with potential new contacts on LinkedIn, as there has been an increase in fake profiles looking to steal user information.
• There is only a cellphone supplied for enquiries as opposed to a direct landline.
• The company is using a free email service for correspondence such as Gmail or Yahoo. Legitimate job related emails should come from corporate accounts.
• If you are offered a job just on the basis of your CV, be suspicious. Most recruitment processes have a number of stages and an interview is definitely one of them.
• Be wary of offers for jobs that you never applied for.
• Finally, be aware of job offers that are too good to be true. If they’re offering you the chance to work from home and earn a huge salary, then it’s more than likely a scam.

By keeping your wits about you when looking for a jobs online, and following the tips above, you can avoid being a victim of identity theft and fraud. Remember, if it looks too good to be true, then it likely is!

Hacker-Friendly Search Engine that Lists Every Internet-Connected Device

Meet an all-new Hacker’s Search Engine similar to Shodan – Censys.

At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.

But how did the researchers get this number?
Researchers uncovered these devices with the help of Censys – a new search engine that daily scans the whole Internet for all the vulnerable devices.

Censys Maintains Complete Database of Everything on The Internet
Censys is similar to hacker's search engine Shodan, which is designed specifically to locate any devices that have been carelessly plugged into the Internet without much attempt at preventing unauthorized access.

However, Censys employs a more advanced method to find vulnerabilities in the devices and make the Internet a safer place.

Censys is a free search engine that was originally released in October by researchers from the University of Michigan and is powered by the world's biggest search engine Google.

Censys is part of an open source project that aims at maintaining a "complete database of everything on the Internet," helping researchers and companies unearth Online security mishaps and vulnerabilities in products and services.

How Does Censys Work?
Censys collects information on hosts and websites via daily scans of the IPv4 address space – the internet protocol version 4 that routes the majority of the Internet traffic today.

In order to do so, the new search engine uses two companion tools:

• ZMap – an open-source network scanner
• ZGrab – an application layer scanner

Censys then maintains a database of how hosts and websites are configured, allowing researchers to query the data through a search interface, report builder, and SQL engine.

ZMap scans over 4 Billion IP addresses on the Internet and collects new data every day. It also helps determine whether the machines on the internet have security vulnerabilities that should be fixed before being exploited by the hackers.

"We have found everything from ATMs and bank safes to industrial control systems for power plants. It's kind of scary," said Zakir Durumeric, the researcher leading the Censys project at the University of Michigan.

Obvious flaws in addition to issues caused by IT administrator failures can also be found.

Here's the MIT Technology Review on Censys, titled "A Search Engine for the Internet’s Dirty Secrets."

More details on the Censys architecture and functionalities are available in the team's research paper.

If you would like to give Censys a try, you can follow the step-by-step tutorial offered by the developers.

Rise in cybercrime among top drivers of investment in forensic data analytics

Cyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks according to executives and are driving investment in forensic data analytics, according to a new survey.

EY’s 2016 Global Forensic Data Analytics Survey, "Shifting into High Gear: Mitigating Risks and Demonstrating Returns," found that internal fraud risk ranks highest for the application of FDA at 77% and cyber breach or insider threat risk ranks second at 70%.

Sixty-nine percent say that they need to do more to improve their current anti-fraud procedures, including the use of FDA tools. Notably, this figure increased to 74% for the C-suite cohort.

Of those respondents citing regulatory pressure as the reason to improve their procedures, C-suite respondents were found to be the most concerned as regulatory enforcement becomes more rigorous and widespread.

“For organizations, the threat of cybercrime is an everyday reality, posing a dynamic and relentless challenge," says David Stulb, EY’s Global Leader of Fraud Investigation & Dispute Services (FIDS).

"This means that boards and senior management need to incorporate FDA as a critical component of their risk management and compliance programs. This is especially critical given the current regulatory enforcement environment and market reaction to instances of alleged corporate fraud, bribery and cyber breach.”

Increased FDA investment
With just 55% of respondents saying that their FDA spend is sufficient, a drop from 64% in our  2014 survey, it is no surprise that three out of five say that they plan to spend more on FDA in the next two years. When looking at the reasons for increased investment, the survey found that responding to growing cybercrime risks and increased regulatory scrutiny are the top drivers at 53% and 43%, respectively.

How FDA tools are deployed is also changing, with 63% of respondents saying they invest at least half of their FDA budget on proactive monitoring activities.

FDA use on the rise
In response to these increased risks, the use of advanced FDA is becoming mainstream, with new technologies and surveillance monitoring techniques widely used to help companies manage current and emerging fraud and cyber risks.

The rising maturity of corporate FDA efforts is also evident through the growing sophistication in their use of data. Seventy-five percent of respondents routinely analyze a wide range of structured and unstructured data, enabling them to gain a comprehensive view of their risk environment.

David Remnitz, EY’s FIDS Global and Americas Forensic Technology & Discovery Services (FTDS) Leader, remarks: “Given the level of pressure organizations are facing on fraud prevention, it is no surprise that the majority of respondents are expending more effort on proactive initiatives.

"Today, FDA is becoming indispensable to proactive risk management. Organizations need to recognize the role FDA can play not only in their reactive investigations, but also in their proactive surveillance, compliance, anti-fraud and cyber breach response efforts.”

Report: Security pros losing confidence

Security professionals were less confident in their security infrastructure in 2015 than in 2014, according to a report released by Cisco.

In 2014, 64 percent of security pros said that their infrastructure was up to date, while only 59 percent felt the same way about 2015. In addition, in 2015, 54 percent said they strongly believe that they do a good job of building security into procedures for acquiring, developing, and maintaining systems, compared with 58 percent in 2014.

"Despite all the hard efforts, there is concern that both the speed at which the technology and capabilities being deployed, and the number of people, qualified individuals to be hired, and the overall approach in the face of an overwhelming number of attacks," said John N. Stewart, chief security and trust officer and senior vice president at Cisco Systems. "This is causing confidence to go down."

Aging infrastructure was another issue raised in the report.

An analysis of more than 115,000 Cisco devices showed that 92 percent were running software with known vulnerabilities, 31 percent were no longer on the market, and 8 percent were "end of life."

The financial services industry has the highest percentage of devices that had passed their last day of support, at 20 percent.

Jason Brvenik, a principal engineer at Cisco, said that the likely explanation for this is that the financial sector has long been an early adopter of technology.

"They have more devices deployed in more places, and would have aging infrastructure," he said.

On an unrelated note, the Cisco report also uncovered browser extensions as a dangerous attack vector often overlooked by security teams.

According to Cisco, adware and browser injections were among the most difficult threats to detect, taking up to 200 hours. By comparison, downloaders that target Microsoft Word users are typically detected in less than 20 hours.

Security teams often spend less time on adware and browser injections, classifying them as lower priority.

"It's seemingly benign, it seems to offer value to the user, they like to use it," said Brvenik.

But they create invasive paths that attackers can use to install more dangerous applications, he said -- and more than 85 percent of organization were affected by malicious browser extensions.

The main problem, he said, is that many users are running out-of-date browsers that allow these malicious extensions to slip through.

"We know organizations have legacy applications that require them to legacy versions of browsers," he said. "But I advocate that, if you could, you should restrict them from accessing the Internet. They need to deploy a firewall to decide whether a version of a browser is allowed to access the Internet or not. They will significantly reduce their exposure if they enforce that policy."

Attackers use SQL injections to manipulate search engine rankings

Akamai Technologies, Inc. has issued a new Web security threat advisory from the company’s Threat Research Division. Threat Research has identified a sophisticated search engine optimization (SEO) campaign that uses SQL injections to attack targeted websites.

Affected websites will distribute hidden Hypertext Markup Language (HTML) links that confuse search engine bots and erroneously impact page rankings.

Over the course of a two week period in Q3 2015, Threat Research analyzed data gathered from the Akamai Intelligent Platform and observed attacks on more than 3,800 websites and 348 unique IP addresses participating in the various campaigns, revealing the following key findings:

• Evidence of mass defacement – when searching the Internet for the HTML links that were used as part of this campaign, Threat Research identified hundreds of web applications containing these malicious links.
• Attacks manipulated search engine results – when searching for a combination of common words such as “cheat” and “story”, it was apparent that the “cheating stories” application appeared on the first page of the leading search engines.
• Analytics showcased impact of attacks – Threat Research looked at Alexa analytics and the ranking of the “cheating stories” application dramatically increased during the three month span.

Search engines use specific algorithms to determine page rankings and indexing for sites on the web, and the number and reputation of links that redirect to the web application influence these rankings. The SEO attackers created a chain of external links that direct to stories of cheating and infidelity on the web to mimic normal web content and impact search engine algorithms.

“The ability to manipulate page rankings is an enticing proposition and business for attackers,” said Stuart Scholly, Senior Vice President and General Manager, Security Business Unit, Akamai. “If successful, attacks can impact revenue and, most importantly, the reputation of many organizations and companies using the Internet.”

Mitigation
Attacks in the campaign have demonstrated a unique understanding of search engine operations, and accordingly, Threat Research recommends the following defense techniques:

• For Web Application Developers
• Ensure that you have implemented proper input validation checks for all user-supplied data that will be used within a back-end database query. Reference: https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
• Only use prepared statements with parameterized queries when constructing SQL queries based on user-supplied data. Reference: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

• For Web Application Defenders
• Deploy a Web Application Firewall (WAF) that is configured in a blocking mode for SQL Injection attacks.
• Consider profiling and monitoring the HTML response body format to help identify if there are significant changes such as an increase in the number of web links.

Cyber criminals using email scam to spread virus via WhatsApp

MILLIONS of WhatsApp users are being warned to watch out for a fake email that will install a dangerous virus on their phones.

Clever cybercriminals have created the malware which is specifically designed to trick WhatsApp users on either iPhones or Android devices.

The virus is being circulated via email and is designed to look like it’s been sent by a legitimate source, researchers at Comodo Labs say. Fraudsters hope users will open the scam email and download the attached virus, which then infiltrates their phone.

Emails from the criminals contain sneaky subject lines including, “new voice message” or “an audio memo was missed” followed by a play button.

Others have received messages including “a brief audio recording has been delivered”, “a short vocal recording was obtained” and a fake notification about a video note.

Although none of the emails come from a WhatsApp address they are “disguised with an umbrella branding”, Comodo confirmed.

WhatsAppers should be aware that all voice memos, audio memos, recordings and notifications will be received in the app only.

Every scam email contains a compressed ZIP file which unleashes the secret malware into your phone when downloaded. The virus then duplicates in multiple system folders and adds itself into an auto-run in the computer’s registry.

“Cybercriminals are becoming more and more like marketers, trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, a director of Comodo Antispam Labs.

“As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cybercriminals, protect and secure endpoints, and keep enterprises and IT environments safe.”

From Today Onwards, Don't You Even Dare to Use Microsoft Internet Explorer

Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser.

Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an "End of Life" notice, meaning Microsoft will no longer support the older versions.

So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser.

End of Life of Internet Explorer 8, 9 and 10 
"Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10," Microsoft says.

This move could be part of Microsoft's bigger plan to move its users to the new Edge browser, which is currently available only on Windows 10 PCs.

With the launch of Microsoft Edge last April, the company attempted to encourage Windows 10 users to switch to Edge if they are using its rival browser, such as Google Chrome or Mozilla Firefox, as the default web browser.

Edge has been designed completely separate to Internet Explorer, and promises speed and usability, with support for Cortana -- Microsoft's virtual assistant.

Around 340 Million Users Run Internet Explorer
For higher adoption of Edge, Microsoft is finally ending support for Internet Explorer 8, 9 and 10. However, an estimated 340 Million Windows users are still running Internet Explorer, and nearly half of those are believed to be using one of the expired IE versions.

Therefore, the older versions of the browser will receive KB3123303 patch today that will feature "nag box" asking users to upgrade their browser.

If you have "Automatic Updates" turned ON, you most likely upgraded to IE11 already. However, users with older IE browsers can turn "Automatic Updates" ON by clicking on "Check for Updates" in the "Windows Update" section of the Control Panel.