Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for A brief guide to fin ...

 Business

In 2019, the global stock market grew by $17 trillion, and despite world markets being battered — to put it mildly — by the pandemic, interest in investment has not gone away. Since the beginning of 2020, the number of trading app users has only risen. On the downside, the assets and personal data of e-traders are   show more ...

attractive prey for cybercriminals, and in the event of an incident, it is trading platform operators that have to deal with the consequences. In this post, we talk about the main threats companies face and how to defeat them. App vulnerabilities Like any software, trading platforms have vulnerabilities. In 2018, cybersecurity expert Alejandro Hernandez found holes in 79 such apps including not using encryption to store or transmit data (anyone could see or change it) and not logging out users after a period of inactivity. Design-level flaws included permitting weak passwords. A year later, analysts at ImmuniWeb carried out similar research and reached an equally negative conclusion: Out of the 100 fintech developments they tested, all were vulnerable to some extent. Issues were found in both Web and mobile apps, with many bugs inherited from third-party developments and tools used by the programmers. For some of the vulnerabilities, patches had long existed but hadn’t been applied. One such patch was released back in 2012, but the authors of the fintech app never got around to installing it. As sure as night follows day, if a product has security issues, they will make themselves known, potentially harming companies’ reputations and scaring away customers. And if, as a result of a bug in an app, users suffer a data leak or financial loss, the developer could face a big fine or be forced to pay damages. Sometimes, a platform’s creator is the only victim. For example, the authors of the Robinhood trading app failed to spot a bug that allowed premium users to borrow unlimited funds from the platform to trade securities — and one user borrowed a million dollars against a deposit of just $4,000. Traders dubbed it the “infinite money cheat code.” To avoid losses associated with bugs and vulnerabilities, trading platform coders need to consider security in the development stage, thinking in advance about such things as automatic user logout, encryption, and a ban on weak passwords. They should also regularly review the code for errors and fix them promptly. Supply-chain attacks To save time and money, most companies not only write their own code, but also employ third-party developments, frameworks, and services. If a provider’s infrastructure is compromised, the companies that use it can also suffer. That’s what happened to currency broker Pepperstone, for example. In August 2020, cybercriminals infected the computers of a company contractor, gaining access to its account in Pepperstone’s CRM system. Although the break-in was quickly neutralized, the attackers still managed to steal some client data. The broker says its financial and trading systems were not affected. All the same, recall that data leaks can be very costly for companies even if third-party code is to blame. To avoid potential burns, always choose reliable, security-minded partners, and never rely on their protection mechanisms alone. Any company in the field of finance should adopt a stringent security policy. Spear-phishing The human factor is often the cause of cyberincidents. That’s why attackers use company employees to infiltrate corporate infrastructures. In that context, in July of this year, cybersecurity researchers connected a series of attacks on fintech institutions in the EU, the UK, Canada, and Australia to the APT group Evilnum. The cybercriminals sent e-mails to company employees with a link to a ZIP archive hosted in a legitimate cloud service. The messages were disguised as business correspondence, and the archive contents as documents or images. Although the promised document or image appeared on the screen, opening it set the infection chain in motion. Sometimes attackers break into corporate e-mail accounts, which makes their phishing even more convincing. In August of this year, such an attack hit trading company Virtu. According to company reps, cybercriminals got into the mailbox of a top manager and spent the next two weeks sending e-mails to the accounting department with instructions to transfer large sums of money to China. Blind trust cost the company close to $11 million. To repel such attacks, cybersecurity staff needs proper training. Compile a list of phishing red flags in e-mails and use it to engineer a course of action in the event that a colleague, partner, or client asks you (or seems to be asking you) to send a couple of million — or even a bit less than that — to Jane Doe. Client problems Sometimes users lose money through no fault of your company or app — by downloading malware, entering passwords on phishing sites, or otherwise acting irresponsibly. Here too, alas, they may make claims against the trading platform. In some countries, companies are legally bound at least to figure out what happened, so it is worth warning traders from time to time about potential dangers and urging them to protect themselves (and, by extension, you). It is also a good idea to periodically remind clients that any third-party software, especially if pirated or obtained from dubious sources, can pose a threat. For example, it might steal passwords, including ones for trading accounts. Warn clients that cybercriminals might pose as your service to extract their credentials. Advise them to pay close attention to e-mails about problems with the service, and to carefully check the sender’s address and the message for typos and bad grammar. Recommend they manually enter the URL in a browser, open the app, or call client support in case of any doubt. How to protect your money and reputation Handling money comes with great responsibility, and neglecting security can cost fintech companies a lot. Therefore: Monitor the security of your apps and programs. Scan them for vulnerabilities and show zero tolerance for bugs and errors. Install a reliable security solution on work devices, ideally one that is cloud-based and managed through a single control panel. Train employees in the fundamentals of cybersecurity, so they won’t make mistakes that cost you and your clients money and stress. Use the strictest practicable security policy for employees and third-party suppliers. Remind clients that their money’s security depends largely on them. Recommend they install a security solution on the device they use for trading, and keep it junk-free. Implement security mechanisms in your developments from day 1. That means starting with a ban on weak passwords, encryption, and automatic logout of inactive users as a bare minimum.

image for Containers Complicat ...

 container

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes   show more ...

against its entire purpose....Read the whole entry... » Related StoriesEpisode 191: Shifting Compliance Left with Galen Emery of ChefReport: Critical Infrastructure Cyber Attacks A Global CrisisPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan Hunt

 Expert Blogs and Opinion

The pandemic has digital consequences as well, for both enterprise networks and OT networks. Not only has it brought us more online and forced us into remote work, macro trends continue as well.

 Trends, Reports, Analysis

Between the second half of 2019 and the first half of 2020, Group-IB researchers have uncovered dozens of attack campaigns carried out by state-sponsored APT groups across different countries.

 Feed

Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments   show more ...

where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used   show more ...

with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of   show more ...

python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5237-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5234-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5232-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5236-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5231-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5240-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

 Feed

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users out of their accounts. But what do you do if you are experiencing problems with account

2020-11
Aggregator history
Monday, November 30
SUN
MON
TUE
WED
THU
FRI
SAT
NovemberDecemberJanuary