Category: Products

Will Google’s Titan security keys revolutionize account security?

Google’s Titan security keys are now available in the Google Store for businesses and individuals. If Google gets its way, the Titan keys, which come in USB and Bluetooth form factors, will be the new standard in two-factor account protection.

Authentication keys are nothing new, nor is the FIDO authentication framework that Google has built Titan around. What is new is a company as big as Google marketing and selling its own hardware key. With as large a market as Google has, the Titan could be the hardware key that finally replaces vulnerable two-factor authentication (2FA) methods.

Read more about Google’s Titan security keys, and learn how to get and use them for your organization, on TechRepublic.

New email malware detection can outperform the top 60 antivirus engines

Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab in Israel have developed a new method for detecting malicious emails that is more effective than the top 60 antivirus engines on the market, according to a press release provided exclusively to TechRepublic.

Email-Sec-360°, the new method from BGU, relies on 100 email features to detect a malicious message, according to the release. Developed by Ph.D. student and researcher Aviad Cohen, the method is built on machine learning principles and operates without internet access, making it a useful solution for both individuals and businesses.

Read more about the new email malware detection technique on TechRepublic.

Thanatos ransomware: Free decryption tool released for destructive file-locking malware

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

In order to combat the destruction caused by files which can’t be decrypted, researchers at Cisco Talos have built and released a free tool for decrypting the files – ThanatosDecryptor, which is available to download now.

Read more about Thanatos ransomware and the free file decryptor released by researchers at Cisco Talos on ZDNet.

WPA3 Brings New Authentication and Encryption to Wi-Fi

Wi-Fi connections soon will become easier to secure with a newly available security protocol from the Wi-Fi Alliance. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3, which was first announced earlier this year, is now available for inclusion in products. It brings two deployment models, personal and enterprise, along with a related security set called Easy Connect.

Kevin Robinson, vice president of marketing for the Wi-Fi Alliance, says WPA3 is intended to meet the security needs of wireless users in a security landscape that has become very dynamic. “WPA3 simplifies configuration and adds more authentication and increased cryptographic levels,” Robinson says.

Read more about the official launch of the Wi-Fi Alliance’s latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks, on DarkReading.

Is your Android phone a ‘toxic hellstew’ of vulnerabilities? There’s an app to help you find out

It seems that some Android smartphone makers are lying to users about the patch status of their devices, telling them that they’re up-to-date when they aren’t. Here’s how to find out if your Android smartphone is lying to you.

The first step is to take a trip to the Google Play Store and download SnoopSnitch, an app developed by Security Research Labs, the company behind the report that first discovered that Android smartphone makers weren’t being truthful with users in the first place. The app is free, and download and installation takes only seconds.

Read more about the new SnoopSnitch app developed by Security Research Labs, which can tell you which vulnerabilities have been patched on your Android smartphone, which patches are missing, as well as which new vulnerabilities have yet to be patched, on ZDNet.

New Intel processors to have hardware-based protections against Meltdown, Spectre 2

Intel has officially pushed out microcode updates with Spectre and Meltdown mitigations for all of the processors it launched in the past five years. In addition to this, the company’s CEO announced new, redesigned processor lines that will start shipping later this year and will include hardware-based protection for Meltdown (exploiting CVE-2017-5754, a rogue cata cache load flaw) and variant 2 of Spectre (exploiting CVE-2017-5715, a branch target injection vulnerability).

“While [Spectre] Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two,” Intel CEO Brian Krzanich announced. “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 [Spectre] and 3 [Meltdown]. Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors.”

Read more about Intel’s announcement that the company has redesigned processor lines that will have hardware-based protections against Meltdown and Spectre 2 on Help Net Security.

What is a virtual CISO? When and how to hire one

Chief information security officers (CISOs) are highly sought after, to the point where good ones are expensive and hard to come by. So this is a challenge when more and more organizations, reeling in the wake of CISO-less breaches like Target and the UK’s TalkTalk, recognize the value in having one in place.

Could an on-demand virtual CISO (vCISO) be the answer to your prayers? A vCISO is an outsourced security practitioner or provider who offers their time and insight to an organization on an ongoing basis, usually part-time and remotely.

Read more about what a virtual CISO (vCISO) is and how it can bring both strategic and operational leadership on security to companies that can’t afford a full-time person in the role at Crucial Point LLC via Crucial Point’s Technology Due Diligence and CTO Advisory Services

Our greatest strength is our continuous monitoring and assessment of the technology enablers of the modern business. We apply this knowledge in engagements and have a consistent track record of proven past performance.

To learn more about who we have served and how we can help you, contact us here.

Microsoft: Windows Defender can now spot FinFisher government spyware

Microsoft says it has cracked open the notorious FinFisher government spyware to design new ways to detect it and protect Windows and Office users. FinFisher is sold to law-enforcement agencies around the world and its maker, European firm Gamma Group, has been criticized for selling it to repressive regimes. Last year, researchers at FireEye discovered FinFisher being distributed in Word documents loaded with an attack for an Office zero-day targeting Russian-speaking victims. In some countries ISPs have also assisted FinFisher rollouts by redirecting targets to an attack site when they attempt to install popular apps.

Microsoft’s threat researchers say FinFisher’s level of anti-analysis protection puts it in a “different category of malware” and reveals the lengths its makers went to ensuring it remains hidden and hard to analyze. But after Microsoft’s reverse-engineering managed to unravel the malware, the company argues that Office 365 Advanced Threat Protection (ATP) is now more resistant to sandbox detection, while Windows Defender Advanced Threat Protection (ATP) anti-malware has improved detections for it.

Read more about how Microsoft has dismantled the government-grade FinFisher spyware to improve Windows and Office 365 defenses on ZDNet.

What is an intrusion detection system (IDS)? A valued capability with serious management challenges

An intrusion detection system, or IDS, monitors traffic moving on networks and through systems to search for suspicious activity and known threats, sending up alerts when it finds such items. Enterprise IT departments deploy intrusion detection systems to gain visibility into potentially malicious activities happening within their technology environments. Each IDS is programmed to analyze traffic and identify patterns in that traffic that may indicate a cyberattack of various sorts.

An IDS can identify “traffic that could be considered universally malicious or noteworthy,” explained Judy Novak, a senior instructor with the cybersecurity training institute SANS and author of SANS SEC503: Intrusion Detection In-Depth, such as a phishing attack link that downloads malicious software. Additionally, an IDS can detect traffic that’s problematic to specific software; so it would alert IT if it detects a known attack against the Firefox browsers in use at a company (but should not alert if the company uses a different browser).

Read more about what IDS as a function is and why this longtime corporate cybersecurity staple remains critical in the modern enterprise, but maybe not as a standalone solution, on CSO.

Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs

A day after Microsoft announced it will be adding Windows Defender ATP down-level support for older OSes comes the news that its Windows Analytics service is getting new capabilities aimed at helping businesses tackle Meltdown and Spectre vulnerabilities on machines in their fleet.

Windows Analytics is a free telemetry analysis tool for business administrators. It is meant for guiding organizations through upgrading to and staying current on Windows 10 by providing actionable insights into device performance, reliability, and health. This latest update, though, is primarily geared towards making administrators’ job easier when it comes to mitigating and removing the risk of Meltdown and Spectre attacks.

As you probably know by now, plugging those holes currently requires a CPU microcode (firmware) update, an OS update, and the installed anti-virus software being compatible with the latest Windows updates.

Read more about how Microsoft is boosting Windows Analytics to help organizations deal with the Meltdown and Spectre bugs on Help Net Security.