Tag Archive for: Problems

Can Zero-Knowledge Cryptography Solve Our Password Problems?

/in


While multifactor authentication, single-sign-on infrastructure, and stronger password requirements have improved the security of most enterprise identity and access management (IAM) environments, the longevity of passwords continues to pose problems for businesses, especially in granting temporary access to contractors and third-party partners.

A variety of vendors are trying to solve this problem. Last week, for example, data-security firm Keeper Security announced one-time shared passwords that allow companies to grant third-party partners temporary access to data and resources without adding them to the company’s overall IT environment. The approach allows specific types of documents to be shared to a single user device, automatically removing access when the time expires.

The business case is all about securing access granted to contractors, says Craig Lurey, chief technology officer and co-founder of Keeper Security.

“We get asked constantly to allow short term, temporary access to third parties without requiring them to onboard as a licensed user,” he says. “With this new feature, there is not 20 steps anymore. It is just instant, but preserving that encryption, simplifying the secure-sharing process, and eliminating the need to send private information over text messages.”

Credential Theft Is Big Business

Supply chain breaches, stolen credentials, and the proliferation of software keys and secrets continue to undermine IT and data security. In March, secrets-detection firm GitGuardian found that developers leaked 50% more credentials, access tokens, and API keys in 2021, compared to 2020. Overall, 3 out of every 1,000 commits exposed a sensitive password, key, or credential, the company said at the time.

Failing to protect software secrets, user passwords, and machine credentials can lead to compromises of application infrastructure and development environments. Attackers have increasingly targeted identities and credentials as a way to gain initial access to corporate networks. Last week, for example, software security firm Sonatype discovered that at least five malicious Python packages attempt to exfiltrate secrets and environment variables for Amazon environments.

“It…

Source…

The Works hit by hackers, UK retailer shuts some stores after problems with payment tills

/in


UK high street retailer The Works has shut some of its stores following a “cyber security incident” which saw hackers gain unauthorised access to its systems.

According to a statement issued by the firm, which has over 500 stores across the country selling a range of cut-price books, art and craft materials, gifts, and stationery, the attack has caused issues with payment tills which have forced the closure of some stores:

There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues. Replenishment deliveries to the Group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.

While customers are experiencing longer delivery times for online orders, some stores are reported to only be accepting cash.

According to the retailer, customers have not had their payment card details exposed as a result of the security breach:

“All debit and credit card payment data are processed securely outside the group’s systems, via accredited third-party networks, and, therefore, there is no risk that this payment data has been accessed improperly.”

The Works says that it was “alerted to the incident by the operation of its security firewall,” and has disabled all internal and external access to its systems – including email – while it investigates the hack with an external team of cybersecurity experts.

In its statement, The Works has not confirmed that it suffered a ransomware attack and there is no indication that it has received a demand for cash from its attackers.

However, some media outlets are claiming that sources close to the incident are saying that computer systems were hit with ransomware after an employee fell victim to a malicious email.

The Works says that it has “made some immediate protective changes to further strengthen its security position,” and has informed the Information Commissioner’s Office (ICO) in case any customer data might have been exposed by the breach.

Source…

Ransomware Report Points to Leadership Problems

/in


By the looks of things, phishing and ransomware are here to stay. There was a time when a wannabe hacker needed moderate coding and hacking skills, but today’s cybercriminals can use a credit card to purchase ready-made phishing and ransomware kits from the dark web. 

A recent report, “Fighting Phishing: The IT Leader’s View,” published by security software firm Egress, confirmed that phishing and ransomware are causing a revolving door of break-ins and breaches for businesses. Yet, there continues to be a disconnect about the prioritization of cybersecurity at the board of directors level, the report found. The report surveyed 500 U.S. and UK IT leaders from businesses that ranged from medium to enterprise sizes.

Related: Walmart Security Chief Criticizes Data Breach Prevention Strategies

“In addition to the disconnect at the board level, the one [report] stat that jumped out to us was the fact that 84% of surveyed organizations have suffered a phishing attack in the past 12 months,” said Jack Chapman, Egress vice president of threat research.

“That is a staggering number with all the discussions about cybersecurity that have gone on around the world this past year,” Chapman added. He noted that the large number of phishing victims suggests that threats are becoming more sophisticated and targeted.

For the organizations affected by phishing attacks, there was a relatively even split between two key tactics attackers used to deploy malware: people clicking malicious links (52%) and people opening malicious attachments (45%).

Watch this video to learn about ransomware prevention tactics and more.

The Effectiveness of Security Awareness Training

Security awareness training for employees does not appear to diminish the amount of phishing exposure. “The research found that 98% of organizations have delivered security awareness training to employees,” Chapman said. “Clearly, security awareness training alone is not enough to protect employees from phishing.”

Forty-five percent of surveyed IT leaders said their organizations change their…

Source…

Hacking For Defense planners look to expand beyond military problems

/in


For the last five years, Army veteran Alex Gallo and the Common Mission Project have been partnering with military officials to use teams of college students in solving a host of equipment and personnel challenges at the Defense Department.

Now the team wants to expand that idea to the rest of the world’s problems too.

“We’re doing programs on hacking for the oceans and the environment and hacking for climate and sustainability at five different universities already,” said Gallo, co-founder and executive director of CMP. “In society today, we solve too many problems in silos. This is a way to bring different groups together in a constructive problem solving process.”

The group’s Hacking For Defense program has drawn headlines in recent years for its unusual approach to Pentagon problems, with programs at more than 50 college campuses, including England.

RELATED
Purple Heart medals are seen at an Aug. 30, 2011, ceremony at Fort Campbell, Ky.

Teams of college students — would-be engineers, computer scientists, public policy specialists and more — work together for a semester on an issue presented by military partners, with the goal of finding outside-the-box solutions.

Recent topics tackled with help from the the National Security Innovation Network include developing anti-drone technology for special forces vehicles, improving portable batteries for personal battlefield use, and improving mental health support for military specialists facing higher rates of suicide.

Gallo, who served as an Army officer in Iraq, said the value of having individuals outside the military evaluate and propose answers to those problems is they aren’t limited by military preconceptions about what the solutions should be

“When we arrived in Kuwait before entering into Iraq, we got a lot of cool equipment,” he said. “And our soldiers tried it out in the desert. And when we went into Iraq, that stuff stayed in storage for an entire year.

“It was all solutions in search of problems. We had a ton of problems in Iraq that year, but none of what they gave us solved our problems.”

Students in the course (more than 500 have gone through the program so far) meet with front-line troops as well as military planners and leaders throughout the semester, to better understand…

Source…