Newsletter |
|||||||
April 26th, 2017 | |||||||
File Integrity Monitoring: Your Last Line of Defense in Achieving PCI DSS Compliance |
|||||||
|
|||||||
The Top Ten of audit trail & Event Log MonitoringEvent Log, Audit Log and Syslog messages have always been a good source of troubleshooting and diagnostic information, but the need to back up audit trail files to a centralized log server is now a mandatory component of many governance standards.
|
NNT F.A.S.T Cloud Intelligence: now backed with over 4 billion file reputation scoresNew Net Technologies (NNT), today’s leader in Intelligent Change Control, has released a substantial update to their IT security suite: Release 2.0 of the NNT F.A.S.T (File-Approved Safe Technology) Cloud.
Continue Reading the Latest Press Release Cyber attack sets off 156 emergency alarms in Dallas
A cyber attack left the city of Dallas with a serious headache after setting off all emergency sirens in the city for around 90 minutes last Friday night.
|
Quarterly Update: F.A.S.T Cloud Integration from NNT CEO & CTOFile Integrity Monitoring is essential to ensure the integrity of your security IT systems. Reporting these changes can be a headache though- how do you differentiate between 'good', planned changes, and 'bad', possibly malicious activity? The solution is to leverage Cloud-Based Threat Intelligence and automatically authorize file changes as they are detected using the world’s largest authoritative file whitelist. And now you can do just that, using the NNT FAST Cloud (File Approved-Safe Technology). IHG Suffers Major Card BreachIntercontinental Hotel Group (IHG) has had a reveal yet another data breach of its customer’s credit and debit card information dating back to late 2016.
|
|||||
An Introduction to the Compliance Audit- IT Processes & Configuration SettingsIf you haven’t yet been asked ‘The auditors want us to...’ or ‘The auditor suggested...’ or ‘...wants to know how we...’ the likelihood is, you will be soon!
|
|||||||
|
Newsletter |
|||||||
May 31st, 2017 | |||||||
WannaCry Ransomware Didn't Start with Phishing Attack |
|||||||
The WannaCry Ransomware campaign that struck users globally early last week has been thought to have started with malware-infected phishing emails, but according to Malwarebytes, that’s not the case. Malwarebytes claims that instead of starting via phishing email, the ransomware campaign was instead initiated by scanning for vulnerable SMB ports exposed to the public internet. Hackers then used the NSA’s EternalBlue exploit to gain access to the target network and deployed the DoublePulsar backdoor to gain persistence, allowing for the installation of additional malware, like WannaCry. |
|||||||
Google Phishing attack targeted permissions & credentialsA brief phishing attack targeting Google Gmail and Google Docs users struck yesterday impacting an unknown number of individuals. The attack was quickly mitigated by Google and lasted for roughly 2 hours, with the meat of it all taking place during a 15 minute period around 3 pm on May 3. Google claims that so far nothing malicious has been done with the stolen credentials, but expect to hear more. |
Derive, report & Track drift from an approved system image baseline using gen7Understanding what the correct baseline configuration is for your IT system components is a keystone of security best practice. Compliance mandates, in particular, NERC CIP, require baselines of installed software, updates, and open ports to be captured and reported against. Functional Requirements (Which applications do this system support? Which software packages does it need? What does the filesystem structure look like? What are the configuration settings needed for it to deliver its services?) and it's: Security Posture (What is the hardened build for this system? What are the minimum services, ports, and functions required, and what can we disable as a result? What are the configuration settings needed to mitigate vulnerabilities known to affect this device?) Continue reading this Top Tip & Trick Hackers expose 17 million zomato user credentials on the Dark webAround 17 million users of the popular restaurant search platform Zomato have had their login credentials stolen by hackers and put on the dark web to be sold to criminals. Zomato’s CTO, Gunjan Patidar, claims that User IDS, Names, Usernames, Email Addresses, and Password hashes with salt are among the information stolen in the breach. All passwords were reset and users were required to log back into the platform following the event. |
Quarterly Update: F.A.S.T Cloud Integration from NNT CEO & CTOFile Integrity Monitoring is essential to ensure the integrity of your security IT systems. Reporting these changes can be a headache though- how do you differentiate between 'good', planned changes, and 'bad', possibly malicious activity? The solution is to leverage Cloud-Based Threat Intelligence and automatically authorize file changes as they are detected using the world’s largest authoritative file whitelist. And now you can do just that, using the NNT FAST Cloud (File Approved-Safe Technology). Payment service provider passes PCI audit with Gen7As a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data. |
|||||
Implementing layered security to protect against modern malwareThreats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2017 is far more diverse and dangerous than ever before. |
|||||||
|
Newsletter |
|||||||
July 31st, 2018 | |||||||
Introducing NNT Member Download Area 2.0An area of the NNT site has now been re-worked to make for a more pleasant user experience! Ease of use was our goal and we believe we have achieved this by splitting the area into three different sections and incorporating simple but informative buttons to help you quickly identify what it is that you are looking for. The three sections are as follows: NNT Change Tracker Generation 7, NNT Log Tracker Enterprise, and Archive. |
|||||||
supply chain attacks pose increased threat to securityThe U.S. National Counter Intelligence and Security Center’s Foreign Economic Espionage in Cyberspace report released last week highlights the increased threat that software supply chain attacks pose to our critical infrastructure sector. |
Change Tracker's ITSM IntegrationThe clue is in the name, Change Tracker detects changes in an organization’s infrastructure. But so what? Why is that a useful thing to do? How am I benefitting from knowing what has been altered within my environment? The terrifying answer? To detect malicious activity. The slightly more mundane answer? To identify a best intention change that, nevertheless, has impacted infrastructure operations. Here at NNT, we are advocates of change. Change is essential to keep environments up-to-date and applications running smoothly and with as few vulnerabilities as possible. The key to change, the utopia, the Holy Grail if you will, is to provide some context to the change activity, the why did this change question. NNT Change Tracker has a number of approaches to provide the answers. Shipping giant Cosco hit by ransomware attack Chinese shipping giant COSCO suffered a suspected ransomware attack on Tuesday, July 24, causing a breakdown of its networks and systems in its North American Operations and slowing electronic communications. |
Data Breach reports quadruple under gdprThe amount of data breaches reported to the UK’s Information Commissioner’s Office has nearly quadrupled since the recent enforcement of the General Data Protection Regulation (GDPR). BEC SCAMS costing orgs over $12 billionAccording to an alert published by the FBI last week, the losses and potential losses reported as a result of business email compromise (BEC) and email account compromise (EAC) scams is over $12 billion globally.
|
|||||
nice quotes, but I wouldn't take cybersecurity advice from alphonse karrDespite the accepted wisdom of the often-used quotation from Alphonse Karr ‘The more things change, the more they stay the same’, Alphonse obviously didn’t know much about cybersecurity.
|
|||||||
|
Newsletter |
|||||||
August 29th, 2018 | |||||||
On-Demand Webinar Now Available!Is your organization struggling to find the most resource-effective way to manage the increased demand for compliance and security? Do you have multiple compliance requirements and don't understand where they overlap and which ones to start with? Or is it that you are simply overwhelmed by the descriptive nature of compliance and need help with prescriptive guidance that prioritizes the requirements?
|
|||||||
Is Patching a double-edged sword?Sometimes you can’t win. Patching, and the right time and process for doing so, is very much a case in point. |
Hackers steal $14M from Cosmos Bank ATM AttackCyber thieves managed to walk away with $13.5 million (944 million rupees) from India’s Cosmos Bank after making illegal withdrawals at ATMs across 28 countries over the past weekend. |
NIST Small business cybersecurity act signed into lawThe NIST Small Business Cybersecurity Act introduced by U.S. Rep. Dan Webster in March 2017 was signed into law by President Donald Trump on Tuesday to help small businesses effectively manage cybersecurity. |
|||||
understanding the basic cis controls: CSC 1-6As data breaches continue to increase in severity and scale, more than ever organizations need to ensure they have the basic security controls in place to keep their data safe from attack. |
Cheddars scratch kitchen breach hits 500K customersThe payment card information belonging to over half a million Cheddar’s Scratch Kitchen customers has been compromised after an unauthorized intrusion was spotted by a third party. |
Leading U.S. healthcare provider hit by phishing attackOne of the leading U.S. healthcare organizations (HCO) has revealed that a phishing attack in September 2017 may have led to the compromise of highly sensitive data belonging to nearly half a million patients. |
|||||
|
Newsletter |
||||||||
September 27th, 2018 | ||||||||
Register Now for Our Upcoming Webinar with the Center for Internet Security!In the first of a series of webinars delivered by the Center for Internet Security (CIS) and NNT, we will be highlighting the benefits of combining security and operations to achieve common IT goals in our unique SecureOps™ strategy.
Register now and get a free copy of the new SANS Security Leadership Poster and a fully-functional extended trial of NNT Change Tracker Gen7 to see how easily you can embrace SecureOps™ in your environment. |
||||||||
U.S. State Department Failing to Address IT Security BasicsIn a letter sent to Secretary of State Mike Pompeo, a bipartisan group of five United States senators is criticizing the State Department for failing to address basic cybersecurity standards. |
equifax update: hackers made 9K unauthorized database queriesThe latest report from the U.S. Government Accountability Office (GAO) claims it took Equifax 76 days to detect the massive 2017 data breach, despite hackers having made over 9,000 unauthorized queries on its databases. |
bristol airport hit by ransomware attackThe Bristol Airport in the UK suffered widespread outages for past two days after being hit by a ransomware attack on Friday.
|
||||||
cybercriminals outspend organizations in uphill cyber security battleThe latest research from Carbon Black claims that the cyber-criminal community spends over $1T per year on developing new attack methods, compared to the $96B spent by organizations per year to protect themselves from attacks. |
Secure controls framework now available with NNT The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels. |
U.S.Government payment provider exposes 14M recordsA popular platform used to make payments to U.S. government entities has leaked 14 million customer receipts through a website error. |
||||||
|
Newsletter |
||||||||
October 31st, 2018 | ||||||||
For an introduction to the newly released Gen7R2, save your spot for the webinar and join Mark Kerrison, Chief Executive Officer of New Net Technologies and Mark Kedgley, Chief Technology Officer of New Net Technologies, in an interactive webinar as they showcase the all-new Change Tracker Gen7R2 Key highlights:
|
||||||||
watch the CIS & nnt webinar on-demandHear from Tony Sager, Vice President and Chief Evangelist for the Center for Internet Security (CIS) and Founder of the Secure Controls Framework and Mark Kedgley, Chief Technology Officer and Co-Founder of NNT in our latest webinar - SecureOps™: Driving Unprecedented Security and Operational Results, and learn:
|
an essential guide to the CIS ControlsThe vast array of compliance and security mandates out there can leave many organizations confused on where to even start, but NNT believes the best place to start is with the CIS Controls. Published by the Center for Internet Security (CIS), these controls help organizations defend against known attacks by condensing key security concepts into actionable controls to achieve better overall cybersecurity defense. |
google shutting down Google+ following privacy vulnerabilityGoogle is shutting down its Google+ social network following the disclosure of a software glitch within Google+ that resulted in the exposure of personal-profile data belonging to hundreds of thousands of Google+ users. |
||||||
Number of stolen credentials skyrockets 141% in North AmericaThe latest research from Blueliv has found that the number of compromised credentials detected in North American botnets grew 141% from the last quarter. |
Secure controls framework now available with NNT The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels. |
UK Unveils world first iot code of practiceThe UK government recently released a new Code of Practice (CoP) intended to drive security-by-design in the manufacture of IoT products. The new CoP is designed to improve baseline security in the sector and ensure small devices that process personal data are aligned with the GDPR. Regulations for improving the security of consumer-grade IoT products are also in the works. |
||||||
|
Newsletter |
||||||
June 28th, 2017 | ||||||
The Problem with Running Outdated Software |
||||||
Given the latest WannaCryRansomware epidemic, which infected more than 230,000 users in over 150 countries, it’s vitally important that organizations fully understand the risks associated with using out-of-date systems and software. Change can sometimes be unnerving. It requires a bit of adjusting and is often times considered best avoided, especially when it comes to upgrading functioning production software. There is an understandable resistance to upgrading software where the version in use is familiar, well understood and from a functionality standpoint, isn’t actually broken. Unfortunately, the same software is well known to hackers. They’ve had plenty of time to get well accustomed with software that’s been around for years. |
||||||
Onelogin reports unauthorized access issueIdentity and access management software vendor OneLogin has reportedly suffered a security incident involving unauthorized access to customer data. According to the company’s CISO Alvaro Hoyos, it ‘detected unauthorized access to OneLogin data in our US data region’ yesterday, subsequently blocked the unauthorized access, reported the security incident to law enforcement, and are working with an IT Security firm now to determine how the unauthorized access happened. |
NNT Recommended Change Control ProgramControlling changes is one of the biggest challenges facing our customers. The size of task, process, and coordination of effort often means that changes continue to occur outside of any planned change approvals and the IT team is unable to prevent this from continuing. The solution? NNT’s Managed Change Control Program. Learn More about the NNT Change Control Program Industroyer malware said to be linked to Kiev attackA new kind of malware with the ability to take down an entire city’s electrical and power grid has been detected. The malware was identified after an attack on the Kiev power grid in 2016, leaving the northern part of the capital without electricity. Researchers at ESET found that the malware is capable of controlling electricity substation switches and circuit breakers directly through the use of industrial communication protocols. Industroyer uses protocols in a common fashion, and its core component is a backdoor that attackers use to install and control the components. The malware then connects to a remote server in order to receive commands and reports back to the attackers. |
Eternalblue exploit used in Wannacry ransomware attackThe leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017. This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
Honda forced to shut down plant after wannacry infects networkAs a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data. |
||||
Cloud services falling behind in GDPR MigrationResearchers at Netskope have found that the majority of cloud services being used by global firms today currently do not meet the stringent standards for the EU General Data Protection Regulation (GDPR) compliance standard. The vendor based its findings on an analysis of 23,000 cloud service by its Netskope Active Platform which is used by hundreds of customers and millions of end users globally, between January and March 2017. They found that 67% of services reviewed did not specify that the customer owns the data in the terms of service, 90% did not support encryption of data at rest, and 41% replicated data in geographically dispersed data centers. |
||||||
|
Newsletter |
|||||||
July 27th, 2017 | |||||||
Server Hardening Policy- Examples & Tips |
|||||||
Every organization should have a hardened Windows build standard, a hardened Linux build standard, a hardened SQL Server / Oracle database build standard, a hardened firewall standard etc. However, determining what is an appropriate server hardening policy for your environment will require detailed research of hardening checklists and then an understanding of how this should be applied to your operating systems and applications.
|
|||||||
Botnet turns active directory domain controllers to c2 serversResearchers at the Australian security company, Threat Intelligence Pty Ltd., have created a possibly devastating botnet that exploits infected victims Active Directory Domain Controllers, resulting in internally hosted command and control servers. Active Directory is a Microsoft directory service for Windows that domain networks & stores information on network components, automates network management of user data, and authenticates and authorizes users while enforcing security policies. The attack method can use the AD as a central connecting point for any infected node or endpoint in the system, allowing the attacker to enable two-way communication with each other even when segmented into separate security zones. |
Cinema Chain Suffers Possible 2 year POS BreachThe Missouri-based cinema chain, B&B Theaters, is under investigation for a possible two-year breach of credit card credentials following a tip-off from a banking partner. UK Government to Invest 21 Million in NHS Cybersecurity The UK government has announced they will invest £21 million to beef up cybersecurity within the UK’s National Health Service (NHS). This news comes in the wake of the recent WannaCry ransomware attack that hit the NHS, locking staff out of their computers and leaving patients without the care they need.
|
Eternalblue exploit used in Wannacry ransomware attackThe leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017. This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
The problem with running outdated software
|
|||||
2.2 Million Dow Jones Customers Impacted by exposed dataDow Jones & Company has accidentally leaked the personal details and financial information of at least 2.2 million of its customers, but security experts believe this number is said to increase.
The leak was revealed on May 30 and the database was secured by June 6, however, Dow Jones made little to no effort to notify customers of the incident, aside from an article published in the Journal on July 16 covering the leak. |
|||||||
|
Newsletter |
|||||||
August 30th, 2017 | |||||||
NotPetya Attack Costing Organizations Millions in Losses |
|||||||
Some of the largest organizations around the world are reporting hundreds of millions of dollars in losses due to the NotPetya cyber-attack that occurred in late June. The NotPetya malware outbreak impacted tens of thousands of victims across 65 different countries, targeting massive organizations like the Ukraine’s central bank, WPP, DLA Piper, and AP Moller-Maersk. While it was originally believed NotPetya was a piece of ransomware, further research found that it’s actually a wiper and it’s unlikely that if a ransom is paid that files are recovered. |
|||||||
US Senators Introduce IoT security billFour U.S. Senators have introduced a bipartisan bill aimed at improving the baseline security for all Internet of Things (IoT) devices bought and used by the U.S. government. |
Study finds orgs doing little to protect against insider threatsIt's no security that insider threats pose a huge risk to organizations globally, but studies show that very little is being done to protect against this threat.
Ransomware identical to WannaCry was spotted on LG self-service kiosks in South Korea this week, leaving many to believe organizations may not have taken the WannaCry threat as seriously as they should have. The LG service center kiosks were hit on Monday morning, with the state-run Korea Internet & Security Agency (KISA) investigating the infection further. While they claim they found samples of malicious code identical to that found in the WannaCry ransomware attack, further investigation is needed to confirm the exact cause. |
Auto approve file changes using NNT FAST CloudThose of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur. UK Retail breaches double in the last year
Between 2015 and 2016, 19 breaches were reported to the information security watchdog, the Information Commissioner’s Office (ICO). However, between 2016 and 2017 that number climbed to 38 data breaches. |
|||||
NNT managed servicesNNT Managed Services are designed to help our customers get even more value from their NNT software & better protect them from security related issues. This service aims to ensure the continuous optimization of the features and functionality within NNT Change Tracker and Log Tracker. |
|||||||
|
Newsletter |
|||||||
September 27th, 2017 | |||||||
Register Today for NNT's Upcoming WebinarHalloween is almost here: the time where we share scary stories knowing they're confined to storybooks and movie screens, but unfortunately, there are some IT horror stories that are all too real: the scariest being ransomware. Under no circumstance should you give in to fear and pay the ransom demanded by a hacker. Instead, learn from our assembled team of experts what you can do right now to remove the main risks of infection and sleep better at night. Hear from NNT CTO and CEO as they discuss:
NNT will provide a FREE node of Change Tracker Gen7 for all attendees. This offer is limited to end user prospects ONLY. NNT reserves the right to restrict license access to vendors and competitors. |
|||||||
Equifax Ignored Patch Two Months Prior to HackNew reports have found that hackers were able to exploit a security vulnerability at Equifax 2 months after an industry group discovered the coding flaw and offered a solution for it, leaving many to wonder why Equifax didn’t upgrade its software correctly when the flaw was originally found. The Equifax hack is one of the largest breaches of consumer private financial data in history- 143 million consumers and access to the credit card data of 209,000 consumers. Information potentially accessed by hackers in ludes Social Security numbers, Dates of Birth, and Full Names, putting millions of people at risk of identity theft. |
|||||||
CCleaner server compromised AT beginning of julyAnti-virus company, Avast, has found that a server distributing a version of PC utility CCleaner infected with malware may have been compromised in early July. Two versions of the commonly used Windows maintenance tool were altered to distribute information-stealing malware, with over 2 million users said to be impacted. Those modified versions include 32-bit CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191. The infection binary was released on August 15 and went undetected for over four weeks. |
Fedex reports $300M in losses due to notpetya attackU.S. Shipping giant FedEx has joined the list of well-known brands that have lost hundreds of millions of dollars after their IT systems were infected with NotPetya ransomware back in June. FedEx latest earnings call claims it would be down $300 million following the ransomware outbreak that impacted tens of thousands of victims across 65 different countries. The company claims that its subsidiary, TNT, bore the brunt of the attack.
According to Gemalto, close to two billion records were stolen or lost during the first half of 2017, more than that of all of 2016. These findings were released in the security firm's latest Breach Level Index which represents a global database of public data breach incidents. 918 security incidents were recorded during the first six months of 2017, amounting to 1.9 billion compromised records. This number has increased significantly since last year's 1.4 billion compromised records. That number is expected to grow substantially over the next several months. |
Auto approve file changes using NNT FAST CloudThose of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur. Nearly 75% of security incidents originate inside the extended enterpriseNew research from Clearswift reveals the vast majority of security incidents originate from within the extended enterprise and not as a result of a hacking group. After surveying 600 senior business decision makers and 1,200 employees across the US, UK, Germany, and Australia, Clearswift found that 42% of IT Security incidents occurred due to the actions of employees, whilst 74% originate from the extended networks of workers, customers & suppliers. That’s compared to the 26% of attacks that came from parties unknown to the organization. |
|||||
DHS notifies states affected by Russia election hackThe U.S. Department of Homeland Security (DHS) has notified the states whose systems were targeted by hackers before last years’ 2016 presidential election. DHS officials expressed concerns to the Senate Intelligence Committee in June that a threat group assumed to be working for the Russian government targeted websites and other voting systems in 21 states. It was originally believed that a very small number of networks were breached, and while no evidence was found tampering with vote tallies, many officials agreed that Russian had at least tried to influence the 2016 election outcome. |
|||||||
|