Sean Kalinich

Has the glut of IoT devices given the game to the Bad Guys?
Published in Editorials

For a while now (many years actually) I have argued that the rush to turn everything into a techno-gadget has been irresponsible and dangerous. However, companies that are looking into the “Internet of things” simply do not care. They see dollar signs and revenue streams in adding services to their devices that were a one-time purchase before. Because of this they are blindly rushing products to market that are open to attack on a massive scale. Consumers who are ignorant to these flaws are buying them up at a rapid pace leaving themselves exposed to data theft and worse.

AMD looking to HBM2 for their Artic Islands GPUs
Published in News

Although much of the press surrounding AMD at the moment is focused on their lackluster earnings for Q2, there is some potentially good news from them. AMD’s dive into the use of High Bandwidth Memory is going to continue with their next GPU line up. According to the information available the next generation of GPUs will be code named Artic Islands and should be manufactures on a 16nm FinFET process.

The Hacking Team used UEFI Rootkits for Persistent Malware
Published in News

Last year during DEF CON 22 we saw a demonstration of a UEFI root kit that was extremely worrying. This root kit was installed using a multipart systems to infect the UEFI BIOS in such a way as to grant the same level of access to an attacker as the CPU has (Ring 0). It was an almost unprecedented style of attack. When we reported on this many seemed to feel that it was not an issue. Now researchers are finding evidence of this same type of attack in the data lifted from the Hacking Team.

New Trustwave Security Intelligence Dashboard Bolsters Enterprise Visibility into Threats and Vulnerabilities

Enhancements to the TrustKeeper Managed Security Services Portal Benefits Everyone from the CISO to Local IT Managers across Distributed Enterprises

CHICAGO – July 9, 2015 – Trustwave® today announced a major enhancement to the company’s managed security services portal designed to give distributed, complex enterprises more actionable threat intelligence so they can better detect and protect themselves from security incidents, vulnerabilities and data breaches.

Available as part of the Trustwave TrustKeeper® managed security services portal, Trustwave Enterprise View brings order to the multitude of data inputs that make up today’s modern security reality. It gives security teams better visibility into areas not normally covered by security information and event management (SIEM) solutions. With Trustwave Enterprise View, everyone from the CISO to the local IT manager in an organization benefits from customized views designed specifically for their role in the organization. Roles include:

  • Chief Information Security Officers (CISOs) -- CISOs need a broad view of the overall organization to be able to report on vulnerability scanning and remediation. With Enterprise View, CISOs can now view vulnerability scan results as well as the historical trend of vulnerability remediation. It also allows CISOs to drill down in greater detail on specific business locations or vulnerabilities.
  • Regional Information Technology Teams – At the regional level, understanding how each region is doing and the ability to focus on individual regions is critical. A Regional Director can use Enterprise View to measure new regions as they come online, and identify whether they are meeting corporate security and performance metrics.
  • Local Information Technology (IT) Teams – Local IT managers, who can have hundreds of devices to manage, now have visibility into device scan status so they can ensure identified vulnerabilities are remediated as soon as possible. Enterprise View allows local IT managers to easily maintain visibility into all tickets relevant to their piece of the larger organization, track their progress and manage the overall volume against corporate security metrics.

“With Enterprise View, Trustwave offers increased visibility to help enterprises address their security challenges across their distributed organization whether it’s around the block or around the world,” said John Amaral, senior vice president of Product Management at Trustwave. “Contextualized visibility into areas like support tickets and their response and resolution time, overall device availability, recent vulnerability scan results, and many more security-critical metrics are just the beginning of what makes Trustwave Enterprise View an indispensable part of an organization’s security infrastructure.”

With more than 25 data sources to choose from, seven different overview panels, and distinct views into devices, incidents and data sources, Trustwave Enterprise View allows for the creation of the customized security business intelligence dashboards each role requires. With data that maps to organizational hierarchies, staff can see exactly what they need and drill down to the details. Hierarchies relate to information across the organization and multiple security applications – facilitating more rapid decision making. Access can be limited to specific locations within the Enterprise View hierarchy, so that IT pros can focus on their areas of control. From CISOs to local IT managers, Trustwave Enterprise View provides the visibility required to stay ahead of today’s security challenges.

Trustwave TrustKeeper is more than just an intuitive, easy-to-use portal that offers unique visibility into and control of information security. Behind the scenes, TrustKeeper is Trustwave’s cloud-based gateway to a powerful technology platform that unifies the company’s on demand threat, vulnerability and compliance management services.

Learn more about Trustwave TrustKeeper managed security services portal, including the new Enterprise View application, at: https://www.trustwave.com/Services/Managed-Security/Trustkeeper/.

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

Follow Trustwave on Twitter at www.twitter.com/Trustwave, on LinkedIn at www.linkedin.com/companies/Trustwave, and on Facebook at www.facebook.com/Trustwave. All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

After multiple 0-days, many call for Flash to go away
Published in News

After three spate 0-day vulnerabilities are found in your product you can pretty much expect the market to call for you go away. This is the situation that Adobe is in right now. After fighting to their little slice of dominance in the computing industry Adobe’s Flash is arguably one of the most commonly used APIs to rendering rich content. This has made them a rather large target for a number of years… well this and the fact that the Flash development team has made some rather poor choices when it comes to their application.

New Flaw found in Flash Player, yes another one.
Published in News

Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.

Hacking Team's Spyware source code released to the wild after Hack
Published in News

The Italian Security firm Hacking Team is now admitting that their spying software is potentially in the hands of bad guys. After a hack that saw roughly 400GB of company information liberated from their systems they have been monitoring what is being released online. They have now concluded that there is sufficient source code for their monitoring applications to allow someone to mount the same style surveillance that they were providing to their clients.

Cross-Site Scripting Flaw found in US ID Protection Company LifeLock's site
Published in News

Irony is one of those things that is not appreciated by security guys. They do not find humor in it nor do they enjoy it when someone points an ironic situation involving them out. This has to be the case for the privacy company LifeLock. A pair of security researchers (Eric Taylor and Blake Welsh) have found an interesting feature in LifeLock’s web site. The flaw allows for a cross-site scripting attack to be used to do a fair amount of damage including injecting malware.

Search results begin on page 2, Google is accused of skewing search results again
Published in News

When you use a search engine like Yahoo or Google you expect to get relevant results for your efforts.  In many cases this does really happen, but often times we enter what we are looking for and find very little that relates to the actual search. One of the reasons for this is (and has been for a long time) the ability of search providers to artificially alter the search results through internal ranking systems.  Google and Yahoo both have done this in the past and in some cases with good reason.

Cisco SSH key bug in virtual security appliances leads to some questions
Published in News

Cisco has acknowledged (and released patches for) a fairly serious security bug in three of their virtual appliances that, oddly enough, are related to security. The three products in question are the Cisco Web Security Virtual Appliance, the Email Security Virtual Appliance and the Security Management Virtual Appliance. These three devices all share a default preinstalled SSH encryption key. This meddlesome little fact means that it is very simple to get into an SSH session because you can grab the key off of another copy of the product. We are pretty sure that the default keys are already floating around on the internet somewhere as well.