Newsletter

File Integrity Monitoring: Your Last Line of Defense in Achieving PCI DSS Compliance 

Has there ever been a more confusion-generating initiative than the PCI DSS? Even now, thirteen years on from its initial introduction, a clear and definitive understanding of what your organization needs to do may still be a challenge.This article focuses on one dimension of the security standard that is often the last one to consider and tackle - File Integrity Monitoring.

Read more here 

The Top Ten of audit trail & Event Log Monitoring

Event Log, Audit Log and Syslog messages have always been a good source of troubleshooting and diagnostic information, but the need to back up audit trail files to a centralized log server is now a mandatory component of many governance standards.

Contemporary, SIEM solutions need to be:1. Flexible enough to cater to all devices, operating systems, platforms, databases, and applications, 2. Sufficiently scalable to cope with thousands of devices generating millions of events, and 3. Intelligent, correlating events and identifying true security incidents only so resources can focus on genuine threats and attacks
 

Read more »

NNT F.A.S.T Cloud Intelligence: now backed with over 4 billion file reputation scores

New Net Technologies (NNT), today’s leader in Intelligent Change Control, has released a substantial update to their IT security suite: Release 2.0 of the NNT F.A.S.T (File-Approved Safe Technology) Cloud.

The NNT F.A.S.T Cloud leverages Cloud-Based Threat Intelligence and automatically authorizes file changes as they are detected using the world’s largest authoritative file whitelist. With over 4 Billion file reputation whitelist data behind it, the built-in knowledge of ‘safe’ files is comprehensive, meaning that change noise is muted to expose the remaining minority of genuinely suspicious unrecognized files.

Continue Reading the Latest Press Release 

Cyber attack sets off 156 emergency alarms in Dallas

A cyber attack left the city of Dallas with a serious headache after setting off all emergency sirens in the city for around 90 minutes last Friday night.

Reports claim that the attack triggered 156 emergency sirens around the city that are generally used for weather-related incidents like tornadoes. The alarms struck around 11:42 pm CDT and rang till 1:17 am on Saturday morning until engineers manually shut down the sirens’ radio system and repeaters.

This attack is among the largest to impact emergency sirens, an attack that many believe could have been avoided without failed safety mechanisms in place. 

Read more  

Quarterly Update: F.A.S.T Cloud Integration from NNT CEO & CTO

File Integrity Monitoring is essential to ensure the integrity of your security IT systems. Reporting these changes can be a headache though- how do you differentiate between 'good', planned changes, and 'bad', possibly malicious activity? The solution is to leverage Cloud-Based Threat Intelligence and automatically authorize file changes as they are detected using the world’s largest authoritative file whitelist. And now you can do just that, using the NNT FAST Cloud (File Approved-Safe Technology).

Watch NNT's recorded Quarterly Update, presented by NNT CTO, Mark Kedgley, and NNT CEO, Mark Kerrison as they provide a detailed technical overview of our latest feature, the F.A.S.T Cloud.

Watch the Quarterly Update Recording

IHG Suffers Major Card Breach

Intercontinental Hotel Group (IHG) has had a reveal yet another data breach of its customer’s credit and debit card information dating back to late 2016.

The company has yet to explicitly mention the exact number of impacted locations and customers, but a list on their website shows a huge number across the United States and Puerto Rico. IHG has confirmed the franchises were affected between September 29 and December 29, 2016.

 Read more »

An Introduction to the Compliance Audit- IT Processes & Configuration Settings

If you haven’t yet been asked ‘The auditors want us to...’ or ‘The auditor suggested...’ or ‘...wants to know how we...’ the likelihood is, you will be soon!

This article is an introductory Guide for IT professionals – an ‘Everything you wanted to know about Compliance’. Those reading this with experience of being audited in the past will learn how to remain compliant with your required standards, making the next round of Audits much more straightforward.

Read more »

Newsletter

WannaCry Ransomware Didn't Start with Phishing Attack

The WannaCry Ransomware campaign that struck users globally early last week has been thought to have started with malware-infected phishing emails, but according to Malwarebytes, that’s not the case. Malwarebytes claims that instead of starting via phishing email, the ransomware campaign was instead initiated by scanning for vulnerable SMB ports exposed to the public internet. Hackers then used the NSA’s EternalBlue exploit to gain access to the target network and deployed the DoublePulsar backdoor to gain persistence, allowing for the installation of additional malware, like WannaCry.

Read more here 

Google Phishing attack targeted permissions & credentials

A brief phishing attack targeting Google Gmail and Google Docs users struck yesterday impacting an unknown number of individuals.

The attack was quickly mitigated by Google and lasted for roughly 2 hours, with the meat of it all taking place during a 15 minute period around 3 pm on May 3. Google claims that so far nothing malicious has been done with the stolen credentials, but expect to hear more.

What was so odd about this attack is that instead of trying to obtain the Google username and password or drop malicious malware onto the victim, these attackers were focusing on permissions to ‘Read, Send, Delete, and Manage’ emails and contacts.

Read more »

Derive, report & Track drift from an approved system image baseline using gen7

Understanding what the correct baseline configuration is for your IT system components is a keystone of security best practice. Compliance mandates, in particular, NERC CIP, require baselines of installed software, updates, and open ports to be captured and reported against.

Functional Requirements (Which applications do this system support? Which software packages does it need? What does the filesystem structure look like? What are the configuration settings needed for it to deliver its services?)

and it's:

Security Posture (What is the hardened build for this system? What are the minimum services, ports, and functions required, and what can we disable as a result? What are the configuration settings needed to mitigate vulnerabilities known to affect this device?)

Continue reading this Top Tip & Trick

Hackers expose 17 million zomato user credentials on the Dark web

Around 17 million users of the popular restaurant search platform Zomato have had their login credentials stolen by hackers and put on the dark web to be sold to criminals.

Zomato’s CTO, Gunjan Patidar, claims that User IDS, Names, Usernames, Email Addresses, and Password hashes with salt are among the information stolen in the breach.

All passwords were reset and users were required to log back into the platform following the event.

Read more  

Quarterly Update: F.A.S.T Cloud Integration from NNT CEO & CTO

File Integrity Monitoring is essential to ensure the integrity of your security IT systems. Reporting these changes can be a headache though- how do you differentiate between 'good', planned changes, and 'bad', possibly malicious activity? The solution is to leverage Cloud-Based Threat Intelligence and automatically authorize file changes as they are detected using the world’s largest authoritative file whitelist. And now you can do just that, using the NNT FAST Cloud (File Approved-Safe Technology).

Watch NNT's recorded Quarterly Update, presented by NNT CTO, Mark Kedgley, and NNT CEO, Mark Kerrison as they provide a detailed technical overview of our latest feature, the F.A.S.T Cloud.

Watch the Quarterly Update Recording

Payment service provider passes PCI audit with Gen7

As a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data.

 Read more »

Implementing layered security to protect against modern malware

Threats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2017 is far more diverse and dangerous than ever before.

Not only is it becoming more difficult to protect your confidential data, but more important too. Your enterprise is under attack right now and if a breach is successful, you could lose your Intellectual Property, your sensitive company planning and financial data, your market intelligence and with it, your overall competitive edge could be set back by years.

Read more »

Newsletter

Introducing NNT Member Download Area 2.0

An area of the NNT site has now been re-worked to make for a more pleasant user experience! Ease of use was our goal and we believe we have achieved this by splitting the area into three different sections and incorporating simple but informative buttons to help you quickly identify what it is that you are looking for. The three sections are as follows: NNT Change Tracker Generation 7, NNT Log Tracker Enterprise, and Archive. 

In NNT Change Tracker Generation 7 and NNT Log Tracker enterprise sections, you'll find our latest and greatest server and agent installation files, along with a large library of documentation which is there to help you deploy and configure the software. The Archive section is a place where you can find our outdated installation files which may be needed if you are working with older operating systems that cannot support the newer versions of software that we have to offer.

Take a look around, we're sure you'll like it but if you feel any further improvements can be made, please do let us know!

View the New Members Area Now!

supply chain attacks pose increased threat to security

The U.S. National Counter Intelligence and Security Center’s Foreign Economic Espionage in Cyberspace report released last week highlights the increased threat that software supply chain attacks pose to our critical infrastructure sector.

The report breaks down the current threats as well as future trends in foreign intelligence efforts to compromise U.S. intellectual property, trade secrets, and proprietary information in cyberspace, naming China, Russia, and Iran as the most capable and willing actors tied to cyber espionage.

Read more »

Change Tracker's ITSM Integration 

The clue is in the name, Change Tracker detects changes in an organization’s infrastructure. But so what? Why is that a useful thing to do? How am I benefitting from knowing what has been altered within my environment? The terrifying answer? To detect malicious activity.

The slightly more mundane answer? To identify a best intention change that, nevertheless, has impacted infrastructure operations.

Here at NNT, we are advocates of change. Change is essential to keep environments up-to-date and applications running smoothly and with as few vulnerabilities as possible. The key to change, the utopia, the Holy Grail if you will, is to provide some context to the change activity, the why did this change question.

NNT Change Tracker has a number of approaches to provide the answers.

Read more »

Shipping giant Cosco hit by ransomware attack

Chinese shipping giant COSCO suffered a suspected ransomware attack on Tuesday, July 24, causing a breakdown of its networks and systems in its North American Operations and slowing electronic communications.

Reports from the trade press citing internal emails suggest the company suffered from a ransomware attack and have asked staff not to open any ‘suspicious’ emails, but the official statement released on Wednesday makes no mention of malware.

Read more »

Data Breach reports quadruple under gdpr

The amount of data breaches reported to the UK’s Information Commissioner’s Office has nearly quadrupled since the recent enforcement of the General Data Protection Regulation (GDPR).

A report released by the ICO last week claims that in the months prior to GDPR being enacted, the total number of breaches reported was at 400, but that number climbed to over 1,750 in June, the first full month that GDPR was in place.

Read more »

BEC SCAMS costing orgs over $12 billion

According to an alert published by the FBI last week, the losses and potential losses reported as a result of business email compromise (BEC) and email account compromise (EAC) scams is over $12 billion globally.

This figure is based on data collected by the FBI’s Internet Crime Complaint Center (IC3), international law enforcement agencies and financial institutions across the word between October 2013 and May 2018. During this time, the FBI found that 78,000 complaints were made, with over 41,000 victims reported in the U.S. alone.

Read more »

nice quotes, but I wouldn't take cybersecurity advice from alphonse karr

Despite the accepted wisdom of the often-used quotation from Alphonse Karr ‘The more things change, the more they stay the same’, Alphonse obviously didn’t know much about cybersecurity.

Every single breach starts with a change, or the need for a change. Changes are both the enemy and the ally of cybersecurity, but in both cases, it is absolutely not the case that security is unaffected by change. Changes to IT systems are not just inevitable but near incessant in every organization: patches are routinely required to address vulnerabilities while business-as-usual improvements to IT services means that nothing stays still for long.

Read more »

Newsletter

On-Demand Webinar Now Available! 

Is your organization struggling to find the most resource-effective way to manage the increased demand for compliance and security? Do you have multiple compliance requirements and don't understand where they overlap and which ones to start with? Or is it that you are simply overwhelmed by the descriptive nature of compliance and need help with prescriptive guidance that prioritizes the requirements?

View our most recently recorded webinar and learn the most strategic, long-term and resource-effective ways to manage today's increased demand for compliance and security 

View the Webinar Now! 

Is Patching a double-edged sword?

Sometimes you can’t win. Patching, and the right time and process for doing so, is very much a case in point.

Patching used to need more planning and manual intervention, but as internet access has improved, many manufacturers now provide built-in Updater Services. 

Microsoft have taken this further, resorting to patch-guerilla tactics: Ambush Updates. They know what’s best for you, and if you won’t restart your PC then they will. Usually, this will always be when it’s least convenient for you, such is Murphy’s Law.

Read more »

Hackers steal $14M from Cosmos Bank ATM Attack

Cyber thieves managed to walk away with $13.5 million (944 million rupees) from India’s Cosmos Bank after making illegal withdrawals at ATMs across 28 countries over the past weekend.

According to Reuters, after conducting a malware attack on the bank’s ATM server, the criminals stole Cosmos’ customer data and used cloned cards to withdraw 805 million rupees in 14,849 transactions in only a two hour time period. Aside from the thousands of ATM withdrawals, the hackers also managed to transfer 139 million rupees to a Hong Kong-based company’s account. 

Read more »

NIST Small business cybersecurity act signed into law

The NIST Small Business Cybersecurity Act introduced by U.S. Rep. Dan Webster in March 2017 was signed into law by President Donald Trump on Tuesday to help small businesses effectively manage cybersecurity.

The law directs NIST and other federal agencies to “disseminate clear and concise guidance to help small business identify, assess, manage, and reduce their cybersecurity risks.” The guidance is based on the existing NIST Cybersecurity Framework and its implementation is voluntary by small businesses.

Read more »

understanding the basic cis controls: CSC 1-6

As data breaches continue to increase in severity and scale, more than ever organizations need to ensure they have the basic security controls in place to keep their data safe from attack.

In response to today’s growing threat landscape, the SANS Institute, together with the Center for Internet Security (CIS) have developed the 20 CIS Controls (CSC) to give organizations clarity on what really needs to be focused on in terms of security best practices.

Read more »

Cheddars scratch kitchen breach hits 500K customers

The payment card information belonging to over half a million Cheddar’s Scratch Kitchen customers has been compromised after an unauthorized intrusion was spotted by a third party.

Parent company Darden Restaurants was notified by federal authorities, claiming an attacker swiped 567,000 payment card numbers after compromising a legacy POS system. Customers who visited Cheddars in 23 states between November 3, 2017, and January 2, 2018, could have had their payment information compromised.

Read more »

Leading U.S. healthcare provider hit by phishing attack

One of the leading U.S. healthcare organizations (HCO) has revealed that a phishing attack in September 2017 may have led to the compromise of highly sensitive data belonging to nearly half a million patients.

Augusta University Health, based out of Georgia, claimed to be notified by investigators on July 31 that an attack last September on a member of the hospitals' staff may have given hackers access to data belonging to 417,000 patients. The HCO suffered a second phishing attack on July 11; the incident is still being investigated, however, Augusta said it was “smaller in scope”.

Read more »

Newsletter

Register Now for Our Upcoming Webinar with the Center for Internet Security! 

In the first of a series of webinars delivered by the Center for Internet Security (CIS) and NNT, we will be highlighting the benefits of combining security and operations to achieve common IT goals in our unique SecureOps™ strategy.

Join Tony Sager, Vice President and Chief Evangelist for the CIS and Founder of the Secure Controls Framework and Mark Kedgley, Chief Technology Officer and Co-Founder of NNT in our interactive webinar and learn:

• Facts that support why the SecureOps™ strategy is necessary and long overdue – Manage by Fact Not Fiction
• Why the CIS "Basic" Controls are essentially operational controls – the Common Denominators
• How to prioritize IT controls based on risk mitigation and defensive effectiveness
• Commonalities between security and operations –where 1+1=3
• How the CIS and NNT can help organizations prioritize efforts where 20% of the effort delivers 80% of the value – the Cliff Notes

Register now and get a free copy of the new SANS Security Leadership Poster and a fully-functional extended trial of NNT Change Tracker Gen7 to see how easily you can embrace SecureOps™ in your environment.

Register for the Webinar Now! 

U.S. State Department Failing to Address IT Security Basics

In a letter sent to Secretary of State Mike Pompeo, a bipartisan group of five United States senators is criticizing the State Department for failing to address basic cybersecurity standards.

The letter sent Tuesday points out the department’s failure to safeguard itself from cyber threats, claiming that the State Department is lagging far behind that of other federal agencies in the race to defend itself from cyber attacks.

Read more »

equifax update: hackers made 9K unauthorized database queries

The latest report from the U.S. Government Accountability Office (GAO) claims it took Equifax 76 days to detect the massive 2017 data breach, despite hackers having made over 9,000 unauthorized queries on its databases.

Last May, malicious actors exploited a known security vulnerability within the Apache Struts development framework (specifically Apache Struts CVE-2017-5638) in order to gain unauthorized access into Equifax systems.

Read more »

bristol airport hit by ransomware attack

The Bristol Airport in the UK suffered widespread outages for past two days after being hit by a ransomware attack on Friday.

The airport has announced normal services has resumed, but for two days airport staff was forced to physically write flight updates on whiteboards to provide travelers with essential travel information on flight arrivals and departures.

Read more »

cybercriminals outspend organizations in uphill cyber security battle

The latest research from Carbon Black claims that the cyber-criminal community spends over $1T per year on developing new attack methods, compared to the $96B spent by organizations per year to protect themselves from attacks.

UK organizations should remain vigilant in their efforts to enhance cyber defense efforts as hackers continue to spend an average of 10 times more money finding weaknesses in cybersecurity defenses than the organizations they target are spending on defending against attacks.

Read more »

Secure controls framework now available with NNT

The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels.

The SCF helps enables organizations to have a data-centric approach towards security, so that security and privacy principles help protect data from the physical to application layers.

Using the SCF should be viewed as a long-term tool to not only help with compliance-related efforts but to ensure security and privacy principles are properly designed, implemented and maintained. 

Read more »

U.S.Government payment provider exposes 14M records

A popular platform used to make payments to U.S. government entities has leaked 14 million customer receipts through a website error.

Government Payment Service runs the GovPayNet portal that Americans across 35 states use to pay their bills, fines, license fees, and much more. However, Brian Krebs recently reported that the online receipts that are issued by GovPayNet were sequentially numbered and by entering new digits into the address bar individuals could view other customer records dating back to 2012.

Read more »

Newsletter

For an introduction to the newly released Gen7R2, save your spot for the webinar and join Mark Kerrison, Chief Executive Officer of New Net Technologies and Mark Kedgley, Chief Technology Officer of New Net Technologies, in an interactive webinar as they showcase the all-new Change Tracker Gen7R2 Key highlights: 

• Embracing the SecureOps™ strategy: merging basic fundamentals of security and operations to deliver one unified solution
• Automating the IT service management (ITSM) workflow to enable Closed-Loop Intelligent Change Control
• Utilizing pattern matching intelligence to identify expected, planned changes against changes that could represent a security breach
• Adopting the basic underlying principle required for every security strategy- Security through System Integrity
• Achieve real-time continuous compliance regardless of the standard or policy

watch the CIS & nnt webinar  on-demand 

Hear from Tony Sager, Vice President and Chief Evangelist for the Center for Internet Security (CIS) and Founder of the Secure Controls Framework and Mark Kedgley, Chief Technology Officer and Co-Founder of NNT in our latest webinar - SecureOps™: Driving Unprecedented Security and Operational Results, and learn:  

• How the Center for Internet Security (CIS) and NNT can help organizations prioritize security efforts where 20% of the effort delivers 80% of the value 
• How to prioritize IT controls based on risk mitigation and defensive effectiveness – leveraging the CIS Controls
• Why the SecureOps™ strategy is essential and long overdue – Manage by Fact Not Fiction
• Commonalities between security and operations – where 1+1=3

Watch the webinar now »

an essential guide to the CIS Controls

The vast array of compliance and security mandates out there can leave many organizations confused on where to even start, but NNT believes the best place to start is with the CIS Controls. Published by the Center for Internet Security (CIS), these controls help organizations defend against known attacks by condensing key security concepts into actionable controls to achieve better overall cybersecurity defense.

The CIS Controls provide clarity on what organizations really need to be focusing on in terms of security best practices to help prioritize actions that must be taken to defend against cyber threats.

google shutting down Google+ following privacy vulnerability

Google is shutting down its Google+ social network following the disclosure of a software glitch within Google+ that resulted in the exposure of personal-profile data belonging to hundreds of thousands of Google+ users.

The glitch was live for close to three years, but Google elected to not make the breach public out of fear of regulation. 

Read more »

Number of stolen credentials skyrockets 141% in North America

The latest research from Blueliv has found that the number of compromised credentials detected in North American botnets grew 141% from the last quarter.

The spike between the March to May and June to August quarters came alongside declines in other regions analyzed. Russia and Europe saw a 22% decrease and Asia saw a 36% decrease.

Credential theft is a booming market with threat actors across the globe. With access to these sensitive login credentials, hackers can cause extreme havoc throughout an organization.

Read more »

Secure controls framework now available with NNT

The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels.

The SCF helps enables organizations to have a data-centric approach towards security, so that security and privacy principles help protect data from the physical to application layers.

Using the SCF should be viewed as a long-term tool to not only help with compliance-related efforts but to ensure security and privacy principles are properly designed, implemented and maintained. 

Read more »

UK Unveils world first iot code of practice

The UK government recently released a new Code of Practice (CoP) intended to drive security-by-design in the manufacture of IoT products. The new CoP is designed to improve baseline security in the sector and ensure small devices that process personal data are aligned with the GDPR. Regulations for improving the security of consumer-grade IoT products are also in the works.

Read more »

Newsletter

The Problem with Running Outdated Software

Given the latest WannaCryRansomware epidemic, which infected more than 230,000 users in over 150 countries, it’s vitally important that organizations fully understand the risks associated with using out-of-date systems and software.

Change can sometimes be unnerving. It requires a bit of adjusting and is often times considered best avoided, especially when it comes to upgrading functioning production software. There is an understandable resistance to upgrading software where the version in use is familiar, well understood and from a functionality standpoint, isn’t actually broken. Unfortunately, the same software is well known to hackers. They’ve had plenty of time to get well accustomed with software that’s been around for years.

Read more here 

Onelogin reports unauthorized access issue

Identity and access management software vendor OneLogin has reportedly suffered a security incident involving unauthorized access to customer data.

According to the company’s CISO Alvaro Hoyos, it ‘detected unauthorized access to OneLogin data in our US data region’ yesterday, subsequently blocked the unauthorized access, reported the security incident to law enforcement, and are working with an IT Security firm now to determine how the unauthorized access happened.

Read more »

NNT Recommended Change Control Program

Controlling changes is one of the biggest challenges facing our customers. The size of task, process, and coordination of effort often means that changes continue to occur outside of any planned change approvals and the IT team is unable to prevent this from continuing. The solution? NNT’s Managed Change Control Program.

NNT’s Change Control Program is an ongoing dedicated review of all changes conducted by a qualified NNT representative who through the use of NNT Change Tracker will be able to help better contain changes within either a ‘Forward Planned Change’ or an ‘Automated Intelligent Planned Change' using rules & logic to ensure that the changes taking place are fundamentally OK and non-harmful.

Learn More about the NNT Change Control Program

Industroyer malware said to be linked to Kiev attack

A new kind of malware with the ability to take down an entire city’s electrical and power grid has been detected.

The malware was identified after an attack on the Kiev power grid in 2016, leaving the northern part of the capital without electricity. Researchers at ESET found that the malware is capable of controlling electricity substation switches and circuit breakers directly through the use of industrial communication protocols.

Industroyer uses protocols in a common fashion, and its core component is a backdoor that attackers use to install and control the components. The malware then connects to a remote server in order to receive commands and reports back to the attackers.

Read more  

Eternalblue exploit used in Wannacry ransomware attack

The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017.

This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.

Continue Reading this Top Tip & Trick

Honda forced to shut down plant after wannacry infects network

As a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data.

 Read more »

Cloud services falling behind in GDPR Migration

Researchers at Netskope have found that the majority of cloud services being used by global firms today currently do not meet the stringent standards for the EU General Data Protection Regulation (GDPR) compliance standard.

The vendor based its findings on an analysis of 23,000 cloud service by its Netskope Active Platform which is used by hundreds of customers and millions of end users globally, between January and March 2017.

They found that 67% of services reviewed did not specify that the customer owns the data in the terms of service, 90% did not support encryption of data at rest, and 41% replicated data in geographically dispersed data centers.

Read more »

Newsletter

Server Hardening Policy- Examples & Tips 

Every organization should have a hardened Windows build standard, a hardened Linux build standard, a hardened SQL Server / Oracle database build standard, a hardened firewall standard etc. However, determining what is an appropriate server hardening policy for your environment will require detailed research of hardening checklists and then an understanding of how this should be applied to your operating systems and applications.

All governance, regulatory and compliance standards such as NIST SP 800-53, SOX, NERC CIP, ISO27001, PCI DSS, DISA STIG and HIPAA all call for strong cyber security defenses, with a hardened build standard at the core. This is maintained using file integrity monitoring to highlight any significant changes or 'drift'.

Read more about Server Hardening Policy- Examples & Tips

Botnet turns active directory domain controllers to c2 servers

Researchers at the Australian security company, Threat Intelligence Pty Ltd., have created a possibly devastating botnet that exploits infected victims Active Directory Domain Controllers, resulting in internally hosted command and control servers.

Active Directory is a Microsoft directory service for Windows that domain networks & stores information on network components, automates network management of user data, and authenticates and authorizes users while enforcing security policies.

The attack method can use the AD as a central connecting point for any infected node or endpoint in the system, allowing the attacker to enable two-way communication with each other even when segmented into separate security zones.

Read more »

Cinema Chain Suffers Possible 2 year POS Breach

The Missouri-based cinema chain, B&B Theaters, is under investigation for a possible two-year breach of credit card credentials following a tip-off from a banking partner. 

Estimates from security experts like Brian Krebs find that customers may have been exposed from April 2015 till April 2017, leaving an unsettling window of opportunity for attackers to strike. 

It’s highly likely the hackers infiltrated the organizations POS systems to scrape card magstripe data. This issue is alleviated with the implementation of the Chip & PIN credit cards and card readers, which has been mandated by the PCI-DSS Compliance Standard to help protect card data.

Read more »

UK Government to Invest 21 Million in NHS Cybersecurity

The UK government has announced they will invest £21 million to beef up cybersecurity within the UK’s National Health Service (NHS).

This news comes in the wake of the recent WannaCry ransomware attack that hit the NHS, locking staff out of their computers and leaving patients without the care they need.

The £21M will be split amongst the 27 trauma centers and hospitals across England. The funding will be used to update IT systems, improve staff training, and raise awareness on how to deal with today’s cyber threats.

Health Minister Lord O’Shaughnessy claims, “People must be confident that systems are secure and robust. Recent incidents, including the May 2017 ransomware attack, which affected many other countries’ services as well as our own health and care system, have shown that the NHS can protect essential services in the face of a cyber-attack, but they have also underlined the need for organizations to implement essential, strong data security standard.”

Read more  

Eternalblue exploit used in Wannacry ransomware attack

The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017.

This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.

Continue Reading this Top Tip & Trick

The problem with running outdated software

Why do we resist the upgrade? Change can sometimes be unnerving.  It requires a bit of adjusting and is often times considered best avoided, especially when it comes to upgrading functioning production software. There is an understandable resistance to upgrading software where the version in use is familiar, well understood and from a functionality standpoint, isn’t actually broken. Unfortunately, the same software is well known to hackers. They’ve had plenty of time to get well accustomed with software that’s been around for years.

 Read more »

2.2 Million Dow Jones Customers Impacted by exposed data

Dow Jones & Company has accidentally leaked the personal details and financial information of at least 2.2 million of its customers, but security experts believe this number is said to increase.

Security researchers at UpGuard found that a cloud-based file repository had been misconfigured to allow semi-public access to 2.2 million customers, however, UpGuard believes the number may be as high as 4 million.

The leak was revealed on May 30 and the database was secured by June 6, however, Dow Jones made little to no effort to notify customers of the incident, aside from an article published in the Journal on July 16 covering the leak.

Read more »

Newsletter

NotPetya Attack Costing Organizations Millions in Losses 

Some of the largest organizations around the world are reporting hundreds of millions of dollars in losses due to the NotPetya cyber-attack that occurred in late June. The NotPetya malware outbreak impacted tens of thousands of victims across 65 different countries, targeting massive organizations like the Ukraine’s central bank, WPP, DLA Piper, and AP Moller-Maersk.

While it was originally believed NotPetya was a piece of ransomware, further research found that it’s actually a wiper and it’s unlikely that if a ransom is paid that files are recovered.

Read More

US Senators Introduce IoT security bill

Four U.S. Senators have introduced a bipartisan bill aimed at improving the baseline security for all Internet of Things (IoT) devices bought and used by the U.S. government. 

The bill is being called The Internet of Things Cybersecurity Improvement Act and its goal is to ensure that IoT products can be patched, do not include hard-coded passwords that cannot be changed, and most importantly, are free of known security vulnerabilities, amongst other requirements laid out in the bill. 

Read more »

Study finds orgs doing little to protect against insider threats

It's no security that insider threats pose a huge risk to organizations globally, but studies show that very little is being done to protect against this threat. 

New SANS Institute research revealed that that 40% of respondent’s rate malicious insiders are the most dangerous threat their organization could face, followed by accidental or negligent staff members (36%).

Read more »

LG Hit with Ransomware Identical to WannaCry

Ransomware identical to WannaCry was spotted on LG self-service kiosks in South Korea this week, leaving many to believe organizations may not have taken the WannaCry threat as seriously as they should have.

The LG service center kiosks were hit on Monday morning, with the state-run Korea Internet & Security Agency (KISA) investigating the infection further. While they claim they found samples of malicious code identical to that found in the WannaCry ransomware attack, further investigation is needed to confirm the exact cause.

Read more »

Auto approve file changes using NNT FAST Cloud

Those of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur.

Here at NNT, we like to think that we provide the ‘change proof’ for any schedule change activity, such as patching and applications upgrades as well as any changes committed outside of a scheduled window.

Read more »

UK Retail breaches double in the last year

New figures released by law firm RPC claim the number of UK based retailers experiencing data breaches has nearly doubled within the last year.

Between 2015 and 2016, 19 breaches were reported to the information security watchdog, the Information Commissioner’s Office (ICO). However, between 2016 and 2017 that number climbed to 38 data breaches.

 Read more »

NNT managed services

NNT Managed Services are designed to help our customers get even more value from their NNT software & better protect them from security related issues. This service aims to ensure the continuous optimization of the features and functionality within NNT Change Tracker and Log Tracker.


The service, typically conducted through regular remote sessions, will focus on maintaining the tuning, alerting, and usability of the software and extend the automation and integration within the customer environment to ensure better protection and compliance at all times. 

Read more »

Newsletter

Register Today for NNT's Upcoming Webinar

Halloween is almost here: the time where we share scary stories knowing they're confined to storybooks and movie screens, but unfortunately, there are some IT horror stories that are all too real: the scariest being ransomware.

Under no circumstance should you give in to fear and pay the ransom demanded by a hacker. Instead, learn from our assembled team of experts what you can do right now to remove the main risks of infection and sleep better at night.

Hear from NNT CTO and CEO as they discuss:

• The Anatomy of a Ransomware Attack
• Proven Steps to Prevent a Ransomware Attack
• Access to Ransomware Mitigation Kits
• Tools to help handle Ransomware fears throughout the organization

NNT will provide a FREE node of Change Tracker Gen7 for all attendees. This offer is limited to end user prospects ONLY. NNT reserves the right to restrict license access to vendors and competitors.

Equifax Ignored Patch Two Months Prior to Hack

New reports have found that hackers were able to exploit a security vulnerability at Equifax 2 months after an industry group discovered the coding flaw and offered a solution for it, leaving many to wonder why Equifax didn’t upgrade its software correctly when the flaw was originally found.

The Equifax hack is one of the largest breaches of consumer private financial data in history- 143 million consumers and access to the credit card data of 209,000 consumers. Information potentially accessed by hackers in ludes Social Security numbers, Dates of Birth, and Full Names, putting millions of people at risk of identity theft.

The Apache Foundation, which oversees the commonly used open source software made a statement Thursday claiming, “The Equifax data compromise was due to failure to install the security updates provided in a timely manner.”

Read More

CCleaner server compromised AT beginning of july

Anti-virus company, Avast, has found that a server distributing a version of PC utility CCleaner infected with malware may have been compromised in early July.

Two versions of the commonly used Windows maintenance tool were altered to distribute information-stealing malware, with over 2 million users said to be impacted. Those modified versions include 32-bit CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191. The infection binary was released on August 15 and went undetected for over four weeks.

Read more »

Fedex reports $300M in losses due to notpetya attack

U.S. Shipping giant FedEx has joined the list of well-known brands that have lost hundreds of millions of dollars after their IT systems were infected with NotPetya ransomware back in June.

FedEx latest earnings call claims it would be down $300 million following the ransomware outbreak that impacted tens of thousands of victims across 65 different countries.

The company claims that its subsidiary, TNT, bore the brunt of the attack.

Read more »

1.9M records compromised first half of 2017

According to Gemalto, close to two billion records were stolen or lost during the first half of 2017, more than that of all of 2016.  

These findings were released in the security firm's latest Breach Level Index which represents a global database of public data breach incidents. 

918 security incidents were recorded during the first six months of 2017, amounting to 1.9 billion compromised records. This number has increased significantly since last year's 1.4 billion compromised records. That number is expected to grow substantially over the next several months. 

Read more »

Auto approve file changes using NNT FAST Cloud

Those of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur.

Here at NNT, we like to think that we provide the ‘change proof’ for any schedule change activity, such as patching and applications upgrades as well as any changes committed outside of a scheduled window.

Read more »

Nearly 75% of security incidents originate inside the extended enterprise

New research from Clearswift reveals the vast majority of security incidents originate from within the extended enterprise and not as a result of a hacking group.

After surveying 600 senior business decision makers and 1,200 employees across the US, UK, Germany, and Australia, Clearswift found that 42% of IT Security incidents occurred due to the actions of employees, whilst 74% originate from the extended networks of workers, customers & suppliers. That’s compared to the 26% of attacks that came from parties unknown to the organization.

Read more »

DHS notifies states affected by Russia election hack

The U.S. Department of Homeland Security (DHS) has notified the states whose systems were targeted by hackers before last years’ 2016 presidential election.

DHS officials expressed concerns to the Senate Intelligence Committee in June that a threat group assumed to be working for the Russian government targeted websites and other voting systems in 21 states. It was originally believed that a very small number of networks were breached, and while no evidence was found tampering with vote tallies, many officials agreed that Russian had at least tried to influence the 2016 election outcome.

Read more »