Neo4j builds tools for creating graph databases, and today at its GraphConnect conference in New York City, it announced a new platform for developers to build graph-based applications using a common set of services.
Emil Eifrem, Neo4j co-founder, says while the concept of graph databases has steadily gained in popularity in recent years, the databases need to connect to various enterprise… Read More
A PUP is a Potentially Unwanted Program. It is also known as a Potentially Unwanted Application (PUA). PUPs are software with implementations that can compromise privacy or otherwise weaken the security of a computer, a user, or the environment.
A PUP can cause excessive or deceptive illegitimate changes to system settings, security settings, and other configurations. Some PUPs diminish the end-user experience with pop-ups, pop-unders, ad-insertions, ad-overlays, or ad replacements. If unhandled, these innocuous-seeming add-ons can cause significant performance issues later, or they can open security holes for the future.
Other PUPs install certificates on the endpoint, which allow hackers to intercept private data, such as banking details. With the certificate installed and trusted, the browser does not warn the user of a security breach.
PUPs often use pseudo-installers to push adware or spyware with commonly-used software. Sometimes the danger is a hidden feature of a product, added with the knowledge of the vendor and mentioned in the EULA. Most users do not read the EULA and thus miss the warning that they are not using the official installer, or that the vendor is pushing unwanted add-ons.
The difference between a PUP and other malware, is the concept of “Potential”. If a user is aware of all actions of the program, and you (IT and SecOps) confirm it is not dangerous, you can allow the program in your environment. A mission-critical application can be detected as a PUP. It is unwanted for some users, but critical for others.
The unique Behavioral AI engines of the SentinelOne Agent detect dangerous back-end configuration changes. They also detect desirable or expected behavior. When both come from one parent process, SentinelOne detects the installer process or running process as a PUP.
You can make groups of endpoints, according to their use of programs that are detected as PUPs. For example, you can create a group for IT computers. The policy for IT computers will allow PUPs. When an IT user installs a PUP, you can see its Story Line and decide if it is safe for IT endpoints. If so, you can add an exclusion to the IT group policy, that allows that program by its default installation path.
For the policies of other groups, you can set PUPs for automatic Detect and Protect. The Agent will detect PUPs. It will kill the processes that cause suspicious backend behavior, quarantine the installer, and remediate configuration changes that were done (if any).
RDP is a critical application for authorized personnel. It is safe when restricted to legitimate business purposes. You can put more security on RDP, such as authentication, authorization, and auditing.
Say a corporate employee wants to remote control a corporate device from internet cafe, airport, home or someone else’s machine…) using a radially accessible RDP application, such as TeamViewer[1]. If this unauthorized use of TeamViewer succeeds, then anybody can use the unprotected host as a jump box to control hosts, using a legitimate corporate account – possibly sharing files, and changing anything though an uncontrolled tunnel or VPN.
Result: Authorized users can use TeamViewer, and install or upgrade without interruption, while other users cannot install TeamViewer. If they attempt to install it, the installation will be blocked.
* For more information on macOS PuP detection capabilities and OSX.IronCore see: https://www.sentinelone.com/blog/osx-ironcore-a-or-what-we-know-about-osx-flashimitator-a/
[1] Please note that our use of TeamViewer is only as an example. SentinelOne is not connected in any way with TeamViewer, nor do we recommend or criticize its use.
The post A macOS Perspective from SentinelOne: Remote Desktop and PuPs appeared first on SentinelOne.
Google Labs has produced some amazing ideas. Some of them have found their way to the market, and many others have not. The one thing they have in common, though, is that they’re all intriguing and exciting.
That’s especially true of Google’s latest offering, Google Pixel Buds.
If you’ve ever read “The Hitchhiker’s Guide To The Galaxy,” then you know the term “Bable Fish.” If you grew up watching Star Trek, then you know all about the Universal Translator. Well, Google has built the version 1.0 of that very device.
The new earbuds are able to translate forty different languages in something close to real time. Close enough, in any case, to be useful in day to day conversation.
Obviously there are some glitches and limitations at this point, just as there were in the first smartphones and computers, but the fact that this new technology exists at all, in any form, is nothing short of amazing.
The potential applications are limitless, and the number will only grow as the technology matures. We can see the possibility of seamless global communications that cut across language barriers. It boggles the mind.
If you do business with vendors all over the globe, imagine how much simpler this is going to make your life. As mentioned, it’s a given that early adopters will face certain limitations and no doubt chafe under the shortcomings of the early versions of the device, but that’s been true of just about every invention we’ve ever seen enter the marketplace.
Consider speech-to-text technology, for example. The early versions were quite buggy and you could count yourself lucky if they successfully interpreted 40 percent of your words, translating them into text. These days, that percentage is closer to 98.
The best way to help this new product succeed is to jump in and start using it, bugs, flaws, shortcomings and all. Kudos to Google Labs!
The trend of using big data analytics to glean more targeted insights for your business continues to be democratized, with an increasing number of startups hitting the market to help those who are not data scientists nor engineers take advantage of these kinds of tools. In the latest development, a startup called ActionIQ — a marketing activation platform that gives marketers better… Read More
WeWork, the behemoth co-working company valued at $20 billion, has today announced the acquisition of Flatiron School. Flatiron School is a coding education platform that offers both online and offline classes to folks who want a career in the world of tech. The coding academy was launched in 2012 and has raised more than $14 million since inception, according to Crunchbase. The terms of the… Read More
One thing is clear, Cisco is not afraid to use its considerable cash on hand to fill in holes in its product portfolio. Today it wrote out a big fat check for $1.9 billion to acquire BroadSoft, a Maryland company that delivers unified communications via service providers. The purchase gives Cisco a new way to sell its communications tools as it shifts its focus from a pure networking… Read More
Hearsay Systems is announcing that it has acquired technology and intellectual property from Mast Mobile. The Mast service allowed businesses to manage work and personal numbers on a single mobile phone, and to connect those phones to their customer database. It was backed by Samsung, FirstMark Capital and others. Hearsay, meanwhile, offers marketing and communication tools for the… Read More
Microsoft stopped supporting Windows XP and Vista quite some time ago., Butbut so far, Firefox has been hanging tough, continuing to provide updates to their browser’s users on both platforms, doing at least something to extend their useful life a bit longer.
That’s soon coming to an endgoing to change soon. Mozilla recently announced that as of June 2018, their support for both XP and Vista would be coming to an end.
Originally, Mozilla planned to discontinue support to both XP and Vista in December 2016. That date came and went, and the company announced that they’d provide a revised date for ending their support no later than September 2017. They’ve now settled on a final date, and odds are that the two platforms won’t get another extension beyond this.
If you’re still using either XP or Vista, it’s well past time to migrate or upgrade. Unfortunately, tens of millions of users around the world are still clinging to these systems, because the legacy software running on them simply isn’t compatible with more modern operating systems.
The danger, though, is that sans security patches, these systems are growing increasingly vulnerable to hacking attacks as time passes. New security flaws and exploits are being discovered all the time, and they’re not getting patched, making these old systems little more than ticking time bombs on your company’s network.
All that to say, if you’re still struggling to upgrade your legacy systems so you can finally move away from Windows Vista and XP, it’s more important than ever. No matter how important those legacy systems are to your company, the hard truth is that the longer those old systems remain connected to your network, the more danger your company is in. It’s not a question of if a hacker will exploit that system, it’s a matter of when.
The clock is ticking.
In case you missed it, here are some of the biggest stories in cybersecurity from the past week!
Update Every Device — This KRACK Hack Kills Your Wi-Fi Privacy
It’s time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at everything people are doing online. Read More
Millions of high-security crypto keys crippled by newly discovered flaw
A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. Read More
Trump administration imposing new email security protocols for agencies
The Trump administration on Monday will order federal agencies to adopt common email security standards in an effort to better protect against hackers, a senior Department of Homeland Security official said. Read More
Microsoft responded quietly after detecting secret database hack in 2013
Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. Read More
DDoS Attacks Cause Train Delays Across Sweden
DDoS attacks on two separate days have brought down several IT systems employed by Sweden’s transport agencies, causing train delays in some cases. Read More
This ransomware-spreading botnet will now screengrab your desktop too
New payload bundled within Necurs botnet attacks allows those carrying out malicious campaigns to check if they’re working and improve updates. Read More
Dodging Russian Spies, Customers Are Ripping Out Kaspersky
Inadvertently or not, Kaspersky has betrayed customer trust. Read More
Domino’s blames data breach on former supplier’s systems
Customers complain about ‘eerie’ personalised spam emails and lack of communication from pizza seller. Read More
PwC: UK Firms in the Dark Over Cyber-Attacks
UK organizations are unprepared for cyber-attacks, lack visibility into threats and aren’t doing enough to collaborate internally and externally, according to PwC. Read More
Hacking accounts for 50% of healthcare breaches in September: 5 report insights
There were 46 healthcare breaches disclosed in September, up from 33 breaches in August, according to a Protenus report. The report, which is part of the “Protenus Breach Barometer” monthly series, analyzes healthcare breaches reported to HHS or disclosed to the media during September 2017. Read More
The post Weekly Recap of Cybersecurity News 10/20 appeared first on SentinelOne.
Open source tools offer a lot of compelling advantages, with one of the biggest and most important being that they tend to have relatively fewer bugs and security flaws. The reason is that they’re open source initiatives, and anyone can dig into the source code and tweak it to make it better.
Unfortunately, there are exceptions to every rule, a fact that was brought into painful focus recently by a group of Google security researchers who found not one, not two, but a total of seven critical security flaws in an open source program called DNSMasq.
DNSMasq comes pre-installed on some Linux machines (Ubuntu and Debian) and is frequently used on home routers, smartphones and a variety of “smart” devices. Worldwide, there are approximately 1.1 million active installations.
Per the research team: “We discovered seven distinct issues over the course of our regular internal security assessments. Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of DNSMasq, Simon Kelley, to produce appropriate patches and mitigate the issue.”
Since all of the issues have been patched, Google has released the Proof-of-Concept exploit code for each of the bugs they found. Of them, three would have allowed a user to execute code remotely, and three others would have made it possible to commandeer a device so it could be used in a denial of service attack.
If you use DNSMasq, be sure you update your software to version 2.78 or later so that you’re using a version which contains the bug fixes. For Google’s part, they issued an update on Sept. 5, 2017 that fixes the issue on any Android device running the software.
