Firewall | Breaking Cybersecurity News | The Hacker News

The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i

One of the most common network security solutions is the branch firewall. Branch firewall appliances can pack into a single device a wide range of security capabilities including a stateful or next-generation firewall, anti-virus, URL filtering, and IDS/IPS. But the reality is that most of these edge devices lack the processing power to apply the full scope of capabilities on all of the necessary traffic. If the firewall deployed in the branch cannot scale to address critical security needs, an alternative strategy must be used. Wholesale appliance upgrades are easy but expensive. Regional security hubs are complex and also costly. A new approach, called firewall bursting , leverages cloud scalability to offer an easier, more cost-effective alternative to branch office security. (You can find a great table comparing the different Firewall approaches here .) Costly Appliance Upgrades and Secure Hub Architectures The existing methods of evolving branch security force IT int

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack . The vulnerability affects products from dozens of vendors, including Fortinet , Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — 'in conjunction with a hard-coded seed key.' Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades. Pseudorandom number generators (PRNGs) don't generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1. Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that would prevent the spread of the attack between enterprise locations in the Wide Area Network (WAN). This is partly due to the way enterprises deploy security tools, such as IPS appliances, and the effort needed to maintain those tools across multiple locations. It's for those reasons Cato Networks recently introduced a context-aware Intrusion Prevention System (IPS) as part of its secure SD-WAN service . There are several highlights in this announcement that challenge the basic concept of how IT security maintains an IPS device and sustains the effectiveness of its protection. Cato Network

Admit it. Who would not want their firewall maintenance grunt work to go away? For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them. This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider (MSSP). The provider assumed the management of the firewall box, its software, and even its policy and management from the over-burdened IT team. But customers ended up paying for the inefficiency of dealing with appliances (i.e. "grunt work") because the problem just shifted to the provider. A new architecture was needed - a transformation from an appliance form factor to a true cloud service. In a 2016 Hype Cycle for Infrastructure Protection report , Gartner analyst Jeremy D'Hoinne initiated the emerging category of Firewall as a Service (FWaaS). He defined FWaaS as " ...a fire

Online Privacy has been one of the biggest challenges in today's interconnected world, as the governments across the world have been found censoring the Internet, stealing information and conducting mass surveillance on innocent people. China is one such nation which always wanted to have a tight hold on its citizen and has long been known for its strict Internet censorship laws through the Great Firewall of China. The Great Firewall of China is the nation's Golden Shield project that employs a variety of tricks to censor Internet and block access to various foreign news and social media sites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay. So, in order to thwart these restrictions and access blocked websites, hundreds of millions of Chinese citizens rely on virtual private networks (VPNs) which route their traffic to servers overseas free of the Great Firewall filters, but this may not be an option soon. For those unfamiliar, Virtual P

Recently released NSA exploit from " The Shadow Brokers " leak that affects older versions of Cisco System firewalls can work against newer models as well. Dubbed ExtraBacon , the exploit was restricted to versions 8.4.(4) and earlier versions of Cisco's Adaptive Security Appliance (ASA) – a line of firewalls designed to protect corporate, government networks and data centers. However, the exploit has now been expanded to 9.2.(4) after researchers from Hungary-based security consultancy SilentSignal were able to modify the code of ExtraBacon to make it work on a much newer version of Cisco's ASA software. Both Cisco and Fortinet have confirmed their firewalls are affected by exploits listed in the Shadow Brokers cache that contained a set of " cyber weapons " stolen from the Equation Group . The Equation Group is an elite hacking group tied to the NSA's offensive Tailored Access Operations (TAO) and linked to the previous infamous Regin and S

Last week, a group calling itself " The Shadow Brokers " published what it said was a set of NSA "cyber weapons," including some working exploits for the Internet's most crucial network infrastructure, apparently stolen from the agency's Equation Group in 2013. Well, talking about the authenticity of those exploits, The Intercept published Friday a new set of documents from the Edward Snowden archive, which confirms that the files leaked by the Shadow Brokers contain authentic NSA software and hacking tools used to secretly infect computers worldwide. As I previously mentioned , the leaked documents revealed how the NSA was systematically spying on customers of big technology companies like Cisco, Fortinet, and Juniper for at least a decade. Hacking tools from The Shadow Brokers leak named ExtraBacon, EpicBanana, and JetPlow, contain exploits that can compromise Cisco firewall products including devices from the Adaptive Security Appliance (ASA) li

In Brief Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network. When it was reported last month that an unknown hacking group attempted to steal $1 Billion from Bangladesh's Federal Reserve bank account with the help of a malware and, in fact, successfully stole over $80 Million , the investigators would not say how the hackers managed to bypass the security solutions on its network. But in reality, there was no security solution installed to help protect against increasingly sophisticated attacks. This lack of security practices made it incredibly easier for the hackers to break into the system and steal $81 Million, though a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds. The network computers that we

Juniper Networks has announced that it has discovered " unauthorized code " in ScreenOS , the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs). It's not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of the software date back to at least 2012 and possibly earlier. The backdoor impacts NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, states the advisory published by the company. However, there's no evidence right now that whether the backdoor was present in other Juniper OSes or devices. The issue was uncovered during an internal code review of the software, according to Juniper chief information officer Bob Worrall , and requires immediate patching by upgrading to a new version of the software just released today. &quo

Firewalls are the front-line soldiers, who sit strategically at the edge of your network and defend it from various security threats. Firewalls require constant maintenance and management to ensure that they are accurately configured for optimal security, continuous compliance, and high performance. Manual firewall configuration and change management is a time-consuming, error-prone, and headache-fraught task, especially in today's increasingly complex and dynamic networks and, for organizations dealing with dozens, or very commonly, hundreds of individual firewalls, routers and other network security devices, manual configuration and ongoing ACL changes can quickly become a management nightmare. If not managed correctly, organizations can find themselves exposed to dangerous cyber threats and compliance risks, which can lead to costly repercussions. The key to keeping up with ever-changing and ever-growing firewall rule-sets is automation.By automating firewall configu

Last year in the month of December the Security-focused Unix-like distribution ' OpenBSD ' Foundation announced that it was facing shut down due to lack of funds to pay their electricity bills and dedicated Internet line costs. Theo de Raadt , the founder of the OpenBSD project, and Bob Beck (Developer) announced : " In light of shrinking funding, we do need to look for a source to cover project expenses. If need be the OpenBSD Foundation can be involved in receiving donations to cover project electrical costs. But the fact is right now, OpenBSD will shut down if we do not have the funding to keep the lights on. " Just after a month, a Bitcoin billionaire from Romania has stepped in and sorted OpenBSD out! Mircea Popescu , the creator of the MPEx Bitcoin stock exchange has offered $20,000 donations to the OpenBSD Foundation and saved the existence of OpenBSD development from being stopped. Like each open source project, OpenBSD production servers we

Google has found that the French government agency using unauthorized digital certificates  for some of its own domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a "S erious Security breach ", which was discovered in early December. Rogue digital certificates that had been issued by French certificate authority ANSSI, who closely work with the French Defense agency. "In response, we updated Chrome's certificate revocation metadata immediately to block that intermediate CA, and then alerted ANSSI and other browser vendors. Our actions addressed the immediate problem for our users" Google has immediately blocked the misused intermediate certificate and updated Chrome's certificate revocation list to block all dodgy certificates issued by the French authority. In a statement, ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a p

Users in Iran call Internet as " Filternet ", because of the heavily censored Internet access they have. Million Iranians used VPN servers to access the outside world. In October, 2013 Jack Dorsey, the co-founder of Twitter asked Iranian President, ' Are citizens of Iran able to read your tweets? ' In Reply Mr. The President said that he will work to make sure Iranians have access to information globally in what appears to be a reference to reducing online censorship. Just after promising to support Internet Freedom, the Iran Government has banned yet another web application called -  Cryptocat , a tool that allows for secure and encrypted chat. The app is well known for bringing encrypted communications to the masses, popular with human rights activists and journalists around the world. According to ' Blockediniran.com ', Cryptocat website and the associated private chat service were inaccessible to our users in Iran. Currently since Monday.  ' It cu

CryptoLocker is an especially insidious form of Ransomeware malware that was first detected in the wild in September 2013, restricts access to infected computers and requires victims to pay a ransom in order to regain full access. What makes CryptoLocker so bad is the way it encrypts the user data on your hard drive using a strong encryption method. This makes it literally impossible to access your own data without paying the ransom amount to the criminals between $100 and $300 or two  Bitcoins , even now more. Once affected you will be locked out of your computer and unless you pay the ransom amount in 72 hours , the virus will delete the decryption key to decrypt all the files on your PC . The malware lands on PCs the same way other malware does and a few sensible precautions will help minimize the chances of a CrytoLocker attack. Yesterday, we reported that - UK's National Crime Agency has given out an urgent national alert that a mass spamming event target