Two-factor authentication coming to PlayStation Network

By Narinder Purba posted 22 Apr 2016 

Two-factor authentication (2FA) is to be added to the PlayStation Network, offering members even greater security.

News of this was first made public on Twitter on April 19th, when one of its users posted a tweet.

Sharing an image, he stated: “More proof about #PSN 2-step verification. This is from PS3 after today’s v4.80 update.”

The image was a screenshot, which read: “The sign-in ID or password is not correct. If 2-step verification is active, you must enter a device setup password into the [Password] field.

“Check your mobile phone for a text message about your Sony Entertainment Network account.”

2FA is often described as being an additional security process, which requires individuals to provide a supplementary piece of information when trying to access a device or account.

It usually comes in the form of a code, meaning that if you are signing into your email account on a new device for the first time, along with your username and password, you will have to input a uniquely generated code (usually sent to your smartphone).

Although Sony has yet to release an official statement, a representative told GameSpot that 2FA is going to be a permanent feature.

This is welcome news, further bolstering the security on the network, which was attacked two years ago.

A distributed denial of service attack resulted in the network being taken offline. Sony commented at the time that no data had been accessed.

“Like other major networks around the world, the PlayStation Network and Sony Entertainment Network have been impacted by an attempt to overwhelm our network with artificially high traffic,” it stated.

“Although this has impacted your ability to access our network and enjoy our services, no personal information has been accessed.”

Encrypt – or face a huge fine

By Peter Stancik

The Information Commissioner’s Office (ICO), the UK’s independent authority that oversees data privacy, recently released a new guidance on encryption best practices. Although encryption of data is not mandatory under UK data protection legislation, the ICO strongly recommends that organizations dealing with personal data use it.

“In recent years there have been numerous incidents where personal data has been stolen, lost or subject to unauthorized access,” the ICO states.

“In many of these cases, these were caused by data being inadequately protected or the devices the data was stored on being left in inappropriate places – and in some cases both. The Information Commissioner has formed the view that in future, where such losses occur and where encryption software has not been used to protect data, regulatory action may be pursued.”

The guidance highlights a number of cases where organizations were fined for not complying with this obligation. Personal data from over 1,000 people with links to serious organized crime investigations, information and evidence concerning vulnerable children, as well as sensitive information on hundreds of children with special educational needs, are among the cases of lost removable media with unencrypted data.

Additionally, it drew attention to a case involving a financial services company, which was unable to locate the whereabouts of two backup disks that contained more than half a million customer details; as well as a case relating to a local authority in Scotland, which misplace two laptops that had personal information of over 20,000 people stored on it. In both instances, the data was not encrypted.

The UK’s Data Protection Act of 1998, which stems from The Data Protection Directive and is thus closely similar to privacy laws across the European Union, states in its Principle 7:

“Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

The ICO recommends that organizations carry out a Privacy Impact Assessment to identify and reduce privacy risks of their projects. However, encryption should be always considered – of course, alongside a range of other technical and organizational security measures.

http://www.welivesecurity.com/2016/04/21/encrypt-or-face-a-huge-fine/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Cyberattacks on buildings more common than you think

By Narinder Purba

In an increasingly connected world, the threat posed by cybercriminals will extend further than ever before – the Internet of Things (IoT) is shaking things up. It’s no longer about computers or smartphones being at risk – any object, any ‘thing’ that is powered by a computer and/or connected to the internet, is a target. This can be seen in modern cars. Less than a generation ago, it was have been unthinkable that these modes of transport could be hacked.

However, as WeLiveSecurity has reported, this is very real – cars, along with other ‘non-computer’ things, such as toys, are vulnerable to cyberattacks.

The discussion – and the threat – is widening it seems, with a recent BBC News feature highlighting the fact that buildings are increasingly susceptible to cybercrime.

In the report, it is estimated that the number of connected buildings, including hospitals, research facilities and even churches – in the world number around 50,000. Worryingly, 2,000 of these are thought to have no password protection in place.

Even organizations like Google, known for being proactive in boosting the security of the web, are not immune to this threat, as an incident revealed in 2013.

Two white-hat security researchers from the US managed to hack into the building management system of an office belonging to the tech giant in Sydney, Australia.

While this was just a test, actual cyberattacks to buildings are “happening all the time”, explained Martyn Thomas, a professor of IT at Gresham College in the UK, in the BBC’s report.

Andrew Kelly, principal security consultant at defence company Qinetiq, shares this assessment, stating that specific types of cyberattacks – especially ransomware – are “on the horizon”.

And Mr. Kelly is concerned about the state of play today. His research into smart buildings, for example, was a revelation, with building management systems found to be most at risk. “In all cases, pretty much without fail, these systems had been procured without thought to how to make them secure. I was absolutely shocked,” he told the broadcaster. “We saw systems installed with default passwords where it would be a trivial exercise for someone remotely to gain access.”

http://www.welivesecurity.com/2016/04/20/buildings-risk-cyberattacks/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 

Software AG, premier trimestre 2016: démarrage en flèche

Croissance du chiffre d’affaires et des bénéfices

Software AG (Frankfort TecDAX: SOW) communique les résultats provisoires au premier trimestre de 2016. L’entreprise poursuit sa transformation en améliorant tous les paramètres de performance. Le chiffre d’affaires total a enregistré une croissance de neuf pourcent, suite à une augmentation de 31%  en vente de licences. Le chiffre d’affaires produits (licences et maintenance) a connu une croissance de 11 %. La Digital Business Platform (DBP) a augmenté de 6% , avec une croissance des licences de 7% et de 5% en ce qui concerne la maintenance. Le concept Digital Business Platform intègre tous les produits pour la transformation digitale et l’optimisation des processus, à savoir ARIS, Alfabet, Apama, Terracotta et webMethods.

Le communiqué complet est disponible en anglais sur www.softwareag.com

A propos de Software AG

Software AG procure aux clients les outils nécessaires leur permettant d’innover, de se différencier et de s’imposer dans le monde numérique. Ses produits aident les entreprises à combiner des systèmes existants, installés sur site ou externalisés (dans le cloud), au sein d’une plate-forme unique afin d’optimiser et de numériser leurs activités. Le fait de combiner la gestion de processus, l’intégration de données et l’analytique temps réel dans une seule et même plate-forme middleware permet aux clients d’améliorer leur efficacité opérationnelle, de moderniser leurs systèmes et d’optimiser leurs processus en vue de prises de décisions plus pertinentes. S’appuyant sur plus de 45 ans d’innovation tournée vers le client, Software AG est considéré comme un leader dans de nombreuses catégories informatiques novatrices. Software AG emploie plus de 4.400 personnes dans 70 pays et a réalisé un chiffre d’affaires total de 873 millions d’euros en 2015.

AI and humans successfully ‘predict most cyberattacks’

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed an artificial intelligence (AI) platform that can ‘predict 85% of cyberattacks’, so long as it benefits from human input.

Its latest paper, AI2: Training a big data machine to defend, revealed that this unique approach is capable of delivering better results than machines or humans would be able to alone.

The collaborative effort sees the AI system take the lead – it ‘combs’ through data, highlighting the parts it considers to be suspicious and characteristic of cyberattacks.

Humans then take over, analysing the information provided by the system to then validate the findings. Feedback is then passed back to the system, helping improve AI2’s detection capabilities.

This process continues and with each iteration, its ability to accurately identify cyberattacks improves.

“You can think about the system as a virtual analyst,” explained Kalyan Veeramachaneni, a research scientist at CSAIL who co-developed the system.

“It continuously generates new models that it can refine in as little as a few hours, meaning it can improve its detection rates significantly and rapidly.”

What is interesting about these findings is that it underscores the importance of human input, as a recent Wired article noted.

Speaking to the publication, Mr. Veeramachaneni explained that with cybersecurity evolving all the time, non-machine insight is something that cannot be replicated.

He said: “The attacks are constantly evolving. We need analysts to keep flagging new types of events. This system doesn’t get rid of analysts. It just augments them.”

http://www.welivesecurity.com/2016/04/18/ai-humans-successfully-predict-cyberattacks/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

ESET lance la version beta d’ESET Internet Security, son nouveau produit pour les consommateurs

ESET®,  pionnière depuis plus de deux décennies, à l’échelle internationale, de la protection proactive, lance aujourd’hui la version beta d’ESET NOD32® Antivirus 10 ainsi qu’ ESET Internet Security , un tout nouveau produit conçu pour les consommateurs.

Le programme beta d’ESET- ESET Beta Program - présente en avant-première le nouvel ESET Internet Security, qui dispose de la fonctionnalité Home Network Protection qui protège les réseaux domestiques, permet de tester les vulnérabilités du routeur et de voir les appareils connectés au même point d’accès. Ceci doit aider les utilisateurs à voir le degré de sécurité de leur réseau domestique.

ESET Internet Security lance également Webcam Protection, une fonctionnalité qui contrôle les processus et applications des caméras web connectées aux ordinateurs et affiche des messages lorsque des applications indésirables essayent d’avoir accès à la caméra.

« Le tout nouveau produit ESET Internet Security vient s’ajouter à notre portefeuille de produits primés et offre aux utilisateurs les meilleures fonctionnalités en matière de détection, de vitesse et de convivialité. Ces nouveaux produits ajoutent, à nos protection multi couches existants, un ensemble de fonctionnalités centrées sur la protection de la vie privée ainsi que de la convivialité facilitateurs pour les utilisateurs », explique Marc Mutelet, CEO de MGK Technologies, distributeur exclusif des produits ESET sur la Belgique et le Luxembourg.

Le portefeuille de produits ESET pour consommateurs comporte de nombreuses fonctionnalités ayant fait leur preuve, telles que l’anti hameçonnage - Anti-Phishing, le pare-feu personnel - Advanced Personal Firewall, la protection bancaire et payement -  Banking & Payment Protection ou ESET LiveGrid® .

Téléchargez aujourd’hui la toute nouvelle version et rejoignez la communauté ESET Beta Program pour être parmi les premiers à avoir accès au nouvel ESET Internet Security.  

ESET brengt bèta versie van ESET Internet Security, zijn nieuwe product voor consumenten

ESET®, al meer dan twee decennia wereldwijd pionier in proactieve bescherming, brengt vandaag  de bèta versie van ESET NOD32® Antivirus 10 alsook ESET Internet Security , een gloednieuw product ontworpen voor de consumenten.  

Het ESET Beta Program biedt een voorproefje van de gloednieuwe ESET Internet Security met de Home Network Protection functionaliteit die de thuisnetwerken beschermt, de kwetsbaarheden van de router kan testen en de toestellen aangesloten op hetzelfde toegangspunt laat zien.  Zo ziet de consument de beveiligingsgraad van zijn thuisnetwerk.

ESET Internet Security brengt eveneens Webcam Protection, een functionaliteit voor toezicht over de processen en toepassingen van aangesloten webcams en berichten tonen als ongewenste toepassingen de webcam proberen binnen te dringen.

“De gloednieuwe ESET Internet Security komt de portefeuille van bekroonde producten uitbreiden en biedt de gebruikers de beste functionaliteiten op het vlak van detectie, snelheid en gebruiksvriendelijkheid. Deze nieuwe producten voegen een reeks  functionaliteiten  toe aan onze gelaagde bescherming waarbij de focus ligt op beveiliging van de privacy alsook op de gebruiksvriendelijkheid”, aldus Marc Mutelet, CEO van MGK Technologies, exclusief distributeur van ESET voor België en Luxemburg.

De portefeuille ESET producten voor de consument bevat talloze bewezen functionaliteiten zoals Anti-Phishing,  Advanced Personal Firewall,   Banking & Payment Protection en ESET LiveGrid® .

Download vandaag de gloednieuwe versie en sluit aan bij ESET Beta Program  om bij de eersten te zijn die toegang krijgen tot de nieuwe  ESET Internet Security. 

The security review: Facebook scam, webcam security & Qbot

By Narinder Purba

Welcome to this week’s security review, which includes a detailed look at a new video scam sweeping Facebook with a worryingly high success rate; news of a record cash settlement over a hospital data breach; the return of a data-stealing malware dubbed Qbot; and an SMS phishing scam which is said to have targeted Apple customers due to their higher disposable income.

My video, My first video, Private video: Don’t fall for this Facebook scam

ESET’s Lukas Stefanko reported on a new Facebook scam that is having a high level of success around the world. It comes on the back of another similar scam, which tricks users into buying discounted Ray-Ban sunglasses. “This time, malicious links are disguised as a post on a timeline you were tagged in, or as a message sent to you via Messenger by a friend,” he explained. Using one of the titles ‘My first video’, ‘My video’, ‘Private video’ … it tags various people from a victim’s friend list and lures them into clicking on it.”

How do you protect your webcam?

After FBI director James Comey revealed that he covers his webcam with tape to protect his privacy, WeLiveSecurity asked the question: How do you protect your webcam? The results of a quick and ongoing poll revealed that Mr. Comey is not alone in deploying his seemingly unique solution. Presently, 40% of people state that they cover their built-in camera.

Medical data breach leads to a record cash settlement

A state court judge in California approved the highest ever per-plaintiff cash settlement, following a data breach in a hospital computer system. Two victims filed a class action lawsuit against the St. Joseph Health System (SJHS) after finding their medical records online during a routine search. The data breach case will cost the SJHS up to $28 million in total, with the plaintiffs receiving $7.5 million each.

Qbot returns: New strain of data-stealing malware detected

A new, updated strain of the data-stealing malware Qbot was identified by security researchers at BAE Systems. According to the company’s report, more than 54,000 computers have been infected across thousands of organizations, and the malware is both “harder to detect and intercept” than previous strains.

Scammers target Apple customers for bigger rewards

Apple customers are being targeted with a new phishing scam designed to harvest their personal information, it was revealed. Victims of the scam received an SMS message that linked to a fake Apple website which then asked them to provide their login credentials and credit card details. Independent security analyst Graham Cluley has suggested that the scammers “deliberately took advantage of people’s trust in the Apple brand,”  while targeting its customers for their higher disposable income.

FDIC suffers ‘inadvertent’ data breach affecting 44,000 customers

A former employee of the Federal Deposit Insurance Corp. was able to breach the personal information of 44,000 customers, after leaving the agency with the data downloaded to a personal storage device. An internal memorandum revealed that the data was downloaded “inadvertently and without malicious intent,” but the incident again highlighted security weaknesses in federal cyber systems.