Communications capabilities are essential to the success of organizations everywhere. Voice, e-mail, text messaging, multimedia messaging, file sharing, streaming video, conferencing, collaboration, and more you can’t do business without them. But as traffic volumes and the number of communications services in use continue to grow, so do the IT and operational challenges.

Communications services have historically been provisioned by, and are of course still widely available from, broadband landline and wireless carriers who seek value-added revenue to offset the commodity nature of their “big dumb pipe” core businesses. But there are also numerous third-party solution suppliers, private implementations, and unified communications (UC) product and service capabilities. In addition, an increasing number of cloud-based services many of which are often aimed squarely at consumer end-users rather than organizations are seeing significant organizational application, and unfortunately often via backdoor or shadow-IT routes.

This robust array of alternatives has created an organizational communications-services landscape that is both large and complex, with challenges related to cost, reliability, interoperability, compliance, management visibility, and security that absolutely must be addressed.

What’s the difference between overall organizational success and results that otherwise fall short? Often the differentiating element is the strategic application of multi-modal, high-availability communications capabilities.

But with so many staff members now working remotely or otherwise mobile, and with BYOD (bring your own device) a more-than-significant element in the provisioning of both communications devices and services, it’s critical to understand demand, options, and solutions strategies that can produce the best results in any given case. There are two key elements at work here, as follows:

These essentials lead to a number of key considerations that every organization must consider, as follows:

Building an appropriate communications solution set, as we noted above, can be very complex. There are two key sets of strategic alternatives here, as follows:

Three additional considerations enter into the above decisions, as follows:

SUNNYVALE, Calif. (BUSINESS WIRE) Cequence Security today released a new report that highlights both the

security and productivity challenges resulting from the growing number

of bot attacks targeting today’s hyper-connected organizations. The

research, commissioned by Cequence Security and conducted by Osterman

Research, is based on data from 211 large enterprises across the US. All

of these organizations have been the victim of automated bot attacks.

Bot attacks often use previously stolen user credentials to gain

unauthorized access to the web, mobile, and API application services

that organizations rely on to support business processes and engage with

their customers. “Companies in our research have deployed an average of

482 different applications, on premises or in the cloud, and they are

being targeted more than 500 times each day,” explained Michael

Osterman, CEO of Osterman Research. “The top three attack types most

disruptive to their businesses are account takeover, application denial

of service, and API/business logic abuse.”

The research revealed that 90% of these organizations have deployed a

web application firewall (WAF) as an essential line of defense, and 85%

have at least one full-time person focused on bot defense. Despite these

investments, organizations reported that they spend an average of 2,880

minutes (48 hours) to detect the bot attack, plus another 48 hours to

effectively mitigate the event. Based on their reported labor costs, it

means that enterprises are spending more than $177,000 annually on human

capital to manage bot attacks.

“If you dig a little deeper, you discover that more than a third of

these companies have also deployed first-generation bot management tools

in addition to their WAF,” explained Franklyn Jones, CMO at Cequence

Security. “That sounds like a smart move until you realize that 100% of

those companies must continuously spend time modifying hundreds of Web

and mobile apps in an attempt to detect bot traffic. That’s a poor use

of skilled labor and likely a big contributor to their labor costs.”

First-generation bot management tools helped to reduce detection time to

600 minutes (10 hours) on average, but the time required for bot

mitigation remained unchanged at 2,880 minutes.

The report also revealed the top three capabilities customers would like

to have integrated into a bot management solution:

“The data from this research report reveals two key requirements large

enterprises want innovative solutions that can strengthen the security

posture of their organizations, and almost as important, they want

automated solutions that will improve the productivity of their security

teams,” said Osterman.

Cequence Security and Michael Osterman will present more details from

this research during a live webinar scheduled for January 30, 2018. To

click

here

About Cequence Security

Cequence Security delivers automated security software solutions for

today’s hyper-connected organizations that rely on web, mobile, and API

application services to connect customers, partners, and suppliers. The

Cequence Application Security Platform can be deployed on premises or in

the cloud to automatically strengthen the security posture of

application infrastructures, while improving the productivity and

efficiency of IT resources. The Cequence Security management team

includes former leaders of Palo Alto Networks and Symantec. The company

is venture-backed and headquartered in Sunnyvale, CA. Learn more at www.cequence.ai .

Contacts

Dan Chmielewski

Madison Alexander PR

Office: +1 714-832-8716

Mobile:

+1 949-231-2965

Sysdig,

features for Sysdig Secure, part of the Sysdig Cloud-Native Intelligence

Platform. The Sysdig platform is the only unified platform on the market

that provides cloud-native security, monitoring, and forensics. Today’s

enhancements add advanced Kubernetes auditing and vulnerability

management, service-based access control, and security analytics, along

with simplified compliance to give users a complete view of the health

and risk profiles of their container environments.

With the introduction today of Sysdig Secure 2.2, Sysdig continues to

Cota

and Quby ,

the ability to detect behavioral anomalies across their entire

infrastructure. Sysdig Secure is built on the same core instrumentation

as the open source Sysdig project, Falco ,

which was included as a CNCF Sandbox project in October.

Introducing

Sysdig Secure 2.2 Kubernetes Auditing, Compliance, and Access Control

“Modern infrastructures drastically increase the number of moving parts,

creating a bigger surface area for attackers to exploit. It can be a

nightmare for security professionals, but it doesn’t have to be,” said

Knox Anderson, Product Manager, Sysdig. “With the latest features

announced today for Sysdig Secure, enterprises have enhanced visibility,

answering the questions of, ‘who is doing what within Kubernetes.’”

With the Sysdig Cloud-Native Intelligence Platform, enterprise customers

are able to monitor, secure, and troubleshoot without needing to

instrument individual containers or configure exporters. By using a

single point of instrumentation to unlock a completely new source of

data, Sysdig provides visibility into containers and microservices with

the least amount of burden on the environment.

Sysdig Secure 2.2 Features

Adds new detections based on audit

Sysdig is the first cloud-native

security provider to tap the recently released Kubernetes Audit

Policy, creating an additional feed of events to monitor. Virtually

all cluster management tasks are done through the API server;

therefore, the audit log contains all changes made to the cluster. By

tapping the kube-apiserver, Sysdig can alert administrators of

suspicious and notable behavior. These alerts help users quickly

identify incidents that could negatively impact the business and lets

operators answer who did what, where, and when.

Sysdig Teams Service-based access control

Sysdig

service-based

give users access to only the information that is pertinent to them.

The ability to control team privileges to hosts, namespaces, clusters,

and deployments, exposes information only to those who need it, making

it easier to respond to incidents and adding another layer of security

by limiting exposure to information outside the scope of individual

teams.

Admissions controller

Sysdig Secure 2.2 has added the ability to

natively integrate with Kubernetes admission controllers. Through

mutating webhooks, Kubernetes can authenticate with Sysdig Secure to

prevent unscanned or vulnerable images from being deployed on a

cluster. This non-intrusive approach allows organizations to validate

images at the Kubernetes level rather than container runtime.

Leveraging Kubernetes labels

With the introduction of

Kubernetes resource-specific scheduling of CIS Compliance Benchmarks,

Sysdig Secure 2.2 further eases the pain of measuring and enforcing

compliance across a distributed environment. Scoping enables users to

limit scans to specific Kubernetes resources, which saves time by

limiting compliance checks to the logical entities that are important

to auditors.

Security Analytics Integrating metrics for a full view

For

users who pair Sysdig Monitor with Sysdig Secure 2.2, they have access

to more than 90 new metrics that are sent to the Sysdig platform. By

viewing Sysdig Secure metrics with the Sysdig Monitor data on the same

dashboards, enterprises gain visibility into the performance, health,

compliance, and security posture of their environment on a single

dashboard.

Availability

Sysdig

Sysdig

Monitor

Sysdig Secure at KubeCon + CloudNativeCon

Sysdig is currently demoing the Sysdig Cloud-Native Intelligence

Platform at KubeCon + CloudNativeCon North America 2018, booth #P14.

Intro:

Falco

Deep

Dive: Falco

About Sysdig

Sysdig is the cloud-native intelligence company . Enterprises

depend on Sysdig to deliver reliable, secure containerized applications.

We have created the only unified platform to deliver container security,

monitoring, and forensics in a microservices-friendly architecture. Our

open source technologies have attracted a community of over a million

developers, administrators, and other IT professionals looking for deep

visibility into applications and containers. Our cloud-native

intelligence platform monitors and secures millions of containers across

hundreds of enterprises, including Fortune 500 companies and web-scale

properties. Learn more at www.sysdig.com .

Contacts

Media Contact

280blue,

Amanda McKinney

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Ever since the world has become one enormous marketplace, we have seen a constant change in how businesses take place. This has been further fueled by new technologies and rapidly evolving customer expectations. Even the highly regulated banking and finance sector in recent times has witnessed the constant metamorphosis of its business models to stay ahead in disruptive times.

Hence, when it comes to the financial services ecosystem, the FinTech industry plays a significant role in determining how the sector moves forward. Today, FinTech disruptors are changing how everything works lending, payments, insurance, credit settlements, and more. In response, banks and traditional financial institutions are either partnering with FinTech companies or developing and deploying their own solutions. Backing that up, a PwC report titled ‘ Financial services technology 2020 and beyond: Embracing disruption’ states that global investments in FinTech have more than tripled since 2014 to cross $12 billion. Since FinTech solutions now play a significant role in the financial services value chain; let’s see what’s in store for 2019:

Intelligent Banking Channels

To deliver the next level of personalization for users performing banking activities, financial service providers are tailoring each channel to adapt intelligently. By studying customer patterns and behaviours, banks can personalize the interface to suit a user’s specific user preferences. This will translate into a unique usage journey for every end user and early adopter banks stand to gain a competitive edge because of the level of personalization and end-user satisfaction offered.

Multi-Experience Banking

Banks have started offering multi-channel experiences that go beyond branch visits or phone banking. A user can now interact with a bank through multiple channels such as apps, web, smart speakers, digital voice assistants, and more. However, to ensure delightful user journeys, banks will have to ensure seamless consistency across all channels. Apart from all these, going forward, banks will find the need to include augmented reality, virtual reality, and more to stand out as a competent leader.

Voice-Assisted Banking

Voice banking is already popular and soon we can see it also offering support for regional and vernacular languages. We have already seen a rise in popularity of virtual personal assistants (Siri, Cortana, and Google Assistant) and smart speakers (Amazon Echo, Google Home, and Apple HomePod). With NLP (Natural Language Processing) becoming more mainstream, the time isn’t far when virtual assistants and smart speakers enabling a user to perform banking transactions would be the most preferred option.

Narrow AI in Banking

AI has slowly made inroads into a lot of different business landscapes. In the banking and financial services industry, we expect narrow AI (designed to handle a specific task) to improve operational efficiency and accuracy by automating tasks that are repetitive and manpower intensive in nature. This would free up bank resources to focus on activities that are more value generating.

Rise of Open Banking

Open banking is an approach that usesopen APIs to enable third-party developers to build applications and services around the financial institution resulting in greater financial transparency for account holders ranging fromopendata to private data. For example, in India, UPI powers multiple banks account into a single mobile application of any participating bank, merging several banking features, seamless fund routing and merchant payments under one platform. Going forward, we can see open banking gaining more traction in many more countries and economic regions.

Corporate Onboarding

Traditionally, corporate onboarding of customers would take several weeks in contrast to the few minutes it would take to onboard a retail customer. But if one were to factor that a corporate banker would also be a retail customer, it would be likely that they would share the same expectation when it comes to simplifying the processes involved in corporate onboarding. So far, there has been a dearth of corporate banking apps but this trend is changing. Banks have started partnering with FinTech companies to leverage the power of digital to significantly reduce onboarding times.

Connected Cloud Services

As banks are turning to a mix of public, private, and hybrid clouds for their infrastructure, cloud-based banking is becoming commonplace. No bank will ever move all its sensitive data to the cloud due to compliance and security risks, but a newfound balance in determining the choice between different cloud formats. As significant as the shift towards cloud-based computing has been, it is just getting started. Many banks and financial service providers are opting for Software-as-a-Service (SaaS) applications for non-core business processes such as CRM, HR, and financial accounting along with ‘point solutions’ for security analytics and KYC verification. However, in 2019, some core services of banks will also move to the cloud and this will include payments, remittances, credit scoring, account billing, and more.

Data Privacy Framework

Security and privacy are underlying concerns present in every activity of a bank. How banks handle sensitive data is an issue that will determine where the industry is heading over the next few years. The way banks collect, use, and store Personally Identifiable Information (PII) will thus be key. The Reserve Bank of India is working on norms that will dictate this space both inside and outside India and several updated regulations will soon populate the space. Banks should be prepared for such changes and more. Risks involved will continue to revolve around the use of third-party vendors, complex technologies, cross-border data transfers, mobile technologies penetration, and advancing security threats.

The FinTech industry is one that is built with disruption in mind based on a report by PwC titled ‘ Digital Banking Consumer Survey: Mobile users set the agenda ’. In 2019, this disruption will come to the forefront and change the banking and financial services industry. Early movers and adopters are sure to see major gains in the future, and users are becoming increasingly clear on their preference for tech-based banking.

12 月 15 日-12 月 16 日，由腾讯公司微信事业群主办的「WeGeek 微信小程序黑客马拉松」将在北京正式启动，Hackathon 面向全球小程序开发者、爱好者，旨在通过微信小程序平台进行小程序的创新开发，共同建设小程序生态。

Hackathon 一经发布备受圈内外关注，报名通道开启两周内即有近 500 人报名，通过先后两轮筛选共入围 160 人，现场预计将有近 40 支团队进行小程序开发。

现公布本次小程序黑客马拉松的主题及评分规则等事宜，快来了解一下吧~

本次 WeGeek 微信小程序黑客马拉松主题分为「工具、生活服务、教育」三大类目，各团队可选择任意类目进行小程序开发，最终奖项将进行统一评选。各团队开发内容可包括但不限于以下参考方向：

例如：提供日常消费记账，实时汇率查询换算，公共交通便捷支付，极端天气预警和查询，办公文档设计，旅行计划制定，朋友聚会发起，活动报名与抽奖，个人健康数据管理，企业 OA 及流程管理等服务。

例如：提供家政陪护预约，公益环保宣传或发起，婚庆摄影摄像，美容美发预约，社区生活服务的查询办理等服务。

例如：提供校园教务查询，学习计划制定，在线词典查询，早教育儿培训，特殊人群教育等服务。

本次评分由评委打分和团队互评两部分组成，满分为 100 分，评委分数占 70%，团队互评占 30%。其中评委从作品的完成度、创意性、实用性、商业前景四个维度点评打分，团队对最喜欢的 5 个作品投票。工作人员核对提交数据后为有效计分。

本次微信小程序黑客马拉松召集了各大互联网公司的开发者、在校大学生等众多微信小程序爱好者参与，期待大家的表现！

学生跑马，导师陪跑！

经过一个通宵的奋战，同学们的作品已经有了雏形。

12月9日凌晨6点多，各个队伍再次根据项目，进行最后的调整和修改。上午8:30，16个队伍的文案作品已经全部出炉，在工作人员的配合下，统一上传到河南创业圈以及慧谷双创两个公众号进行线上拉票！

同学们一边调动身边所有力量进行线上拉票，一方面又紧锣密鼓地修改下午场的线下路演ppt。而工作人员这边，也在每半小时进行一次数据统计。看着同学们不断上涨的阅读量，不得不佩服他们的拉票能力以及文案创作能力！

随着线上拉票紧锣密鼓地进行，下午2:30，线下路演也开始了。下午环节，参赛队伍分别根据“河南创业圈的推广方案”、“创赢中原广播栏目的策划”、“8度榨汁杯的营销宣传”为主题，进行项目展示。经过24小时的头脑风暴，各项目负责人信心满满地站在舞台上展示自己的想法。

两个多小时的路演过，让大家见识了当代00后大开的脑洞、新潮的思想、开阔的眼界、以及超强的执行力。有的项目视频拍摄创意赞、有的项目数据分析强、有的项目在鬼马的同时也不失可实施的价值、有的项目则能调动商家资源进行合作，在24小时内的封闭空间的情况下，竟然把榨汁杯卖给了火锅店......

连评委都惊讶于这届学生出色的能力。

路演进行时，赛场的8位评委也分别根据项目特点，给出了有针对性的指导意见。

经过两个多小时的激烈角逐，线下路演已经全部结束，线上投票通道也已经关闭。根据线上占比百分之六十，线下路演分数占比百分之四十的规则，最终选出了一二三等奖以及3个专项奖。

一等奖获奖项目，会获得由慧谷双创提供的10万元创业大礼包。包含慧谷双创青年创新创业导师团“一对一”长期结对跟踪辅导以及风险基金投资及创业支持。

3个专项奖获得项目及校领导合影

三等奖获奖项目及导师合影

二等奖获奖项目及导师合影

一等奖获奖项目及校领导合影

本次大赛旨在发掘高校优秀人才与创业项目，寻找优秀新媒体创业者，提升大学生创新创业能力以及新媒体技能。

本次大赛所有获奖项目成员，都会纳入慧谷双创人才成长体系中，在场地、项目辅导、政策咨询、投融资等方面将给予最大力度的支持，同时对项目成员进行跟踪服务，帮助项目尽快发展壮大。

颁奖结束，资深创业导师刘杨、张晨伟针对本次大赛做了总结发言。刘杨老师说，他很惊讶于本次大赛学生们的想象力与创造力，在项目路演进程中，他发现了很多自己以前没有想到的创意，希望同学们能够再接再厉。而张晨伟老师，则建议一些项目能够结合市场情况尽快落地，毕竟试错成本小，而因此得到的收获却是无穷的，用他经常说的一句话：干就完啦！

最后，慧谷双创创始人杨晏进行了总结发言。杨总则站在创业角度，为学生提供了实践学习的机会，为他们今后在就业和创业的道路上，提前打下了基础。

赛后，慧谷双创在黄淮学院创新创业园的五楼，设立了“慧谷双创新媒体创新实验室”，旨在更好的帮助大学生人才与社会接轨，使学生的才华得到施展，有更多能够发光的空间。

通过36小时不间断的比赛，我们看到了文传学子的新媒体素养、创新创业意识和坚持不懈的精神。希望黄淮学院学子再接再厉，在日后的比赛活动中取得更加优异的成绩！

作为河南最早成立的创新创业服务机构，慧谷双创也会不懈努力，在创业服务的道路上更上一层楼。

黑客马拉松校区招募

你也想当“跑马的汉子”吗？

你也想举办这样的马拉松活动吗？

根据美国政府问责办公室（GAO）向国会提交的最新报告，在 2015 年发生大规模的数据泄露事件后，美国人事管理局（OPM）仅落实了 80 项信息安全建议的 64% 。换言之，仍有 1/3 的信息安全措施缺位，导致 OPM 的网络仍易受到黑客攻击。GAO 表示：“总而言之，OPM 在实施改善其安全态势的建议方面取得了一定的进展，但仍需采取进一步的行动”。

在 2015 年 6 月份提交的报告中， OPM 透露有未经授权的第三方计算机访问了该机构的系统，导致约 420 万联邦雇员的个人信息泄露。

2015 年 7 月，OPM 又披露了第二波安全漏洞，其影响大约 2150 万人的背景调查相关文件和数据。

2015 年 2 月 ~ 8 月，在对 OPM 的部署的信息安全保护措施进行持续的审计之后， GAO 发布了四份不同的报告，其中详细列出了 80 项建议，以提升该机构的网络安全性。

遗憾的是，正如最新提交给国会的 2018 审计报告所述 ―― 截止 2018 年 9 月 20 日，该机构已经执行了 80 项建议中的 51 项（约占 64%）。

尽管未能及时实施 GAO 给出的剩余 1/3 的安全改进，OPM 首席信息官办公室的官员还是表示：该机构已经制定了计划，以便在 2018 年底之前，完成剩余 29 项建议中的 25 项，并采取其它补救行动。

不过，尽管 OPM 在声明中表现出了良好的意愿，但 GAO 得出的结论是 ―― 该机构未能提供任何充分的证据，以证明其余建议的实施情况。

勒索病毒是黑客通过锁屏、加密等方式劫持用户设备或文件，并以此敲诈用户钱财的恶意软件。黑客利用系统漏洞或通过网络钓鱼等方式，向受害电脑或服务器植入病毒，加密硬盘上的文档乃至整个硬盘，然后向受害者索要数额不等的赎金后才予以解密，如果用户未在指定时间缴纳黑客要求的金额，被锁文件将无法恢复。

2008年以前，勒索病毒通常不加密用户数据，只锁住用户设备，阻止用户访问，需提供赎金才能解锁。期间以LockScreen 家族占主导地位。由于它不加密用户数据，所以只要清除病毒就不会给用户造成任何损失。由于这种病毒带来的危害都能被很好地解决，所以该类型的勒索软件只是昙花一现，很快便消失了。

图：LockScreen勒索截图

2013年，以加密用户数据为手段勒索赎金的勒索软件逐渐出现，由于这类勒索软件采用了一些高强度的对称和非对称的加密算法对用户文件加密，在无法获取私钥的情况下要对文件进行解密，以目前的计算水平几乎是不可能完成的事情。正是因为这一点，该类型的勒索软件能够带来很大利润，各种家族如雨后春笋般出现，比较著名的有CTB-Locker、TeslaCrypt、Cerber等。

图：Tesla勒索截图

2017年，勒索病毒已经不仅仅满足于只加密单台设备，而是通过漏洞或弱口令等方式攻击网络中的其它机器， WannaCry就属于此类勒索软件，短时间内造成全球大量计算机被加密，其影响延续至今。另一个典型代表Satan勒索病毒，该病毒不仅使用了永恒之蓝漏洞传播，还内置了多种web漏洞的攻击功能，相比传统的勒索病毒传播速度更快。虽然已经被解密，但是此病毒利用的传播手法却非常危险。

图：Satan勒索病毒释放的永恒之蓝攻击工具包

瑞星安全专家通过对勒索病毒的传播速度、感染量、加密手段以及开发门槛选取了10个具有代表性的家族病毒进行分析，帮助用户更好的了解勒索病毒。

WannaCry勒索病毒，最早出现在2017年5月，通过永恒之蓝漏洞传播，短时间内对整个互联网造成非常大的影响。受害者文件被加上.WNCRY后缀，并弹出勒索窗口，要求支付赎金，才可以解密文件。由于网络中仍存在不少未打补丁的机器，此病毒至今仍然有非常大的影响。

图：WannaCry勒索病毒

Bad Rabbit勒索病毒，主要通过水坑网站传播，攻击者攻陷网站，将勒索病毒植入，伪装为adobe公司的flash程序图标，诱导浏览网站的用户下载运行。用户一旦下载运行，勒索病毒就会加密受害者计算机中的文件，加密计算机的MBR，并且会使用弱口令攻击局域网中的其它机器。

图：BadRabbit勒索病毒

GlobeImposter勒索病毒是一种比较活跃的勒索病毒，病毒会加密本地磁盘与共享文件夹的所有文件，导致系统、数据库文件被加密破坏，由于Globelmposter采用RSA算法加密，因此想要解密文件需要作者的RSA私钥，文件加密后几乎无法解密，被加密文件后缀曾用过Techno、DOC、CHAK、FREEMAN、TRUE、RESERVER、ALCO、Dragon444等。

图：GlobeImposter勒索病毒

Gandcrab是首个以达世币（DASH）作为赎金的勒索病毒，此病毒自出现以来持续更新对抗查杀。被加密文件后缀通常被追加上.CRAB .GDCB .KRAB 等后缀。从新版本勒索声明上看没有直接指明赎金类型及金额，而是要求受害用户使用Tor网络或者Jabber即时通讯软件获得下一步行动指令，极大地增加了追踪难度。

随着版本的不断更新，Gandcrab的传播方式多种多样，包括网站挂马、伪装字体更新程序、邮件、漏洞、木马程序等。此病毒至今已出现多个版本，该家族普遍采用较为复杂的RSA+AES混合加密算法，文件加密后几乎无法解密，最近的几个版本为了提高加密速度，对文件加密的算法开始使用Salsa20算法，秘钥被非对称加密算法加密，若没有病毒作者的私钥，正常方式通常无法解密，给受害者造成了极大的损失。

图：Gandcrab勒索病毒

Crysis勒索病毒家族是比较活跃的勒索家族之一。攻击者使用弱口令暴力破解受害者机器，很多公司都是同一个密码，就会导致大量机器中毒。此病毒运行后，加密受害者机器中的文件，删除系统自带的卷影备份，被加密文件后缀格式通常为“编号+邮箱+后缀”，例如：

病毒使用AES加密文件，使用RSA加密密钥，在没有攻击者的RSA私钥的情况下，无法解密文件，因此危害较大。

图：Crysis勒索病毒

Cerber家族是2016年年初出现的一种勒索软件。从年初的1.0版本一直更新到4.0版。传播方式主要是垃圾邮件和EK挂马，索要赎金为1-2个比特币。到目前为止加密过后的文件没有公开办法进行解密。

图：Cerber勒索病毒

Locky家族是2016年流行的勒索软件之一，和Cerber 的传播方式类似，主要采用垃圾邮件和EK，勒索赎金0.5-1个比特币。

图：Locky勒索病毒

撒旦Satan勒索病毒运行之后加密受害者计算机文件并勒索赎金，被加密文件后缀为.satan。自诞生以来持续对抗查杀，新版本除了使用永恒之蓝漏洞攻击之外，还增加了其它漏洞攻击。病毒内置了大量的IP列表，中毒后会继续攻击他人。此病毒危害巨大，也给不打补丁的用户敲响了警钟。幸运的是此病毒使用对称加密算法加密，密钥硬编码在病毒程序和被加密文件中，因此可以解密。瑞星最早开发出了针对此病毒的解密工具。

图：Satan勒索病毒

Hc家族勒索病毒使用python编写，之后使用pyinstaller打包。攻击者使用弱口令扫描互联网中机器植入病毒。此病毒的出现使勒索病毒的开发门槛进一步降低，但是危险指数并没有降低。通常使用RDP弱口令入侵受害机器植入病毒。早期版本使用对称加密算法，密钥硬编码在病毒文件中，新版本开始使用命令行传递密钥。

图：Hc勒索病毒

图：LockCrypt勒索病毒

2018年1至10月，瑞星“云安全”系统共截获勒索软件样本42.82万个，感染共计344万次，其中广东省感染94万次，位列全国第一，其次为北京市48万次，浙江省20万次及上海市18万次。

图：2018年1至10月中国勒索病毒感染状况

通过对瑞星捕获的勒索样本分析发现，一月为勒索病毒高发期，感染共计62万次，位列第一，其次为三月48万次，以及6月与7月45万次。

图：2018年1至10月勒索病毒各月感染数量

通过对瑞星捕获的勒索样本按家族分析发现，WannaCry家族占比39%，位列第一，其次为Cerber家族与Locky家族占比24%。时隔一年，WannaCry勒索病毒依然影响最大，由此可以看出，很多企业互联网中仍然存在很多未打“永恒之蓝”漏洞补丁的机器，导致其危害至今仍在持续。

图：2018年1至10月各个勒索家族感染样本占比

2017年5月，一款名为WannaCry的勒索病毒席卷全球，包括中国、美国、俄罗斯及欧洲在内的100多个国家，我国部分高校内网、大型企业内网和政府机构专网遭受攻击较为严重。勒索软件利用的是微软SMB远程代码执行漏洞CVE-2017-0144，微软已在2017年3月份发布了该漏洞补丁。2017年4月黑客组织影子经纪人（The Shadow Brokers）公布的方程式组织（Equation Group）使用的“EternalBlue”中包含了该漏洞利用程序，而该勒索软件的攻击者在借鉴了“EternalBlue”后发起了这次全球性大规模勒索攻击。

图：WannaCry勒索病毒

2017年6月，一个名为“Petya（中文音译彼佳）”的新勒索病毒再度肆虐全球，包括乌克兰首都国际机场、乌克兰国家储蓄银行、邮局、地铁、船舶公司、俄罗斯的石油和天然气巨头 Rosneft、丹麦的航运巨头马士基公司、美国制药公司默克公司、美国律师事务所DLAPiper、乌克兰一些商业银行以及部分私人公司、零售企业和政府系统，甚至是核能工厂都遭到了攻击。影响的国家有英国、乌克兰、俄罗斯、印度、荷兰、西班牙、丹麦等。与WannaCry相比，该病毒会加密NTFS分区，覆盖MBR，阻止机器正常启动，影响更加严重。

图：Petya勒索病毒袭击全球

2017年6月份，韩国网络托管公司Nayana在6月10日遭受网络攻击，导致旗下153台linux 服务器与3,400个网站感染Erebus勒索软件。事件发生后，韩国互联网安全局、国家安全机构已与警方展开联合调查，Nayana公司也表示，他们会积极配合，尽快重新获取服务器控制权限。在努力无果后，Nayana公司最终还是选择以支付赎金的方式换取其服务器的控制权限，向勒索黑客支付价值100万美元的比特币，来解密指定的文件。

2017年10月，新型勒索病毒BadRabbit在东欧爆发，乌克兰、俄罗斯等企业及基础设施受灾严重。该病毒会伪装成flash_player，诱导用户下载，当用户下载后，病毒会加密特定格式文件，修改MBR，并索要比特币。BadRabbit可以通过弱口令和漏洞在局域网扩散，成为勒索病毒蠕虫化的典型代表。

2018年3月，湖北某医院内网遭到勒索病毒疯狂攻击，导致该医院大量的自助挂号、缴费、报告查询打印等设备无法正常工作。由于这些终端为自助设备，只提供特定的功能，安全性没有得到重视，系统中没有安装防病毒产品，系统补丁没有及时更新，同时该医院中各个科室的网段没有很好的隔离，导致勒索病毒集中爆发。

2018年7月，勒索病毒GlobeImposter众多变种开始在国内进行传播，各个变种加密文件后修改的文件后缀名也各不相同，其主要是通过垃圾邮件进行传播。GlobeImposter是目前流行的一类勒索病毒，它会加密磁盘文件并篡改后缀名为.Techno、.DOC、.CHAK、.FREEMAN、.TRUE等形式。由于其采用高强度非对称加密方式，受害者在没有私钥的情况下无法恢复文件，如需恢复重要资料只能被迫支付赎金。

1.加密手段复杂，解密成本高

勒索软件都采用成熟的密码学算法，使用高强度的对称和非对称加密算法对文件进行加密。除非在实现上有漏洞或密钥泄密，不然在没有私钥的情况下几乎没有可能解密。当受害者数据非常重要又没有备份的情况下，除了支付赎金没有什么别的方法去恢复数据，正是因为这点勒索者能源源不断的获取高额收益，推动了勒索软件的爆发增长。

互联网上也流传有一些被勒索软件加密后的修复软件，但这些都是利用了勒索软件实现上的漏洞或私钥泄露才能够完成的。如Petya和Cryptxxx家族恢复工具利用了开发者软件实现上的漏洞，TeslaCrypt和CoinVault家族数据恢复工具是利用了key的泄露来实现的。

2.使用电子货币支付赎金，变现快追踪难

几乎所有勒索软件支付赎金的手段都是采用比特币来进行的。比特币因为他的一些特点:匿名、变现快、追踪困难，再加上比特币名气大，大众比较熟知，支付起来困难不是很大而被攻击者大量使用。可以说比特币很好的帮助了勒索软件解决赎金的问题，进一步推动了勒索软件的繁荣发展。

3.Ransomware-as-a-server（勒索服务化）的出现

勒索软件服务化，开发者提供整套勒索软件解决方案，从勒索软件的开发、传播到赎金收取都提供完整的服务。攻击者不需要任何知识，只要支付少量的租金就可以开展勒索软件的非法勾当，这大大降低了勒索软件的门槛，推动了勒索软件大规模爆发。

1.针对个人用户常见的攻击方式

通过用户浏览网页下载勒索病毒，攻击者将病毒伪装为盗版软件、外挂软件、色情播放器等，诱导受害者下载运行病毒，运行后加密受害者机器。此外勒索病毒也会通过钓鱼邮件和系统漏洞进行传播。针对个人用户的攻击流程如下图所示：

图：攻击流程

2.针对企业用户常见的攻击方式

勒苏病毒针对企业用户常见的攻击方式包括系统漏洞攻击、远程访问弱口令攻击、钓鱼邮件攻击、web服务漏洞和弱口令攻击、数据库漏洞和弱口令攻击等。其中，钓鱼邮件攻击包括通过漏洞下载运行病毒、通过office机制下载运行病毒、伪装office、PDF图标的exe程序等。

1）系统漏洞攻击

系统漏洞是指操作系统在逻辑设计上的缺陷或错误，不法者通过网络植入木马、病毒等方式来攻击或控制整个电脑，窃取电脑中的重要资料和信息，甚至破坏系统。同个人用户一样，企业用户也会受到系统漏洞攻击，由于企业局域网中机器众多，更新补丁费时费力，有时还需要中断业务，因此企业用户不太及时更新补丁，给系统造成严重的威胁，攻击者可以通过漏洞植入病毒，并迅速传播。席卷全球的Wannacry勒索病毒就是利用了永恒之蓝漏洞在网络中迅速传播。

攻击者利用系统漏洞主要有以下两种方式，一种是通过系统漏洞扫描互联网中的机器，发送漏洞攻击数据包，入侵机器植入后门，然后上传运行勒索病毒。

图：通过系统漏洞扫描网络中的计算机

另外一种是通过钓鱼邮件、弱口令等其他方式，入侵连接了互联网的一台机器，然后再利用漏洞局域网横向传播。大部分企业的网络无法做到绝对的隔离，一台连接了外网的机器被入侵，内网中存在漏洞的机器也将受到影响。

图：入侵一台机器后再通过漏洞局域网横向传播

网上有大量的漏洞攻击工具，尤其是武器级别的NSA方程式组织工具的泄露，给网络安全造成了巨大的影响，被广泛用于传播勒索病毒、挖矿病毒、木马等。有攻击者将这些工具，封装为图形化一键自动攻击工具，进一步降低了攻击的门槛。

2）远程访问弱口令攻击

由于企业机器很多需要远程维护，所以很多机器都开启了远程访问功能。如果密码过于简单，就会给攻击者可乘之机。很多用户存在侥幸心理，总觉得网络上的机器这么多，自己被攻击的概率很低，然而事实上，在全世界范围内，成千上万的攻击者不停的使用工具扫描网络中存在弱口令的机器。有的机器由于存在弱口令，被不同的攻击者攻击，植入了多种病毒。这个病毒还没删除，又中了新病毒，导致机器卡顿，文件被加密。

通过弱口令攻击和漏洞攻击类似，只不过通过弱口令攻击使用的是暴力破解，尝试字典中的账号密码来扫描互联网中的设备。

图：弱口令扫描网络中的计算机

通过弱口令攻击还有另一种方式，一台连接外网的机器被入侵，通过弱口令攻击内网中的机器。

图：入侵一台机器再弱口令爆破局域网机器横向传播

3）钓鱼邮件攻击

企业用户也会受到钓鱼邮件攻击，相对个人用户，由于企业用户使用邮件频率较高，业务需要不得不打开很多邮件，而一旦打开的附件中含有病毒，就会导致企业整个网络遭受攻击。钓鱼邮件攻击逻辑图：

图：钓鱼邮件攻击逻辑

通过钓鱼邮件传播勒索病毒，主要有以下方式：

（a）通过漏洞下载运行病毒

钓鱼邮件附件携带攻击者精心构造的，含有漏洞的office文档、PDF文档或者含有浏览器漏洞的网址。如果没有安装对应办公软件补丁、浏览器补丁，打开之后就会触发漏洞，下载并运行勒索病毒。

此外，网上存在大量Exploit Kit（漏洞攻击包），漏洞攻击包里面集成了各种浏览器、Flash和PDF等软件漏洞代码。攻击者一键自动化生成钓鱼邮件，简直是勒索即服务。受害者点击链接或者打开文档就可以触发漏洞，下载运行勒索软件。常见比较著名的EK有Angler、Nuclear、Neutrino和RIG等。其中一款漏洞攻击包的操作界面如下：

图：漏洞攻击包的操作界面

（b）通过office机制下载运行病毒

除了漏洞之外，office的一些机制也可以被用来传播勒索病毒，office宏脚本、DDE、OLE等都曾被利用传播勒索病毒。有的攻击者为了防止被查杀，发送邮件时对附件中office文档进行加密，同时在邮件正文中附带密码。

图：钓鱼邮件

好奇心比较强的用户会输入密码打开文件，如果默认开启宏脚本，输入密码后病毒就会下载执行。

图：加密的文档

如果没有开启宏脚本，文件内容也会诱导用户启用宏。

图：诱导启动宏

（c）伪装office、PDF图标的exe程序

邮件附件携带的勒索程序会伪装为office文档图标，实际上是exe程序，如果系统默认不显示文件扩展名，那就很容易中招。

图：伪装图标

4）web服务漏洞和弱口令攻击

很多企业服务器运行了web服务器软件，开源web框架，CMS管理系统等，这些程序也经常会出现漏洞。如果不及时修补，攻击者可以利用漏洞上传运行勒索病毒。此外如果web服务使用弱口令也会被暴力破解，有些企业甚至一直采用默认密码从没有修改过。常见攻击逻辑如下图所示：

图：web服务攻击逻辑

Apache Struts2是世界上最流行的JavaWeb服务器框架之一， 2017 年Struts2被曝存在重大安全漏洞S2-045，攻击者可在受影响服务器上执行系统命令，进一步可完全控制该服务器，从而上传并运行勒索病毒。

5）数据库漏洞和弱口令攻击

数据库管理软件也存在漏洞，很多企业多年没有更新过数据库软件，甚至从服务器搭建以来就没有更新过数据库管理软件，有的是因为疏忽，也有的是因为兼容问题，担心数据丢失。如果不及时更新，会被攻击者利用漏洞上传运行勒索病毒。常见攻击逻辑如下图：

图：针对数据库的攻击逻辑

1.利用漏洞和弱口令植入勒索增多

传统的勒索病毒，一般通过垃圾邮件、钓鱼邮件、水坑网站等方式传播，受害者需要下载运行勒索病毒才会中毒。而通过漏洞和弱口令扫描互联网中的计算机，直接植入病毒并运行，效率要高很多。GandCrab、Crysis、GlobeImposter 等勒索病毒主要就是通过弱口令传播，GandCrab内部虽然不含漏洞攻击的部分，但是有证据表明攻击者已经开始使用web漏洞植入此病毒，而Satan更是凶狠，不仅使用永恒之蓝漏洞攻击，还包含了web漏洞和数据库漏洞，包括CVE-2017-10271 WebLogic WLS组件漏洞、CVE-2017-12149 JBOOS 反序列化漏洞、tomcat弱口令等，从而增加攻击成功的概率。因此防御勒索病毒也从传统的不下载可疑文件、不打开可疑附件，过渡到及时安装系统和web服务的补丁，不使用弱口令密码。

2.攻击者入侵后人工投毒增多

攻击者通过弱口令或者漏洞，入侵一台可以访问互联网的计算机后，远程操作这台机器，攻击局域网中的其它机器，这些机器虽然没有连接互联网，但是和被攻击的机器相连，因此攻击者可以通过这台机器攻击局域网的其它机器。所以内外网隔离非常重要，否则再坚固的堡垒，一旦从内部遭受到攻击，就会损失惨重。

攻击者一旦远程登陆一台机器，就会通过工具手工关闭杀软，植入并运行勒索病毒，并继续扫描攻击局域网中的其它机器。此外由于局域网中大量机器使用弱口令和相同密码，给攻击者提供了便利，因此及时更新补丁非常重要。

3.勒索病毒持续更新迭代对抗查杀

GandCrab勒索（后缀GDCB、CRAB、GRAB、KRAB）、Satan勒索（后缀Satan、dbger、sicck）、Crysis勒索（后缀arena、bip）、GlobeImposter勒索（后缀reserver、Dragon444）等勒索持续更新，每隔一段时间就会出现一个新变种，有的修改加密算法，增加了加密速度，有的为了对抗查杀，做了免杀、反调试、反沙箱，并且后缀也会随之改变。此外有的勒索病毒新版本开始使用随机后缀，从而增加受害者查找所中勒索类型的难度，迫使受害者只能联系攻击者留下的邮箱来进行解密。

4.针对有价值目标发起定向攻击逐渐增多

相对于广撒网方式，定向攻击植入勒索病毒的事件逐渐增多。攻击者一般会选择更有勒索价值的目标进行定向攻击，包括医院、学校、防护不足的中小企业等，这些企业通常防护不足，数据非常重要，如学生数据、患者医疗数据、公司业务文件等，一旦此类资料被加密，受害者支付赎金的可能性就会更高，所以攻击者会有针对性的定向攻击此类企业。

5.勒索病毒开发门槛进一步降低

一方面由于各种编程语言脚本都可以被用来编写勒索软件，大大降低了勒索软件的开发门槛，有不少刚接触计算机的未成年人也开始制作勒索软件。从近期捕获的勒索病毒样本来看，有使用python编写勒索软件，伪装为office文档图标的。有使用Autoit脚本编写勒索软件，伪装为windows更新程序的。还有使用易语言编写勒索软件，通过设置开机密码，或者锁定MBR来勒索的。知名的勒索病毒有PyCrypt勒索、hc勒索、Halloware勒索、Xiaoba勒索等。

另一方面暗网和黑市上存在不少勒索病毒生成器，攻击者输入自己的邮箱和勒索信息，一键生成勒索软件等业务，使不少盗号、DDOS、诈骗等其它犯罪领域的攻击者，也投入到勒索领域，加剧了勒索病毒的泛滥。

6.勒索软件在世界范围内造成的损失逐渐增大

很多公司为了及时恢复数据，平时就会存储一定量的比特币等虚拟货币，以防被勒索时支付赎金。但是更多的情况是，即使支付赎金，对业务也已经造成了非常大的损失。永恒之蓝WannaCry，攻击世界最大的芯片代工厂“台积电”，导致台积电停工三天，损失十几亿元人民币。Petya勒索病毒造成全球最大的集装箱航运公司马士基损失数亿美元、全球最大语音识别公司 Nuance 损失超过9,000万美元，此外受到该勒索病毒攻击的还有乌克兰中央银行、俄罗斯石油巨头 Rosneft、广告企业 WPP、律师事务所 DLA Piper等。以上数据还仅仅是冰山一角，还有很多不知名的公司和个人，由于遭受勒索病毒攻击，造成大量的经济损失，重要资料丢失。

1.浏览网页时提高警惕，不下载可疑文件，警惕伪装为浏览器更新或者flash更新的病毒。

2.安装杀毒软件，保持监控开启，及时升级病毒库。

3.安装防勒索软件，防御未知勒索病毒。

4.不打开可疑邮件附件，不点击可疑邮件中的链接。

5.及时更新系统补丁，防止受到漏洞攻击。

6.备份重要文件，建议采用本地备份+脱机隔离备份+云端备份。

1.系统漏洞攻击

防御措施：

（1）及时更新系统补丁，防止攻击者通过漏洞入侵系统。

（2）安装补丁不方便的企业，可安装网络版安全软件，对局域网中的机器统一打补丁。

（3）在不影响业务的前提下，将危险性较高的，容易被漏洞利用的端口修改为其它端口号。如139、445端口。如果不使用，可直接关闭高危端口，降低被漏洞攻击的风险。

2.远程访问弱口令攻击

防御措施：

（1）使用复杂密码

（2）更改远程访问的默认端口号，改为其它端口号

（3）禁用系统默认远程访问，使用其它远程管理软件

3.钓鱼邮件攻击

防御措施：

（1）安装杀毒软件，保持监控开启，及时更新病毒库

（2）如果业务不需要，建议关闭office宏，powershell脚本等

（3）开启显示文件扩展名

（4）不打开可疑的邮件附件

（5）不点击邮件中的可疑链接

4.web服务漏洞和弱口令攻击

防御措施：

（1）及时更新web服务器组件，及时安装软件补丁

（2）web服务不要使用弱口令和默认密码

5.数据库漏洞和弱口令攻击

防御措施：

（1）更改数据库软件默认端口

（2）限制远程访问数据库

（3）数据库管理密码不要使用弱口令

（4）及时更新数据库管理软件补丁

（5）及时备份数据库

通过以上分析，个人用户和企业用户都需要提高安全防范意识，采取必要的防御措施，抵御勒索软件等网络安全威胁。

（1）个人版安全软件

瑞星杀毒软件是基于瑞星“云安全”（Cloud Security）计划和“主动防御”技术开发的新一代信息安全产品，该产品采用了全新的软件架构和最新引擎，全面优化病毒特征库，极大提高了运行效率并降低了资源占用。软件新增加了欺诈钓鱼保护、恶意访问保护、注册表监控、内核加固等功能。

图：瑞星杀毒软件

（2）防勒索软件

瑞星之剑是一款针对未知与已知勒索病毒的防御工具，可进一步阻止勒索病毒破坏文件。采用了智能诱饵、基于机器学习的文件格式判定规则、智能勒索代码行为监测等技术，可有效阻止已知勒索病毒，有效防御未知勒索病毒破坏文件。

图：瑞星之剑

（1）各计算机终端设备部署企业版杀毒软件

对于规模较大、设备类型众多、维护工作繁重的企业，推荐使用网络版杀毒软件统一查杀，统一打补丁。

瑞星ESM（瑞星下一代网络版杀毒软件）集病毒防护、网络防护、桌面管理、终端准入、舆情监控于一体，全网络环境适用，可以实现物理机、虚拟机、Windows、Linux一体化管理，为企业用户提供了一整套终端安全解决方案。

该软件实现了多种防护模式自由设定，ATM机、银行自助终端机、地铁闸机、售检票系统、医院挂号机等终端设备按需设置，可对全网终端漏洞进行扫描，自由设定修复策略，终端可同时设定多个补丁中心，多个补丁服务器支持树形级联。

图：瑞星ESM部署示意

（2）网络入口部署防毒墙

瑞星防毒墙是集病毒扫描、入侵检测和网络监视功能于一身的网络安全产品。它可在网关处对病毒进行初次拦截，配合瑞星病毒库上亿条记录，可将绝大多数病毒彻底剿灭在企业网络之外，帮助企业将病毒威胁降至最低。

图：瑞星防毒墙界面

（3）虚拟化设备部署虚拟化专用版安全软件

越来越多的企业，开始大范围应用虚拟化技术，提升物理硬件资源利用率。但随之而来的问题是，传统的安全方案无法适应虚拟环境，存在资源占用过高、资源存储过于集中、设备老化、安全终端防护间隙等问题。因此虚拟化设备部署虚拟化专用版安全软件，就显得尤为重要了。

瑞星虚拟化系统安全软件是瑞星公司推出的国内首家企业级云安全防护解决方案，支持对虚拟化环境与非虚拟化环境的统一管控，包括VMware vSphere、VMware NSX、HUAWEI FusionSphere、浪潮InCloud Sphere、Windows系统与Linux系统等，可以有效保障企业内部虚拟系统和实体网络环境不受病毒侵扰。

瑞星虚拟化系统安全软件的完整防护体系由管理中心、升级中心、日志中心、扫描服务器、安全虚拟设备、安全终端Linux杀毒和安全防护终端等子系统组成，各个子系统均包括若干不同的模块，除承担各自的任务外，还与其它子系统通讯，协同工作，共同完成企业内部的安全防护。

图：瑞星虚拟化系统安全软件体系结构

图：瑞星虚拟化系统安全软件界面

（4）部署数据备份恢复系统

无论网络防护级别有多高，备份是必不可少的。企业用户由于业务复杂，数据库类型众多，无法手动实时备份，建议使用专业的备份恢复系统实时备份。

瑞星备份恢复系统可作为本地机房针对各种常见服务器故障的应急系统。一台安装了瑞星备份恢复系统的设备可通过和其他备用服务器建立“集中应急平台”实现200-300台X86服务器故障应急系统应急切换，几分钟完全顶替原机使用，实现系统及数据同步。

服务器的一体化备份和应急，可支持windows平台，VMware、Hyper-V等虚拟化平台以及Oracle、SqlServer、mysql、Sybase、达梦等所有数据库。

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

From Facebook-Cambridge Analytica’s fiasco to Google, 2018 has been a year of data breaches. The constant fear of losing our personal to hackers is haunting all of us and mind you, the data breach attempts are only going to increase as we get more digitally savvy.

If this hasn’t got you worried, then just imagine your email id is a doorway to a host of services you use which also includes your financial data your banking account, your credit card details and we can go on and on talking about this.

While you can continue to grumble about the big tech firms and other technology companies’ data security policies, safeguarding your information is a shared responsibility between you and the platforms.

So roll up your sleeves, and continue to read while we tell how you can safeguard your personal data in this era of breaches:

#Passwords

Do you know one of the most common passwords in the world is ‘password1234’? Don’t believe us? Look it up.

Your password needs to be strong and personal enough that not even your partner or best friend could crack it.

Our advice to you is use a combination of large and small cap alphabets, special character tagged along with information personal to you.

So say, for example, you were born in a Hinduja Hospital your password could be ‘I was born in Hinduja Hospital’ but as an acronym such as ‘!wB!Hh’ and add an important year in your life to this combination. You can play along and save them on a digital password locker which will help you remember them.

Having said, we also tend to use one password for all the services. Is there one key that helps you open all your locks? No, right?

Pankit Desai, Co-founder CEO, Sequretek shares that if you break it category wise, an e-commerce site may see more attacks or a banking app but the likelihood of the data leakage is from the one with weaker defence.

“If the data breach happens on one site, your info which is username and password is common, the hackers can use the same and attack you on other platforms in an attempt to steal your personal info to commit frauds,” he pointed out.

Additionally, opt for two-step verification while signing in from new devices. This will layer you up against a potential attack.

# Mobile Number

Almost every e-registration process requires us to share our mobile number and email id for e-verification.

Mandar Agashe, Founder and Vice-Chairman, Sarvatra Technologies advice us to use our email ids instead of our mobile numbers to access one time passwords (OTPs).

This, he believes, will secure us with at least layers of digital protection and hence, better security.

#Phishing emails

How many of us have an uncle or aunt in Africa who is willing to share his/her fortune with us? We would love this, but the reality is otherwise!

Desai says this may look like the simplest thing to understand but it is one the largest and most successful way to targeting innocent users. Hence, don’t go around sharing your info on emails which are promising you free gifts, million dollar lotteries or just asking for playing a quiz with them.

“Always make an effort to find the source of the email to know if it is real or fake. In one of our internal surveys, we sent out a phishing emails to a pool of people in an organisation, the results shocked the company, as 25 per cent of the people clicked on the malicious link while 11per cent replied to the mail in order to get their free gift,” he noted.

#Update Your OS

Golden rule no matter what, keep updating your phones operating system (OS).

Despite possibly being time-consuming and bothersome, Farrhad Acidwalla, founder, Rockstah Media and CYBERNETIV DIGITAL says these updates are indispensable to our day-to-day security. Developers and manufacturers are constantly pushing out patches to known and recently discovered vulnerabilities.

“Recently, a widespread Bluetooth vulnerability made headlines and affected manufacturers rushed out to put out a fix. However, if you were one of those affected and aren't on the latest operating system, you could be at risk of having your teenage neighbour read the communication between your devices,” he advised while adding a side tip, “Keep your Bluetooth off when not in use.”

#App Permission

Whenever you download a new app, it will ask your permission to access data on your phone, mainly your messages, contacts, gallery, etc.

Don’t just blindly accept it. Use your brains and understand - does the app really requires access to your data to function?

“These are very critical and personal details on our mobile phones and offering easy access to these details may lead to illegal usage of our data. It is always advisable to put off or disable access to these details in the apps and mobile phone settings. This will help us become more secure in terms of data usage,” Agashe suggested.

#Social Media Footprint

Are you into a habit to check-in every time you go out eat or share location every time you upload a picture? Well, chances are using the same data to profile you.

“Reduce your social media footprint or share it with a restricted audience. You can change the same in the settings of your account. It's a simple and yet an effective way to protect yourself to an extent,” Desai added.

Also, read the security and privacy policies of the portals you use. At least, you will know what you are signing up for.

#Public Wi-Fi

Love your coffee and free Wi-Fi? Well, think again.

A lot of people don’t understand how free Wi-Fi’s works and a lot of us weigh inconvenience versus security consciousness.

Acidwalla says, “Public Wi-Fi's have been perceived to be a hotspot for potential cyberattack as ordinary free public Wi-Fi's may not adopt the prevailing standards and encryption allowing malicious agents to access users’ devices.

How do you keep containers secure? That’s a big question, especially given how many distinct components you have to secure in a containerized environment.

But it’s a question that has clear answers. Keep reading for a primer on security best practices for every component involved in your container infrastructure.

Container security starts with securing the environment that hosts your containers. That environment can take three different forms.

The first is on-premises environments, where you set up and manage your own host servers and operating system for your containers. Here, you can enhance security in two main ways:

If you run your containers in a standard cloud-based environment using a service such as AWS ECS , you typically have less ability to fine-tune the host environment in a way that maximizes security than you do if you run everything yourself on-premises. But that doesn’t mean that you can offload security solely to the cloud provider. There are additional steps you can take to secure the host environment, including:

Over the past year or so, another type of cloud-based container strategy has become popular. It involves using fully managed container services, such as AWS Fargate . For many users, this approach provides the fastest way to get up and running with containers, but it also minimizes the amount of customization that you can perform at the level of the host environment to secure your containers. You can, however, ensure that you follow the principle of least privilege when using the fully managed container service.

Container orchestrators such as Kubernetes help you to manage containers, but they are not designed to secure them. And they themselves can pose a security risk if you don’t take steps to secure them by:

If you run containers in the cloud, there is less that you can do here, because your cloud provider most likely handles the installation and configuration of your orchestrator.

A container runtime is the process responsible for executing containers on the nodes that host your environment. It’s one of the most critical parts of your containerized software stack. It is also one that is difficult to secure using conventional security monitoring tools, which in most cases will treat the container runtime as a regular process and fail to understand the special security challenges related to container runtimes.

However, you can take steps to keep the runtime secure, including:

There are a plethora of container registries now available. All of the mainstream options are designed to be secure. But here again, you can take extra steps to make sure that your registry is even more secure:

Last but not least are container images themselves, which contain the code that powers your actual application (or a part of your application). Best practices for container image security include:

Container security starts with understanding your specific infrastructure and pipeline landscape and working to secure every component appropriately. This guide should get you started on your container security journey and help you to answer some of the big picture questions around how to get started.

阅读： 12

2018年11月绿盟科技安全漏洞库共收录257漏洞, 其中高危漏洞86个，微软高危漏洞59个。微软高危漏洞数量与前期相比基本持平，绿盟科技收录高危漏洞数量与前期相比下降。

文章目录

2018年11月绿盟科技安全漏洞库共收录257漏洞, 其中高危漏洞86个，微软高危漏洞59个。微软高危漏洞数量与前期相比基本持平，绿盟科技收录高危漏洞数量与前期相比下降。

注：a. 绿盟科技漏洞库的数据来自NVD、SecurityFocus、CNNVD、ZDI等网站，一般为应用程序漏洞/安全产品漏洞/操作系统漏洞/数据库漏洞/网络设备漏洞等；

b.由于NVD（NATIONAL VULNERABILITY DATABASE）漏洞评级更新较慢导致往期NVD公布高危漏洞总数持续较少，本期对过往一年NVD高危漏洞数据更新；同时NVD网站调整导致本月数据出现明显波动，图中显示本月NVD高危漏洞数量为0，可能未在数量上反映出真实的威胁态势。

时间：2018-11-14

摘要：微软于周二发布了11月安全更新补丁，修复了64个从简单的欺骗攻击到远程执行代码的安全问题，产品涉及.NET Core、Active Directory、Adobe Flash Player、Azure、BitLocker、Internet Explorer、Microsoft Drivers、Microsoft Dynamics、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JScript、Microsoft Office、Microsoft Office SharePoint、Microsoft PowerShell、Microsoft RPC、Microsoft Scripting Engine、Microsoft windows、Microsoft Windows Search Component、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Windows Audio Service以及Windows Kernel。

链接：http://blog.nsfocus.net/windows-november-patches/

时间：2018-11-19

摘要：安全厂商WatchGuard对2019年的网络安全趋势做出了预测，主要体现在八个方面，其中包括将出现一种新的无文件恶意软件Vaporworms，这一恶意软件具有蠕虫属性，可以通过易受攻击的系统自我传播，还包括对互联网基础设施的攻击，以及对公用事业和工业控制系统的勒索攻击。

链接：http://toutiao.secjia.com/article/page?topid=111141

时间：2018-11-15

摘要：美国网络安全公司Cylance于本周一揭露了一场以巴基斯坦军空军为目标的网络间谍活动。这项名为Operation Shaheen的网络间谍活动的实施者被认为是以前不为人知的APT组织The White Company。安全专家认为，The White Company很可能是一个由国家赞助的黑客团体，能够利用零日漏洞实施攻击。这一活动已持续一年，并仍在继续。

链接：http://toutiao.secjia.com/article/page?topid=111128

时间：2018-10-19

摘要：当地时间11月13日，Adobe官方发布了11月安全更新，修复了其产品中的多个漏洞，受影响产品包括Adobe Flash Player、Adobe Acrobat and Reader、Adobe Photoshop CC。

链接：http://blog.nsfocus.net/adobe-november-patches/

时间：2018-11-22

摘要：网络安全公司研究人员在10月底和11月初发现了一个新的攻击活动。与俄罗斯有关的黑客组织Sofacy APT在最近针对全球政府实体的攻击中使用了一种新的木马Cannon。Sofacy APT又名APT28，Pawn Storm，Fancy Bear，Sednit，Tsar Team和Strontium，曾被指策划了针对2016年美国总统大选的网络攻击。

链接：http://toutiao.secjia.com/article/page?topid=111157

时间：2018-11-22

摘要：Adobe针对Flash Player漏洞发布补丁，该漏洞可能导致在目标系统上执行任意代码。Adobe周二发布了针对关键漏洞的补丁，使其Flash Player容易受到攻击者任意代码执行的攻击。受影响的是在Windows，macOS，Linux和Chrome OS上运行的Flash Player版本。

链接：http://toutiao.secjia.com/article/page?topid=111160

时间：2018-11-07

摘要：国际银行业巨头汇丰银行（HSBC）发布消息称，汇丰银行在10月份发生数据泄露事件。泄露的信息包括：用户姓名、邮寄地址，电话号码，电子邮件地址，出生日期，帐号，帐户类型，帐户余额，交易记录，收款人帐户信息以及可查的历史帐单记录等。

链接：http://toutiao.secjia.com/article/page?topid=111087

时间：2018-11-23

摘要：近日，戴尔EMC针对Dell EMC Avamar Server和Dell EMC Integrated Data Protection Appliance（IDPA）中的Dell EMC Avamar Client Manager发布了安全更新，以解决一个Critical级别的远程代码执行漏洞和一个Medium级别的开放重定向漏洞。根据戴尔EMC的说法，这些漏洞是由网络安全公司TSS发现的。其中的远程代码执行漏洞被追踪为CVE-2018-11066，CVSS v3得分为9.8，可以被未经身份验证的攻击者远程利用，以在易受攻击的服务器上执行任意命令。

链接：http://toutiao.secjia.com/article/page?topid=111162

时间：2018-11-09

摘要：柬埔寨几家最大的互联网服务提供商（ISP）在过去几天遭受了大规模的DDoS攻击。攻击的高峰期是当地时间11月5日和6日，150Gbps的DDoS攻击影响了全国的网络，宕机时间持续半天。网络服务提供商EZECOM，SINET，Telcotech和Digi均在此次攻击事件中受到影响，用户也已确认，整周时间内网络访问都存在问题。

链接：http://toutiao.secjia.com/article/page?topid=111105

时间：2018-11-20

摘要：最近由WiFi设备制造商TP-Link在其TL-R600VPN小型和家庭办公室（SOHO）路由器中解决的漏洞可能允许远程代码执行。漏洞产生主要是由于缺乏输入清理和解析错误。缺乏正确的输入清理可以在没有身份验证的情况下被利用，从而导致拒绝服务和泄漏服务器信息。

链接：http://toutiao.secjia.com/article/page?topid=111144

时间：2018-11-20

摘要：研究人员在多个汽车品牌的信息娱乐系统中发现了一种被称为“CarsBlues”的新的大规模漏洞。该漏洞允许攻击者窃取通过蓝牙将手机同步到汽车的用户的个人身份信息（PII）。CarsBlues攻击利用通过蓝牙安装在多种类型车辆中的信息娱乐系统中的安全漏洞来访问用户PII。攻击者可以使用廉价且易于获得的硬件和软件在几分钟内完成攻击，并且不需要复杂的技术知识。

链接：http://toutiao.secjia.com/article/page?topid=111145

时间：2018-11-13

摘要：网络 犯罪分子 利用 WP GDPR合规中 存在的特权升级零日漏洞-一个WordPress插件-帮助网站站长符合GDPR。据报道，已被超过100,000名用户使用这个易受攻击的插件，现在他们都担心会遭受恶意后门攻击。

链接：http://toutiao.secjia.com/article/page?topid=111120

(来源：绿盟科技威胁情报与网络安全实验室)

声明：本十大安全漏洞由NSFOCUS(绿盟科技)安全小组 < security@nsfocus.com >根据安全漏洞的严重程度、利用难易程度、影响范围等因素综合评出，仅供参考。

http://www.nsfocus.net/index.php?act=sec_bug&do=top_ten

1、2018-11-21 Adobe Flash Player远程代码执行漏洞（CVE-2018-15981）

NSFOCUS ID: 41968

http://www.nsfocus.net/vulndb/41968

综述:Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。Adobe Flash Player <= 31.0.0.148版本在实现中存在安全漏洞。

2、2018-11-20 Microsoft Windows Win32k权限提升漏洞（CVE-2018-8589）

NSFOCUS ID: 41970

综述:Microsoft Windows Server是微软发布的一系列操作系统。Microsoft Windows在实现中没有正确的处理对Win32k.sys文件的调用，存在漏洞。

3、 2018-11-20 Microsoft ChakraCore Scripting Engine远程内存破坏漏洞（CVE-2018-8557）

NSFOCUS ID: 41979

综述:ChakraCore是Edge使用的一个开源的javascript引擎的核心部分。Microsoft Edge和ChakraCore在处理内存对象中存在远程代码执行漏洞。

4、 2018-11-21 Adobe Acrobat/Reader远程信息泄露漏洞（CVE-2018-15979）

NSFOCUS ID: 41966

http://www.nsfocus.net/vulndb/41966

综述:Adobe Acrobat是一套PDF文件编辑和转换工具，Reader是一套PDF文档阅读软件。Adobe Acrobat和Reader在实现中存在信息泄露漏洞。

5、2018-11-13 WordPress LearnPress SQL注入漏洞（CVE-2018-16175）

NSFOCUS ID: 41896

综述:WordPress是一套使用PHP语言开发的博客平台。LearnPress是使用在其中的一个课程管理插件。WordPress LearnPress 3.1.0之前版本中存在SQL注入漏洞。

6、2018-11-22 Apache Spark 任意代码执行漏洞（CVE-2018-17190）

NSFOCUS ID: 42000

综述:Apache Spark是一款支持非循环数据流和内存计算的大规模数据处理引擎。Apache Spark在单机资源管理器实现中存在安全漏洞。

7、2018-11-13 Vmware ESXi/Workstation/Fusion 虚拟机逃逸漏洞（CVE-2018-6981）

NSFOCUS ID: 41893

综述:VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台；VMwareWorkstation是一套虚拟机软件。Vmware ESXi、Workstation和Fusion中存在安全漏洞，该漏洞源于vmxnet3虚拟网络适配器中存在未初始化的栈内存。

8、2018-11-02 Apache Tomcat JK (mod_jk) Connector 路径遍历漏洞(CVE-2018-11759)

NSFOCUS ID: 41816

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program . In this case, it looks as though the attackers had been on the Starwood network for somewhere around three years, mining out their reservations database (keep in mind that Marriott only acquired Starwood in 2016 ). Since in Tech we often travel “for a living”, I found in my bag an older Starwood preferred guest card. Not used in years. But it looks like my own personal data has been breached again.

What I’d originally planned to write about was a topic that directly applies why retailers of all stripes are not investing in data security. We had some results this year from the 100+ US retail IT security professionals that were surveyed for the 2018 Thales Data Threat Report that differed from every other segment we polled (healthcare, federal government, financial services). To make a long story short the top reason that they didn’t invest in data security was “lack of perceived need” at 52%.

In other segments there were lots of legacy concerns that don’t apply to modern data security solutions (like those from Thales). These include concerns about complexity, possible impacts on performance, lack of resources to manage, and lack of budget (if it’s complex, and takes lots of resources, then sure it’s probably expensive). I’ve noted those as “legacy” concerns as modern data security solutions can be much less complex than in the past (take a look at our Vormetric Transparent Encryption solution , which offers strong protection with minimal impacts on applications, operations and systems). They typically use hardware encryption built into today’s CPUs for minimal overhead and are available on platforms so that resource loadings are minimal even as you add more solutions to secure data in new applications and environments as your needs grow.

But none of these reasons rose to the top in retail. “Lack of perceived need” was the number one reason they didn’t deploy.

This “lack of perceived need” response comes against a backdrop of lamentable results around breaches for retail also highlighted in the results: 75% had a data breach (ever), 50% had a data breach in the last year, and 26% had a breach both this year and in the past (half of those breached this year!).

This had me asking a simple question Why?

Whatever the reason, it’s an appalling attitude.

Which brings us back to our title: “Retail loyalty programs it’s time to think twice”. Are you really going to allow an organization to put an app on your phone, and a backend big data analytics set or database with lots of personal information about your preferences, personal history, addresses, credit/debit cards and more when they won’t take seriously the protection of your information? My answer is “No”.

As a result I’ve become picky. Retailers need to pretend that I’m from Missouri and “show me” they are serious about data security before I’m ready to let them that far into my life.

You should consider it too.

It’s just a waiting game. Once enough of your personal information has been breached, it’s only a matter of time before someone decides your name and identity are ideal next targets. That makes a cavalier attitude about data security much less forgivable.

For more information about optimal data security solutions for retailers, please visit Thales eSecurity’s dedicated landing page .

As today’s complex network environments have massive volumes of information coming in, IT and security teams are finding it more difficult to figure out what is an actual threat and what isn’t. Artificial intelligence (AI) can be a great ally to help pinpoint genuine risk in the midst of all that data―if applied correctly.

People do things with their computers that are at best ill-advised and at worst outright dangerous. For the most part, they do these things in ignorance. They click on interesting links that lead to malicious sites or download malware onto the system. They store sensitive information in unsecure places. Despite all the data breach headlines, an assumption persists that if you are able to do something on your computer, it must be okay.

As a result, the network ends up generating thousands of anomalies, which set off alerts on a daily basis. Security teams have to wade through all these alerts without the ability to tell the difference between what’s malicious and what’s not.

This is a huge time suck that is also unsafe. Your network’s security depends on its personnel’s ability to distinguish between the malicious and the non-malicious anomalies. AI and machine learning (ML) can be used to help teams identify which anomalies they need to be concerned about and which are benign.

As noted earlier, though, AI and ML technologies need to be applied correctly: with forethought and a sense of how the technology can best support the IT and security team. You need a smart framework to focus on which anomalies or discrepancies matter most to your organization. Some providers recommend that your team focus on seven to 10 criteria for anomaly analysis and leave it at that.

This is a starting point, but you need to go further. You need to look at anomalies collectively to detect trends and coordinated behaviors. This goes a step further than focusing on those seven to 10 criteria. In fact, to implement true anomaly detection, it takes an adversary mindset.

This is a whole new way of looking at and thinking about network defense. Many solutions and security professionals are focused on figuring out which criteria are the most important in terms of anomaly detection. An adversary approach requires more holistic thinking: In what sequence and across what hosts do these anomalies fit together in such a way to resemble what an adversary might actually be doing inside of a network?

Adversaries have an ever-expanding repertoire of ways to get inside your network, but once inside, their campaigns must contain three elemental behaviors:

If you look at anomalies to see if they correlate with these behaviors, the true security picture emerges.

It has quickly become a given that AI and ML will help you discover which security alerts are the most important. However, the hype has often not met with reality, casting aspersions on AI and ML. And some assume that implementing AI and ML eliminates the need for a human in the loop, which is inaccurate. AI accelerates the skill of humans who use AI tools, but the tools themselves cannot take the place of seasoned human professionals―nor were they intended to.

When it comes to network security, then, AI and ML are not tools that you leave on autopilot. But with an adversary-focused framework, security pros can ensure that what they’re actually looking for when it comes to analyzing anomalies is those that are truly malicious rather than those that are merely more or less important.

Computers were made to serve humans, but humans are the weakest link in keeping them secure. All the random activity that seems safe causes a great deal of noise and confusion in the network. This leads to security issues, which vendors tried to fix by offering systems with security alerts to detect suspicious activity. But this just created another problem as IT and security teams are overwhelmed by hundreds or thousands of alerts each day.

However, AI and ML can help your teams look at the network from the threat actor’s perspective to spot the activities they must do to steal data and harm your network. In this way, teams know what to pay attention to―what is an actual threat in the sea of alarms. This eliminates confusion, focuses security expertise and keeps the network safer.

The Internet of Things (IoT) is changing the way we interact with the world around us. Over the next few years, billions more connected devices will enable us to drive efficiency, boost productivity, and enhance comfort and convenience in our personal and professional lives. And we’re not the only ones to see the potential of this market.

IoT devices are the target of increasingly sophisticated cyberattacks and innovators must protect their assets and their customers from these emerging threats. In a time- and cost-sensitive environment, security can be mistakenly added later as an afterthought. But that approach puts individuals, organizations, and vital infrastructure at risk.

Simplifying security

To meet the challenges of operating in this ever-changing and connected world, security can no longer be considered a separate component. It must be embedded in every element and process, starting with the product development phase. Arm’s Platform Security Architecture (PSA) framework simplifies this activity and makes it quicker and easier to build a secure device.

Arm PSA is divided into three stages: analyze, architect and implement. The first analyze is discussed in detail in this blog.

Identifying the right level of security for your device

To design-in security, Arm PSA recommends developers and manufacturers start by analyzing the operating environment and understanding and documenting the ways each device could be attacked. It is a process known as Threat Models and Security Analyses (TMSA), or an English Language Protection Profile, and it has been used in the mobile industry for some time but is rarely carried out in the IoT space.

The TMSA will highlight critical issues you need to address and challenge you to consider important questions, such as:

What are your most valuable assets?

What are the potential threats to your device?

What type of attack do you need to protect against?

How severe are the threats?

What counter-measures could you implement?

What are your security requirements?

How does your device meet your security requirements?

This process will help you decide how robust your security needs to be and what, exactly, you need to do to protect your IoT product. Rather than slowing down development, it will help you determine the right level of security for your device, which means you will not be over-spending or exposing your device, your organization or your customers to unnecessary risk.

Who will benefit from Threat Models and Security Analyses (TMSA)?

You can apply the methodology to any device, from simple, low-cost or even disposable applications, through to the most advanced edge and gateway devices.

The TMSA documentation is intended to make threat modeling more accessible to all, so you can secure your device even if you do not have access to dedicated security knowledge or expertise.

5 steps to design security into your next IoT device

Now we will take you through the TMSA process step-by-step to help you determine your security requirements. We are using a smart speaker, such as one you may have in your home, as a basic example but more detailed analysis of common IoT use cases , including an asset tracker, water meter and network camera, can be downloaded from our website.

1. Analyze use case, define the external entities and the assets to protect

The first step in designing-in security is understanding the ecosystem your device operates within and identifying your use case known as the target of evaluation (ToE) in the TMSA documentation. The use case is the product or the system that is the subject of the security evaluation.

In the example of the smart speaker, you can start with the device itself and the application that acts as the user interface. There will be cloud services that enable the device, plus a number of third parties who are creating content for you. If the speaker is being used in a home environment, there may be music, shopping, news, voice assistant or home automation applications. In a business or industrial setting, the applications may be targeted to provide information or services relevant to your sector.

Once you have an understanding of the use case, you can then develop a list of the main components of your device that need to be protected.

Assets

Attackers will be targeting the assets in your device in the same way as a thief who breaks into your home may be searching for jewelry or cash. So, you need to identify the assets or data that will be of most interest to them.

If we return to the smart speaker example, the assets we may need to protect include:

Firmware

Certificates and device-unique keys

Log-in credentials (user or admin)

System configurations (to ensure your IP cannot be compromised or control taken away)

Event logs

Voice recordings

Network communication

Device resources (for example: microphone array and speakers, computing power and battery, network bandwidth, debug interface, storage)

Your list of assets may not be exhaustive, but it will include the assets or data of most value to you and your customers.

External entities

To develop your understanding of the threats to your device you also need to identify users and external entities that would interact with the product. This may include legitimate users, for example, the owner of the device or the virtual system administrator, but it should also extend to potential attackers or adversaries looking to gain access or control of the device.

Step 1 checklist

Analyze the use case, or the target of evaluation (ToE)

Identify your most valuable assets

Identify users and external entities

2. Identify potential adversaries, the attack surface and threats

Potential adversaries

It helps to know who may be working against you. A generic adversary model groups attackers in five categories and can be used to identify potential adversaries:

The attack surface

The growth in the semiconductor industry over the past years has been driven heavily by the storage and compute needs on smartphones, computers, servers and data centers. These conventional drivers are set to change. New-age technologies like big data, artificial intelligence (AI) and the Internet of Things (IoT) will fuel the demand for the future growth in semiconductors. Not only is IoT assisting in new developments in technology, with the help of AI and big data, it is also enabling us to access data in real-time. This real-time data has helped to improve key processes within homes, moving toward a ‘smart’ and more efficient society.

A good example of IoT, big data and AI working together is in the smart home. The big data collected from sensors on smart washing machines enables AI to make decisions based on potential issues or maintenance work that needs to be fixed, and as a result the owner is aware well in advance of any technical issues that may need to be addressed. But one thing is certain―if you can’t trust the data, there’s no point in collecting, analyzing and making decisions based on it. Security in the post computer era must be foundational to the device and must be layered in and viewed as a primary design goal, rather than a tertiary afterthought.

Building security into the device

One approach to IoT security is to build protection directly into the device. This provides a critical security layer, and the devices are no longer dependent on the Internet gateway or a home router as their primary protection. A security solution for smart home devices must ensure the device firmware has not been tampered with, be able to secure the data stored by the device, secure in and outbound communications, and it must detect and report attempted cyber-attacks. This only can be achieved by including security in the early stages of design.

Trust in embedded security refers to an expectation of integrity that a smart home device is operating as designed. Software trusts that hardware is operating as it should be. Applications trust that the operating system is not corrupting files. Remote systems trust in the device’s identity to which it’s connected. This process of establishing trust is called authentication. A device’s root-of-trust is the point where authentication starts and then extends through each layer. For critical smart home applications, a hardware root of trust is an important building block to secure endpoints and services.

Design for security from the ground up using Hardware-Enforced Root of Trust

While there is no one-size-fits-all security solution for embedded smart home devices, solutions are available that provide semiconductor manufacturers and OEMs with the core security capabilities required to protect their devices, in addition to the flexibility needed to customize the solution to the specific requirements of their device. Security capabilities for a layered and siloed approach to device security should include:

Challenges for Smart Home Devices

Smart Home devices, like thermostats or doorbell cameras, often are built to very tight cost margins, and unfortunately security commonly loses out when trying to design into a budget. The important thing to do here is not just discard security features without regard for the possible consequences. Consider what the impact of a compromised device may have on the consumer or the network, and look at possible alternative mitigations that may alleviate some of the risks via an alternative mechanism. Insecure devices that are left in the network are a risk to others, especially if there are thousands or millions of them scattered far and wide. They could leak data or be hijacked and used for malicious purposes, denial of service attacks being a common example of this. A manufacturer’s name that becomes synonymous with insecure products is not a good place to be.

Bottom line

In conclusion, the widespread use of connected smart home devices has created an attractive target for cyber criminals and other unscrupulous operators. Smart home security therefore should be viewed as a primary design goal, rather than a tertiary afterthought. To be sure, consumers increasingly expect their devices to be protected out of the box, with seamless over-the air-updates (OTA) implemented securely. However, semiconductor manufacturers and OEMs need to be assured that securing smart home devices is not an insurmountable goal that negatively impacts profitability or time to market. As such, smart home devices should be protected using a layered security approach that offers robust protection against a wide range of threats through carefully thought-out system design.

2018年11月，由公安部第一研究所指导，嘶吼传媒主办的“金帽子”奖年度评选活动正式上线。活动上线后，众多企业和组织纷纷踊跃报名。随着时间的推移，该评选活动也进入到了活动的评选投票阶段。在此，嘶吼再次向大家介绍正在参与评选本届“金帽子奖”的朋友们，今天为大家展示的是年度新锐安全公司。

瀚思科技：瀚思科技（HanSight）成立于2014年，是中国第一家大数据安全公司。我们以“数据驱动安全”为理念，致力于用大数据技术帮助企业解决庞杂、分立的信息安全问题。我们认为：传统以防御为核心的安全策略已经过时，信息安全正在变成一个大数据分析问题，大规模的安全数据需要被有效地关联、分析和挖掘。在2017年，瀚思成为美国Cybersecurity Ventures发布的“网络安全全球500强”企业。

蔷薇灵动：北京蔷薇灵动科技有限公司创立于2017年1月，专注于解决云数据中心的内部流量管理问题。主要产品为“蔷薇灵动蜂巢自适应微隔离安全平台”，是国内领先的与基础架构无关、能为混合云提供无差别微隔离服务的软件定义安全产品，能够对数据中心的内部流量进行全面精细的可视化分析和细粒度的安全策略管理，能够帮助用户快速便捷地实现环境隔离、域间隔离以及端到端隔离。

锦行科技：广州锦行网络科技有限公司（简称“锦行科技”）成立于2014年3月，由前乌云漏洞平台核心白帽及专家组成员吴建亮（Jannock）和国内知名安全团体0x557创始人王俊卿（la0wang）等多名国内顶尖信息安全专家联合创办，拥有数十名一线安全人才。

上海岂安信息科技有限公司（简称“岂安科技”），专注于为企业提供互联网业务风控解决方案。为企业解决发展过程中与业务、交易、用户相关的安全问题，并提供完善的业务风控产品、技术和服务。所服务的行业覆盖互联网金融、银行、电商、政府、航旅、互娱等诸多领域，目前已有中国平安、浦发银行、华住集团、智联招聘、饿了么、今日头条、携程、唯品会、游族网络、小红书、爱奇艺、快钱、盛付通等近百家客户。

紫豹科技：紫豹科技专注于网络业务安全。感知业务风险，捕捉价值情报。基于黑产大数据挖掘和关联知识图谱技术，通过“听风”业务威胁情报监控平台（BRIP）、“悬镜”网络犯罪预警分析平台（CWAP）两大平台，构建以用户业务安全为中心的数据特征架构，为互联网公司、金融机构和各大集团提供业务风险实时监控和预警服务；协助公检法系统打击网络犯罪和案件追踪溯源。目前紫豹科技是公安打击网络诈骗战略合作伙伴，腾讯安全平台中心战略合作伙伴，阿里巴巴黑产研究业务合作伙伴。

赛宁网安：赛宁网安于2013年成立于南京，2015年成立北京子公司，核心团队来自清华大学及知名安全企业，基于国家网络空间安全战略发展需求，聚焦网络安全攻防实训，是集安全产品、安全服务、安全培训、人才培养为一体的高科技网络安全企业。赛宁网安承办的XCTF国际联赛，是亚洲规模最大、水平最高、最具影响力的网络攻防赛事，目前获得360、天融信科技联合数千万元A轮投资。

世平信息：杭州世平信息科技有限公司，成立于2010年，基于世平独特的数据抽取、深度内容识别和数据标记技术，构建了以保密信息检查、安全风险评估、数据泄露防护、敏感数据脱敏等为主的数据安全防护体系和以数据架构管理、元数据管理、主数据管理、数据质量管理、数据内容管理、元数据管理等为主的数据安全治理体系，为用户提供数据安全、数据治理、数据共享和数据利用解决方案，帮助用户提升数据资产风险管控和数据价值安全利用能力。

众安天下：北京众安天下科技有限公司，简称“Allsec”，核心团队来自WatchGuard、百度、新浪、德勤等知名公司，拥有丰富的互联网安全运营、安全测试、漏洞挖掘经验。Allsec专注于互联网安全服务领域，以“众安天下天下众安”为企业愿景，本着让客户的客户更安全的服务理念，深入挖掘客户业务安全需求，为客户提供全方位的定制化安全服务解决方案。行业覆盖证券、基金、金融科技、电商、云服务、智能硬件等领域，截至目前，累计服务互联网企业数十家，并获得高度认可。

中企信安：中企信安是由国内首批专业从事信息安全服务人员创立，汇聚全国顶尖安全技术专家，团队成员在专业领域从业时间均在7年以上，具有丰富的行业背景与实战经验。中企信安以专业的安全技术研究开发和服务为核心，为企业提供信息安全评估、系统加固、安全培训、安全审计、安全工具定制开发等维护服务。并配有安全应急响应中心，7*24小时帮助企业全方位应对各种突发安全事件的发生，第一时间提供解决方案和措施，最大程度降低安全事件给企业带来的危害和损失，是企业安全的忠实守护者。

娜迦信息：北京娜迦信息科技发展有限公司（英文简称NAGAIN），是全球专业移动安全服务提供商，专注于移动应用安全、大数据分析整合及智能网联汽车安全，致力于为智慧城市、智能网联汽车、移动金融等领域提供全面技术保障及全周期平台化解决方案，塑造坚固、可信、绿色的新一代移动互联网生态环境。

椒图科技：椒图科技是国内著名服务器安全加固方案提供商，成立于2010年，在北京、深圳两地设有办公机构。椒图科技是国家级高新技术企业、计算机病毒防治技术国家工程实验室理事单位、国家网络与信息安全信息通报机制技术支持单位、公安部第一研究所战略合作伙伴。椒图科技在服务器操作系统加固领域深耕多年，在windows、linux、aix、hpux、solaris等服务器操作系统安全加固领域积累了深厚经验，解决方案集合操作系统加固和服务器管控为一体，能有效抵御已知/未知恶意代码和黑客行为对操作系统、文件系统的破坏。椒图科技拥有业内顶尖的服务器安全研究团队，公司核心人员参加了国家信息安全等级保护相关标准的起草工作，并先后在多项国家重大项目中扮演重要角色，如：2017年一带一路，2016年G20峰会、2014年APEC峰会、2008年北京奥运会、2010年上海世博会、国家863课题、国家973课题、国家“十二五”课题等。椒图科技立足北京、深圳两地，为用户提供覆盖全国的服务网络，多次为政府、军队、金融、央企、商业等领域的客户提供全面的服务器安全解决方案。

赛博嘉融：北京赛博嘉融科技有限公司是致力于网络与信息化安全系统集成的高新技术企业。公司秉承追求卓越、开拓创新、融合发展的宗旨，为政府、军队、军工等行业客户提供网络与信息化安全系列产品和服务。

威胁猎人：威胁猎人是一家以业务安全情报能力见长的创新型安全企业，旨在为客户提供业务攻防情报，从防控到打击的全方位业务安全解决方案。自成立始，公司投入大量资源，打造了一整套国内领先的业务安全情报监控与预警体系，形成了开源情报、闭源情报、工具情报三大黑灰产情报基础能力，为客户提供黑灰产情报及业务风控解决方案。目前已为腾讯、百度、阿里、华为等全国23家TOP30互联网企业提供服务。

安百科技：安百科技（北京）有限公司，是一家拥有核心技术的专业化信息安全服务商。目前分别于北京、山东、辽宁、内蒙古、四川、福建等地共设6家分支机构，公司业务覆盖新疆，甘肃，山西，黑龙江，浙江，广东，广西，河南，河北，云南等10个省份。拥有由研发、产品、安全、售前、运维、安服等100余名技术人员组成的专业团队。公司拥有业内独到且先进的WEB应用安全检测和攻击技术，以及多维度的应用安全防御体系。拥有为全国企事业单位和行业客户提供信息安全服务的能力，广泛覆盖了包括政府、公安、金融、能源、医疗、互联网及教育等行业用户。

目前，“金帽子”奖各奖项评选已开始，12月30日前将在官网公示获奖结果，2019年1月份将举办现场颁奖盛典，为所有获奖者及公司颁发荣誉奖杯。

注：以上排名均不分先后

点击左下方"阅读原文"即可进入本活动官方网站。

阅读： 13

绿盟科技发布了本周安全通告，周报编号NSFOCUS-18-49，绿盟科技漏洞库本周新增44条，其中高危12条。本次周报建议大家关注Adobe Flash Player 释放后重利用安全漏洞等，Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。攻击者可利用该漏洞执行任意代码。目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的 页面 下载。

文章目录

（数据来源：绿盟科技安全研究部&产品规则组）

最近一周CVE公告总数与前期相比有明显增长。

（数据来源：绿盟科技 威胁情报与网络安全实验室 收集整理）

截止到2018年12月7日，绿盟科技漏洞库已收录总条目达到42108条。本周新增漏洞记录44条，其中高危漏洞数量12条，中危漏洞数量24条，低危漏洞数量8条。

摘要: 至少22省市出台个人诚信体系文件：骗保、假结婚、医闹等列入截至目前，全国已有至少22个省市自治区出台了《关于加强个人诚信体系建设的指导意见》，明确将加强包括食品药品、安全生产、金融服务、电子商务等重点领域的个人诚信记录建设。随着各地个人诚信体系的建设，在今后，...

参考来源：

https://www.secrss.com/articles/7010

参考来源:

http://codesafe.cn/index.php?r=news/detail&id=4605

参考来源:

https://www.solidot.org/story?sid=58892

参考来源：

https://tech.sina.cn/i/gn

参考来源：

https://www.easyaq.com/news/735492225.shtml

参考来源：

https://www.leiphone.com/news/201812/Wvczl0rmdVQ1D1EH.html

参考来源：

http://tech.sina.com.cn/i/2018-12-08/doc-ihprknvt6985856.shtml

安全帮，是中国电信北京研究院旗下安全团队，致力于成为“SaaS安全服务领导者”。目前拥有“1+4”产品体系：一个SaaS电商(www.anquanbang.vip) 、四个平台（SDS软件定义安全平台、安全能力开放平台、安全大数据平台、安全态势感知平台）。

相关文章 【安全帮】“嫩模女友”等15个扣费类恶意程序变种曝光，名称带诱惑性 【安全帮】为保 5G 订单华为接受英国要求：提升网络安全性 【安全帮】微信支付勒索病毒制造者已被刑拘：年仅22岁 感染超10万电脑 【安全帮】广州出现“隔空盗刷”案：芯片卡小额免密，被伪装POS机隔包盗刷 【安全帮】英国电信：5G禁止使用华为设备、4G核心网络将移除华为设备

Malwarebytes 实验室成员于上周发现了一种新的Mac恶意软件，出于恶意目的这种软件结合了两种不同的开源工具――EmPyre后门和XMRig矿工。

恶意软件的传播途径是名为Adobe Zii的应用程序。Adobe Zii是一种帮助各种Adobe应用程序盗版复制的软件，但被恶意软件利用的Adobe Zii实际上并不是真正的Adobe Zii。

从图片中可以看出，左边Adobe Zii软件使用的是Adobe Creative Cloud徽标，（标识是正版软件的重要标志，窃取者不会遗漏这个部分）但恶意软件安装程序使用通用的是Automator applet 图标。

使用Automator打开假的Adobe Zii应用程序可以发现软件的本质，因为它只是运行一个shell脚本：

这个脚本用于下载并执行python脚本，然后下载并运行一个名为sample.app的应用程序。

sample.app很简单。它看起来只是Adobe Zii的一个版本，其作用极可能是使恶意软件看起来实际上是“合法的”。（这并不意味着软件盗版是合法的，当然，而是意味着恶意软件试图看起来像是在做用户认为它打算做的事情。）

那么Python脚本呢？虽然被混淆了，但很容易被反混淆，使得研究人员揭示了以下脚本：

（欲看脚本详细信息请戳https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-empyre-backdoor-and-xmrig-miner/）

该脚本的首要任务是寻找Little Snitch，Little Snitch是一个基于主机的应用防火墙为Mac系统，Little Snitch 通过Apple提供的标准应用程序编程接口（API）注册内核扩展来控制网络流量，旨在通过限制出站流量来保护隐私。所以如果Little Snitch存在，则恶意软件会被禁止。

此脚本打开与EmPyre后端的连接，该后端能够将任意命令推送到受感染的Mac。后门打开后，它会收到一个命令，将以下脚本下载到/private/tmp/uploadminer.sh并执行它：

此脚本下载并安装恶意软件的其他组件。创建了一个名为com.proxy.initialize.plist的启动代理，通过运行与前面提到的完全相同的混淆Python脚本来持续打开后门。

该脚本还将XMRig cryptominer和配置文件下载到/ Users / Shared /文件夹中，并设置名为com.apple.rig.plist的启动代理，以使XMRig进程在该配置处于活动状态时运行。（“com.apple”名称是一个直接的危险信号，这是发现此恶意软件的根本原因）

有趣的是，该脚本中有代码用于下载和安装与mitmproxy软件相关的根证书，该软件能够拦截所有网络流量，包括（借助证书）加密的“https”流量。但是，该代码已被注释掉，表明它没有激活。

从表面上看，这种恶意软件似乎是无害的。由于一个进程占用了所有的CPU/GPU，Cryptominers通常只会导致计算机速度变慢。

但是，这不仅仅是一个密码系统。需要注意的是，cryptominer是通过后门发出的命令安装的，并且很可能已经有过去后门发送给受感染的Mac的其他任意命令。无法确切知道此恶意软件可能对受感染系统造成的损害。虽然研究者只观察到采矿行为，但并不意味着它从未做过其他事情。

Malwarebytes检测到这个恶意软件为OSX.DarthMiner。如果用户设备被感染，虽然不能明确知道恶意软件的所有活动痕迹，但用户的文件或密码很有可能已被成功窃取。这为广大用户上了重要的一课：远离与盗版相关的事物可以避免许多风险，其风险成本或许远高于目标软件的正版价格。

声明：本文来自黑客视界，版权归作者所有。文章内容仅代表作者独立观点，不代表安全内参立场，转载目的在于传递更多信息。如需转载，请联系原作者获取授权。

研究人员表示，网络犯罪分子目前正在利用一个热门WordPress插件中的安全漏洞来在目标站点中植入后门，并拿到网站的完整控制权。

这个漏洞存在于WordPress插件- WP GDPR Compliance 之中，而WP GDPR Compliance这款插件的主要作用是帮助网站管理员让自己的网站满足GDPR条例（《通用数据保护条例》）。目前，这款插件是WordPress插件库中最热门的GDPR主题插件之一，而且已经有100000+的活跃安装量了。

大概在三周之前，攻击者似乎在这个插件中寻找到了一个安全漏洞，并开始利用这个漏洞来在目标网站中植入后门脚本。关于被黑网站的 初始数据报告 目前已经提交到了另一款插件的论坛上，但是搞了半天这个插件原来是攻击者在第二阶段所要用到的攻击Payload…

WordPress安全团队在对整个事件进行了分析调查之后发现，攻击的源头就是WP GDPR Compliance，而且所有被入侵的网站都安装并使用了这款插件。

WordPress团队也的确在这个插件的代码中发现了几个安全问题，并且认为这些安全问题就是导致那些报告网站被攻击的主要原因。目前，WordPress团队已经将相关插件从WordPress官方插件库中删除了。

不过，这款插件又在两天前重新上线了，因为该插件的开发者发布了 1.4.3版本 ，并修复了之前存在的安全问题。

Defiant公司 （Wordfence防火墙插件的开发商）的安全专家表示，虽然这个漏洞在新版本中已经修复了，但是攻击者目前仍然能够攻击那些运行了1.4.2版本以及更老版本WP GDPR Compliance的网站。该公司的分析专家说到，他们目前仍然在监控和检测利用相关WP GDPR Compliance漏洞的网络攻击行为。

在这个漏洞的帮助下，攻击者可以调用插件中的内部函数，然后修改插件伸直整个WordPress网站系统的配置。

Wordfence团队还表示，他们目前已经检测到了两种不同类型的利用该漏洞来发动的网络攻击。第一种攻击场景如下：

这个后门脚本包含一个文件管理器、终端模拟器和一个PHP eval()函数运行工具，Wordfence表示，这种类型的脚本将允许攻击者部署任意Payload：

但是，安全研究人员还检测到了第二种类型的攻击，这种攻击技术不需要创建新的管理员帐号，因为账号创建操作很可能会被目标网站的管理员发现。

毫无疑问，第二种攻击方式的隐蔽性更强，它会使用WP GDPR Compliance漏洞来在WP-Cron中新增一个新任务，而WP-Cron则是WordPress内置的计划任务工具。

攻击者所创建的cron任务会下载并安装一个大小为2MB的Autocode插件，接下来，攻击者会利用这个插件来向目标站点上传另一个后门脚本，即wp-cache.php，但是它又跟我们之前介绍的wp-cache.php不同。

虽然第二种攻击场景的隐蔽性更强，但实际上，这个0 day漏洞之所以被我们发现，就是因为攻击者使用了第二种方法来实施攻击，很讽刺吧？因为在某些网站上，攻击者完成漏洞利用和攻击行为之后，无法删除他们所上传的Autocode插件。网站管理员发现了这个莫名其妙出现的插件之后，必定会有所警觉。一般来说在这种事情发生之后，网站管理员首先会去WordPress论坛上寻求帮助，这也导致了后续针对WP GDPR Compliance插件的安全调查。

根据Wordfence团队的说法，攻击者到目前为止都没有对受感染的网站执行任何的攻击操作。攻击者现在只是在大量囤积这些受感染的站点，而且Wordfence也没有看到攻击者尝试通过植入的后门来部署任何的恶意软件。

如果你的网站安装并使用了WP GDPR Compliance插件的话，你现在还有时间来更新或者移除这款插件，然后在移除插件之后检查并清理任何后门。

* 参考来源： zdnet ，FB小编Alpha_h4ck编译，转载请注明来自CodeSec.Net