Cyber-Attacks Are Top Business Risk in North America and Europe

By: Phil Muncaster

Cyber-attacks are the number one business risk in the regions of Europe, North America and East Asia and the Pacific, according to a major new study from the World Economic Forum(WEF).

Its Regional Risks for Doing Business report highlights the opinions of 12,000 executives from across the globe.

While “unemployment or underemployment” and “failure of national governance” take first and second place respectively, cyber threats have moved from eighth in last year’s report to fifth this year.

It tended to be viewed as a greater risk in more advanced economies: 19 countries from Europe and North America plus India, Indonesia, Japan, Singapore and the United Arab Emirates ranked it as number one.

In Europe, the UK and Germany both placed cyber-attacks as the number one risk.

Bromium’s EMEA CTO, Fraser Kyne, argued that businesses are still suffering despite spending an estimated $118bn on cybersecurity globally.

“When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” he added.

“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilize machine learning, AI and behavioral analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate.”

More: https://www.infosecurity-magazine.com/news/cyberattacks-business-risk-north/

‘Almost all’ Pakistani banks hacked in security breach, says FIA cybercrime head

By: Shakeel Qarar

In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach.

“According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo Newson Tuesday.

When pressed to clarify, the official said data from “most of the banks” operating in the country had been compromised.

Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. “The hackers have stolen large amounts of money from people’s accounts,” he added.

“The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks,” he observed.

He said the FIA has written to all banks, and a meeting of the banks’ heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.

“Banks are the custodians of the money people have stored in them,” Shoaib said. “They are also responsible if their security features are so weak that they result in pilferage.”

It wasn’t immediately clear when exactly the security breach took place.

According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.

“An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]… and the clients report [the theft] to the banks and not to us, resulting in a loss of people’s money,” he told DawnNewsTV.

“We are trying to play a proactive role in preventing bank pilferage,” he added.

Shoaib said the agency has arrested many gangs involved in cybercrimes and recovered stolen money from them.

A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people’s data, the official added.

More: https://www.dawn.com/news/amp/1443970

WhatsApp: Newest Attack Target for Mobile Phishing

By: Uladzislau Murashka

 

Phishing attacks aren’t nearly as successful as they used to be because by now people have learned to look out for the emails that ask them to provide sensitive details. While this is true for emails, it seems that pioneer attackers have embraced other ways of utilizing phishing attacks, namely through messaging services such as WhatsApp, Skype, and even plain old SMS.

Mobile Phishing
Mobile phishing is an issue that shows no signs of abating anytime soon. According to Verizon, 90% of their recorded data breaches began with a phishing attack and right now mobile is an increasingly common attack vector.

Recent research from Wandera shows a new trend among cyber-criminals toward mobile phishing. Every day, dozens of new attacks are detected and many of them last less than a day before being shut down and relocated elsewhere. These phishing attacks share many standard features, notably centering around the use of WhatsApp.

Distribution Methods
Now that there is a widespread awareness of the dangers email-based phishing attacks bring, many savvy cyber-criminals are instead moving on to using other vectors that allow them to attack mobile devices. Many of such attacks center on WhatsApp as both the initial method of delivery and the way to reach more targets after every single success.

It isn’t just the awareness that has led to this shift. Email clients and providers have many built-in tools that identify any potential phishing emails and alert the user or automatically delete the email.

In contrast, there are no such security measures for SMS, or for app-based messaging services. Given the sheer number of different messaging apps out there, it is challenging to develop a catch-all defense against mobile phishing attacks. This results in mobile-based attacks being at least three times more effective than the phishing that takes place through desktop. Without any doubt, mobile providers should make further investments into raising cybersecurity awareness and improving it on mobile.

Exploiting WhatsApp
Unlike with phishing emails, which are often flagged as potentially malicious, there is no filtering or alert system on WhatsApp either. When a user receives a link on WhatsApp, it usually generates a preview of that website’s logo and page title. These are easy for an attacker to fake but might give a phishing message enough of a veneer of legitimacy for the user to get caught off guard.

More: https://www.zdnet.com/article/25-android-smartphone-models-contain-severe-vulnerabilities-off-the-shelf/

SIKURPhone – Beyond a Cryptocurrency Wallet and Ready for Financial Transactions

By: sikur

Whilst Sikurs competitors are promising to release secure blockchain devices, Sikur is already delivering a full and innovative operating system experience. SikurOS is powering devices that can deliver much more than secure cryptocurrency wallets and other gadgets to protect assets.

2018 has been an incredible year for us – from the rush of launching SIKURPhone at Mobile World Congress, in Barcelona, to porting SikurOS to different hardware. It has been an exciting journey and we still have more to come, said Alexandre Vasconcelos, Sikurs COO.

SikurOS is a very innovative model, although its concepts are widely available. An operating system that is capable of effectively protecting user data is an approach that has taken SIKURPhone to the next level. Combining safety with convenience is a challenge that Sikurs research and development team face every day.

According to Group-IB, more than $882 million in cryptocurrency assets was lost to fraud and hacks in 2017 and 2018, mostly in the Asian market, including the over $500 million hack of Japanese Cryptocurrency Exchange Coincheck. Protecting cryptocurrency coins for the regular investor with simplicity and usability is already possible with SIKURPhone.

After passing rigorous tests by HackerOne with a bug bounty program, securing cryptocurrency is a challenge that SIKURPhone has already overcome. Sikur is now daring to take it a step further with the Trading Station concept.

More: https://www.globalbankingandfinance.com/sikurphone-beyond-a-cryptocurrency-wallet-and-ready-for-financial-transactions/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Sikur lança solução que traz camada adicional para aplicações críticas

By: TI Inside Online

Embora os concorrentes da Sikur estejam prometendo lançar dispositivos blockchain seguros, a Sikur já está oferecendo um sistema operacional completo para uso de carteiras de criptomoedas seguras e outros gadgets para proteger ativos.

“2018 tem sido um ano incrível para nós – desde a corrida de lançamento do SIKURPhone no Mobile World Congress, em Barcelona, ??até a portabilidade do SikurOS para diferentes hardwares. Foi uma jornada emocionante e ainda temos mais por vir”, disse Alexandre Vasconcelos, COO da Sikur.

“O SikurOS é um modelo muito inovador, embora seus conceitos estejam amplamente disponíveis. Um sistema operacional capaz de proteger efetivamente os dados do usuário é uma abordagem que levou o SIKURPhone a combinar segurança com conveniência, um desafio que a equipe de pesquisa e desenvolvimento da Sikur enfrenta todos os dias”, completa.

De acordo com o Group-IB, mais de US$ 882 milhões em ativos de criptomoeda foram perdidos para fraudes e hackers em 2017 e 2018, principalmente no mercado asiático, incluindo os mais de US$ 500 milhões do Japanese Cryptocurrency Exchange Coincheck. Proteger moedas de criptomoedas para o investidor regular com simplicidade e usabilidade é o que promete o SIKURPhone.

Depois de passar por testes rigorosos da HackerOne com um programa de recompensas de bugs, garantir a criptomoeda é um desafio que a SIKURPhone já superou. Sikur está agora se atrevendo a dar um passo adiante com o conceito de Trading Station.

“O mercado financeiro é dinâmico e está em constante mudança. Os números de fraude e perda continuam aumentando à medida que a variedade de métodos de transação digital cresce. As soluções existentes não fornecem flexibilidade, usabilidade e segurança suficientes para o usuário moderno. A Sikur’s Trading Station usa a força do SikurOS e fornece camadas extras de segurança para aplicativos financeiros que exigem proteção máxima. Também introduz liberdade e flexibilidade para realizar operações de qualquer lugar, sem a necessidade de estar em escritórios ou redes altamente protegidas. As ações de trading, mobile banking e mPOS (Mobile Point of Sale) são alguns exemplos do mundo real onde a SIKURPhone pode fazer uma grande diferença para a indústria”, disse Fabio Fischer, vice-presidente executivo da Sikur.

Proteger dados localmente e na nuvem é uma alta prioridade para empresas e governos. Portanto, ter aplicativos conhecidos nesses dispositivos está se tornando obrigatório, pois a segurança preocupa mais pessoas a cada ano.

“Na Sikur, a inovação faz parte do nosso DNA. Estamos sempre procurando criar. Essa energia dá a todos mais poder e determinação para progredir. O conceito de Trading Station vem dessa maneira de pensar”, diz Alexandre Stumpf, CTO da Sikur.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/31/10/2018/sikur

Xperiaをデータ保護に特化させたスマホ「SIKURPhone XZ1/XA2」発表

By: Engadget Japan

セキュリティ企業のSikurは、データ保護に特化したスマートフォン「SIKURPhone XZ1/XA2」を発表しました。その名前や本体デザインからもわかるように、ソニーのXperia XZ1/XA2がベースの端末となっています。

Xperiaのフォントで遊ぶ

SIKURPhone XZ1/XA2はAndroid OSをベースとしたカスタムOS「SikurOS」を搭載。クラウドベースの専用アプリにて暗号化通信を利用したボイスメッセージを送受信したり、ドキュメントを編集したり、動画通話が利用できます。なお、アプリの専用ストアは2018年末までにローンチされる予定です。

さらにSikurによれば、SIKURPhone XZ1/XA2は暗号通貨の取り扱いにおいても「最も安全なデジタルウォレット」だとしています。また、エンタープライズ用途としては遠隔でのデバイスやユーザーの管理が可能です。

本体スペックはベースのスマートフォンと変わらず、SIKURPhone XZ1はディスプレイが5.2インチでプロセッサがSnapdragon 835、1900万画素カメラを搭載。SIKURPhone XA2はディスプレイが5.2インチでプロセッサがSnapdragon 630、2300万画素カメラを搭載しています。

SIKURPhone XZ1/XA2の価格はそれぞれ850ドル(約9万6000円)と650ドル(約7万4000円)。最新ではありませんが十分なスペックにセキュリティ機能を搭載したスマートフォンとして、企業からの需要が見込まれそうです。

もっと: https://headlines.yahoo.co.jp/hl?a=20180928-00010002-engadgetj-prod

SIKURPhone – 仮想通貨ウォレットを超えて金融取引の準備が整う

By: Business Wire

  • SIKURPhone – ファースト・クラスのセキュリティーを備えたハイエンド・スマートフォンの利便性
  • セキュア・コミュニケーション市場で先頭を歩むデバイス
  • オペレーティングシステムのSikurOSがセキュリティー思想の基盤

ロンドン–(BUSINESS WIRE)– (ビジネスワイヤ) — Sikurの競合企業はセキュアなブロックチェーン・デバイスを発表すると約束している段階ですが、Sikurは、完全な革新的なオペレーティングシステムの体験を既に提供しています。SikurOSは、安全な仮想通貨ウォレットや資産を守るためのその他のガジェット以上のものを多数もたらすことができるデバイスで使用されています。

「2018年は私たちにとって信じられない年となっています。バルセロナで行われたモバイル・ワールド・コングレスでSIKURPhoneを発表してから、SikurOSを異なるハードウェアに移植するまで前進しました。これまで活発な作業が続いてきましたが、まだ新たなものが控えています」と、Sikur最高執行責任者(COO)のAlexandre Vasconcelosは述べています。

SikurOSは、コンセプトは広く見られるものですが、非常に革新的なモデルです。ユーザーのデータを効果的に保護する能力を持つオペレーティングシステムは、SIKURPhoneを次の段階に高めるアプローチとなりました。安全性と利便性を組み合わせることは、Sikurの研究開発チームが毎日取り組んでいる課題です。

グループIBによれば、2017年と2018年に8億8200万ドル以上の仮想通貨資産が詐欺やハッキングによる盗難被害に遭っており、そのほとんどはアジア市場で発生しています。これには、日本の仮想通貨取引所のコインチェックでの5億ドルを超えるハッキング事件が含まれます。SIKURPhoneでは、単純で使いやすい方法で普通の投資家の仮想通貨を保護することが、既に可能になっています。

バグ発見懸賞金プログラムを取り入れたHackerOneによる厳格な試験を通過したSIKURPhoneは、仮想通貨を安全に保護するという課題を既に克服できています。Sikurは現在、トレーディング・ステーションのコンセプトによって、これをさらに一歩前進させる大胆な試みを行っています。

「金融市場は動的なものであり、常に変化しています。デジタル取引方法の種類が拡大するにつれて、詐欺や紛失事件の数は増加を続けています。これまでのソリューションでは、現代のユーザーが必要とする柔軟性、容易さ、セキュリティーを十分に提供することができません。Sikurのトレーディング・ステーションはSikurOSの能力を利用し、最高度の保護を必要とする金融アプリに追加的なセキュリティー・レイヤーを提供します。どの場所にいても操作を実行できる自由と柔軟性も実現し、オフィスや高度に保護されたネットワークから操作する必要はなくなります。株式の取引、モバイル・バンキング、mPOS(モバイル販売)は、SIKURPhoneが業界で大きな改革を起こすことのできる実際的事例の一部です」と、SikurのエグゼクティブVPのFabio Fischerは語っています。

データを手元とクラウドで安全に保護することは、企業と政府にとって優先度の高い問題です。そのため、安全を懸念する人々が毎年増加するにつれて、使用するデバイスにはよく分かっているアプリを入れることが必須のことになっています。

「Sikurでは、イノベーションが浸透しています。私たちは常に創造を目指しています。このエネルギーが、前進するために必要なパワーと決意を全員に与えています。トレーディング・ステーションのコンセプトはこのような考え方から出てきたものです」と、SikurのCTOのAlexandre Stumpfは述べています。

もっと: https://www.jiji.com/jc/article?k=20181030006247&&&&g=bw

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

By: Mohit Kumar

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers.

Discovered by researchers at Cymulate, the bug abuses the ‘Online Video‘ option in Word documents, a feature that allows users to embedded an online video with a link to YouTube, as shown.

When a user adds an online video link to an MS Word document, the Online Video feature automatically generates an HTML embed script, which is executed when the thumbnail inside the document is clicked by the viewer.

Researchers decided to go public with their findings three months after Microsoft refused to acknowledge the reported issue as a security vulnerability.

How Does the New MS Word Attack Works?

Since the Word Doc files (.docx) are actually zip packages of its media and configuration files, it can easily be opened and edited.

According to the researchers, the configuration file called ‘document.xml,’ which is a default XML file used by Word and contains the generated embedded-video code, can be edited to replace the current video iFrame code with any HTML or javascript code that would run in the background.

More: https://thehackernews.com/2018/10/microsoft-office-online-video.html?m=1

 

Cybercrime Damages $6 Trillion By 2021

By: Steve Morgan

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades

The 2017 Official Annual Cybercrime Report is sponsored by Herjavec Group,  a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom. Download PDF

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

The cybercrime prediction stands, and over the past year it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally.

The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

More: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Sikurphone – nejbezpečnější způsob komunikace bez obav z odposlechu citlivých informací

By: Mgr. Petr Duchoslav

Společnost Satomar, distributor vybraných produktů z oblasti komunikačních a informačních technologií, představuje na našem trhu telefony SikurPhone a komplexní platformu Sikur, která představuje nejbezpečnější způsob osobní a firemní komunikace. Toto řešení je určeno pro každého, komu záleží na důsledném uchování svého soukromí.

SikurPhone je samostatný ekosystém bezpečné privátní komunikace mezi všemi zařízeními vybavenými příslušným operačním systémem nebo aplikací s možností propojení i se všemi dalšími mobilní telefony, tablety a počítači. Díky úzké spolupráci se společností Sony jsou základem tohoto ekosystému dva modely smartphonů Sony, na které je nainstalován vlastní operační systém SikurOS založený na Androidu. Ten umožňuje šifrované a zabezpečené spojení splňující nejvyšší bezpečnostní kritéria mezi zařízeními SikurPhone či staršími GranitePhone. Kromě popsaného hardware mohou být díky speciální aplikaci do zabezpečeného systému připojena také další zařízení s operačními systémy Android, iOS či Windows.

Bezpečná komunikace prověřená hackery

Zajištění diskrétnosti spočívá ve vysoce propracovaném a sofistikovaném formátu kódování informací s využitím několika bezpečnostních vrstev. Platforma SikurPhone zahrnuje vlastní zabezpečenou nadstavbu operačního systému Android – SikurOS – která díky propracovanému řešení eliminuje nutnost využívání VPN či firewallu. SikurOS je dostupný buď předem předinstalovaný v sadě s jedním z ověřených mobilních telefonů pocházejících z dílny Sony, nebo pak prostřednictvím aplikace, kterou je možné získat na běžně používaných obchodech Google Play, App Store či na stránkách výrobce sikur.cz. Bezpečná komunikace je zajištěna pouze mezi zařízeními využívající Sikur OS. Samozřejmostí je však zachování všech dalších způsobů komunikace mimo platformu Sikur na smartphonech a počítačích.

Neoddělitelnou součástí SikurOS je také sada ověřených aplikací, jako internetový prohlížeč, e-mailový klient, populární komunikační nástroj WhatsApp, zpravodajská aplikace shrnující nejnovější zprávy z hlavních mediálních kanálů po celém světě a další, s jejichž využitím lze zabezpečit textovou osobní i e-mailovou komunikaci včetně skupinové, sdílení souborů, telefonní hovory i video konference. Po testování a schválení se součástí tohoto nejbezpečnějšího běžně dostupného ekosystému může stát jakákoli další aplikace libovolného vývojového týmu.

Algoritmus šifrování dat i bezpečnost celé platformy SikurPhone byla úspěšně prověřena organizací HackerOne, která ve spolupráci s nejlepšími hackery pomáhá výrobcům ověřit jejich bezpečnostní prvky. Bezpečnost byla prověřena reálným testováním, během něhož nebyly komunikační protokoly prolomeny. Společnost Gartner označila výrobce Sikur jako dodavatele, který má v tomto technologickém segmentu příslušná řešení.

Kryptoměnová peněženka

Nedílnou součástí každého SikurPhonu je i peněženka na kryptoměny. Pokud patříte mezi fanoušky digitálních měn, představuje SikurPhone jednu z nejbezpečnějších možností jejich uložení. Se SikurWallet navíc získáte přímou podporu Bitcoin Testnetu, ideálního nástroje pro testování bitcoinových aplikací napříč platformami.

Dostupnost

Telefony SikurPhone i aplikaci Sikur je možné objednat již nyní na stránkách sikur.cz či prostřednictvím výhradního dovozce a distributora – společnosti Satomar, s.r.o. Cena je stanovena na 19 990 Kč včetně DPH pro model SikurPhone SONY XA1 a 24 990 Kč včetně DPH pro model SikurPhone SONY XZ1. V ceně telefonu je již zahrnuta dvouletá licence pro používání platformy Sikur.

O společnosti Satomar

Společnost Satomar se již desátým rokem zabývá dovozem, prodejem a distribucí mobilních telefonů, tabletů a dalších elektronických zařízení či příslušenství. Za dobu svého působení uvedla na trh úspěšně produkty značek Revogi, Deveroux, Livall, Sunmi, ChatSIM, LCD tablety Ainol či Pipo, elektronické zápisníky Boogieboard, mobilní telefony Cube 1, Cubot nebo Oukitel, dětské hodinky s GPS Abardeen, počítačové příslušenství pod vlastní značkou Beik či minipočítače Remix. Kromě toho se společnost soustředí i na OEM výrobu pro své partnery.

Více: https://www.securitymagazin.cz/security/sikurphone-nejbezpecnejsi-zpusob-komunikace-bez-obav-z-odposlechu-citlivych-informaci-1404061641.html