Segmentation – the Simplest Security Policy Most People Miss

 
In our 2014 Security Report, we highlighted a quote from Bill Cheswick, a world-renowned computer security expert, who in 1990 talked about first-generation network security focusing on perimeter protection. He called this simple perimeter security concept ‘a sort of crunchy shell around a soft, chewy center.’ The idea used to be that an organization’s internal network was “trusted,” whereas the external Internet was “untrusted.” Early firewalls permitted outbound connections (from trusted to untrusted), but prevent inbound connections. Next generation firewalls extend this framework by adding an Intrusion Prevention System (IPS) and user and application awareness ...

FREAK (Out!) Attack, Fake Amazon Voucher, Google Doesn’t Encrypt – Mobile Security Weekly

 
This was a busy week for cybersecurity! Researchers discovered FREAK Attack, a vulnerability that allows attackers to intercept HTTPS connections between vulnerable clients and servers. And Android users haven’t had the best of weeks either, after now learning about Google’s failure to provide promised encryption, as well as a new SMS campaign hitting Android users worldwide. FREAK Attack Leaves Millions of iOS and Android Users Vulnerable Researchers have discovered a potentially catastrophic flaw that, for more than a decade, has made it possible for attackers to decrypt SSL-protected traffic passing between Android or Apple devices and millions of ...

Return of the Masque Attack

 
Unpatched iOS Vulnerabilities Leave All Users at Risk Late last year, Lacoon published its insights on two related iOS threats. Wirelurker, one of the first significant malwares to affect non-jailbroken devices, and Masque Attack, the actual vulnerability in iOS that Wirelurker exploits, proved a lethal combination. This post discusses Lacoon’s insights on another aspect of the original Masque Attack, URL Scheme Hijacking. Masque Attack is unique and particularly dangerous because it takes advantage of a security flaw in iOS that allows an app to be replaced by another app of same Bundle ID - regardless of the developer. ...