Connect with us

Cyber Security

Mobile device management and unified endpoint management



device management is a crucial component of maintaining a stable security
posture, but mobile device management and unified endpoint management tools,
one of the more difficult areas of cybersecurity is one of the most difficult
areas of cybersecurity. The everchanging and growing threat landscape makes
security difficult enough, while the lack of control surrounding mobile devices
poses an additional challenge for security teams and administrators.

devices come in various shapes in sizes with equally varying operating systems,
further complicating administrator management. For example, most OS allow for
remote control capabilities, while Apple only permits remote view.   

The most
effective way to manage mobile devices and keep networks secure, while avoiding
productivity impediments, is to implement an MDM-UEM solution.

solutions not only help ensure security and meet compliance requirements, but
in some cases, they may increase productivity with roles-based access and
automation capabilities. These tools help administrators maintain their
workloads and let end-users freely use their devices while keeping corporate
data within the network secure.

The products
we tested this month successfully balance productivity with compliance and
security by leveraging functionalities such as geo-fencing and remote view and
control. Once one of these solutions has been deployed into your environment,
end-users will be able to use their devices without introducing unnecessary
risk into your environment.

Mobile device management and unified endpoint management

The main
lesson we learned from the mobile device management and unified endpoint
management (MDM UEM) tools we reviewed is that mobile device management is a
crucial component of maintaining a stable security posture. Everchanging and
growing threat landscapes make security difficult enough but being unable to
control surrounding mobile devices poses an additional challenge for security
teams and administrators.

A properly
configured mobile device/endpoint management tool will not only help ensure
security and meet compliance requirements, but in some cases, it may also
increase productivity through roles-based access and automation capabilities
that minimize manual overhead. The tools we reviewed assist with MDM-UEM,
allowing administrators and employees to use their devices freely and safely, but
still maintain the security of corporate data.

There are
many items to consider when it comes to managing mobile devices and unified
endpoints, including installing applications, geo-tracking and geo-fencing.
Securing devices is, quite literally, like trying to secure and manage a moving
target. End users obviously transport their devices from home to work,
sometimes traveling a considerable distance and administrators can’t control
the networks to which the devices connect. Therefore, it is crucial to protect
data with encryption and containerization.

management is further complicated by the variety of operating systems. And administrators
must control corporate-owned devices to protect them when lost or stolen. The proliferation
of IoT and mobile devices in the workplace has birthed an information security niche
that the MDM-UEM solutions we tested this month all seek to address.

tools have adapted well to the increase in the number of workplace mobile
devices. End users need to be able to complete work tasks securely, but that
security should never impede productivity. Administrators must be able to
manage corporate-owned devices and containerize personal devices to ensure that
these devices never threaten corporate data. The following MDM-UEM solutions
successfully balance productivity with security. In some cases, they even
enhance the productivity of both administrators and end-users with features
like roles-based access, automation, artificial intelligence and geo-tracking.

Pick of the Litter

VMWare offers several unique features such as: Intelligent hub; role-based access, sandboxing and more. This robust feature-set, overall product performance and free 24/7 support combined in one very competitively priced solution makes VMWare Workspace ONE an SC Labs Best Buy.  

The incorporation of Watson, a question-and-answer system backed by machine learning technology, and the vastness of features and configuration options offered makes MaaS360 with Watson our SC Labs Recommended product for this month’s round of reviews.  

Check out all the reviews below:
BlackBerry Unified Endpoint Management Q-Series
Hexnode 8.2
IBM MaaS360 with Watson 10.74
Meraki Systems Manager SaaS
MobileIron UEM R64
Sophos Mobile 9.0
VMWare Workspace ONE UEM 1907

Republished from

Cyber Security

The Sneaky Simple Malware That Hits Millions of Macs




The popular misconception that Macs don’t get viruses has become a lot less popular in recent years, as Apple devices have weathered their fair share of bugs. But it’s still surprising that the most prolific malware on macOS—by one count, affecting one in 10 devices—is so relatively crude.

This week, antivirus company Kaspersky detailed the 10 most common threats its macOS users encountered in 2019. At the top of the list: the Shlayer Trojan, which hit 10 percent of all of the Macs Kaspersky monitors, and accounted for nearly a third of detections overall. It’s led the pack since it first arrived in February 2018.

You’d think that such prevalence could only be achieved by comparable sophistication. Not so! “From a technical viewpoint Shlayer is a rather ordinary piece of malware,” Kaspersky wrote in its analysis. In fact, it relies on some of the oldest tricks in the books: convincing people to click on a bad link, then pushing a fake Adobe Flash update. Even the trojan’s payload turns out to be ho-hum: garden variety adware.

Shlayer’s brilliance, it turns out, lies less in its code than its method of distribution. The operators behind the trojan reportedly offer website owners, YouTubers, and Wikipedia editors a cut if they push visitors toward a malicious download. A complicit domain might prompt a phony Flash download, while a shortened or masked link in a YouTube video’s description or Wikipedia footnote might initiate the same. Kaspersky says it counted more than 1,000 partner sites distributing Shlayer. One individual, Kaspersky says, currently owns 700 domains that redirect to Shlayer download landing pages.

“Distribution is a vital part of any malware campaign, and Shlayer shows that affiliate networks are pretty effective in this sense,” says Vladimir Kuskov, head of advanced threat research and software classification at Kaspersky.

While Shlayer is simple, the adware it installs—a wide variety, since Shlayer itself is just a delivery mechanism—can deploy at least a modestly clever trick or two. In an instance of Cimpli adware that Kaspersky observed, the malware first poses as another program, in this case Any Search. In the background, Cimpli attempts to install a malicious Safari extension, and generates a fake “Installation Complete” notification window to cover up the macOS security notification that warns you against doing so. It tricks you, in other words, into granting permission to let it run amok on your device.

Once you do, the attacker can both intercept your search queries and seed the results with their own ads. It’s an annoyance, more than anything. But given that over 100 million people use macOS, and it hits at least 10 percent of those with Kaspersky installed, it’s reasonable to assume that millions of Mac users deal with it every year. Even if only a small percentage of those attempts prove successful, it’s apparently enough to keep the operation going.

“Apple does a great job making their OS more and more secure with every new release,” says Kuskov. “But it is hard to prevent such attacks on the OS level, since it's the user who clicks on a link and downloads Shlayer and runs it, like any other software.”

While Flash might seem like an outdated lure, given the numerous public warnings about its fallibility and the fact that it’s dying off completely this year anyway, it’s actually perversely effective.

“I think the reason why fake Flash Players are so successful, in spite of these facts, is twofold,” says Joshua Long, chief security analyst at Intego, which first discovered Shlayer nearly two years ago. “Force of habit, and lack of awareness of the current state of Flash.”


To the first point, people have been so accustomed to serious Flash vulnerabilities that they’re conditioned to update ASAP to avoid calamity. As for the second, Long says, “the average consumer has no idea that Flash is rarely used by modern sites, that Flash installers are no longer necessary, or that Flash is being terminated this year.”

None of which means Mac owners are especially susceptible. “The techniques used to deceive users to install Shlayer also work fine with users of any other platform and OS,” Kaspersky’s Kuskov says.

The best ways to protect yourself from Shlayer and other malware are similarly universal. Don’t click suspicious links, especially not surprise pop-up windows. Don’t install Flash in the year of our lord 2020, especially not from a site that’s promising a pirated livestream.

Read more:

Continue Reading

Cyber Security

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks




Indonesian magecart hacker arrested

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.

Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.

According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.

Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.

Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and login details as well.

Though Indonesian police claim these hackers had compromised 12 e-commerce websites, experts at cybersecurity firm Sanguine Security believe the same group is behind the credit card theft at more than 571 online stores.

“These hacks could be attributed because of an odd message that was left in all of the skimming code,” Sanguine Security said.

“‘Success gan’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructures.’

The police revealed that the suspects used stolen credit cards to buy electronic goods and other luxury items, and then also attempted to resell some of them at a relatively low price through local e-commerce websites in Indonesia.

js credit card skimmer

On an Indonesian news channel, one of the accused even admitted to hacking e-commerce websites and injecting web skimmers since 2017.

Moreover, experts also observed similar cyberattacks linked to the same online infrastructure even after the arrest of three people, and thus believes that there are more members of this hacking group who are still at large.


Continue Reading

Cyber Security

Critical vulnerabilities found in GE medical gear




The DHS Cybersecurity and Infrastructure Security Agency has issued a warning of six critical-rated vulnerabilities in several GE medical monitoring devices.

Advisory ICSMA-20-023-01 covers the GE CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center (CIC) systems, CARESCAPE B450, B650, B850 monitors. The vulnerabilities include unprotected storage of credentials, improper input validation, use of hard-coded credentials, missing authentication for critical function, unrestricted upload of file with dangerous type and inadequate encryption strength.

As of now GE said it was not aware of any reported incidences of a cyberattack in a clinical use or any reported injuries associated with any of these vulnerabilities.

The flaws

  • CVE-2020-6961, critical, a
    vulnerability that exists in the affected products that could allow an attacker
    to obtain access to the SSH private key in configuration files.;
  • CVE-2020-6962, critical, is an input
    validation vulnerability in the web-based system configuration utility that
    could allow an attacker to obtain arbitrary remote code execution;
  • CVE-2020-6963, critical, where the
    affected products utilize hard-coded SMB credentials, which may allow an
    attacker to remotely execute arbitrary code if exploited;
  • CVE-2020-6964, critical, where the
    integrated service for keyboard switching of the affected devices could allow attackers
    to obtain remote keyboard input access without authentication over the network;
  • CVE-2020-6965, critical, is a a
    vulnerability in the software update mechanism allows an authenticated attacker
    to upload arbitrary files on the system through a crafted update package;
  • CVE-2020-6966, critical, the affected
    products utilize a weak encryption scheme for remote desktop control, which may
    allow an attacker to obtain remote code execution of devices on the network.

GE is in the
process of developing and releasing patches for these issues. In the meantime,
the company recommends:

  • The MC and IX Networks are isolated
    and if connectivity is needed outside the MC and/or IX Networks, a router/firewall
    is used.
  • MC and IX Router/Firewall should be
    set up to block all incoming traffic initiated from outside the network, with
    exceptions for needed clinical data flows.
  • Restricted physical access to central
    stations, telemetry servers, and the MC and IX networks. Default passwords for
    Webmin should be changed as recommended.
  • Password management best practices
    are followed.
  • The best way to stamp out
    vulnerabilities is to find them as soon as possible by using a secure
    development life cycle (SDLC). At every stage of product development,
    vulnerabilities are identified and eradicated.

Even though
there are upcoming patches and temporary workarounds Jonathan Knudsen, senior
security strategist with Synopsys, noted such vulnerabilities should be
discovered during the development phase and not after they have been released.

“In the
design phase, this takes the form of using threat modeling and other techniques
to identify design vulnerabilities and the security controls that are necessary
to reduce the risk of the system,” he said.


Continue Reading