News Article | December 14, 2016
NEW YORK, Dec. 14, 2016 (GLOBE NEWSWIRE) -- Avanan cloud security experts have discovered a new twist on a well-known cyberattack exploiting users’ increased online shopping activity around the holiday season. Unlike the recent spate of highly publicized attacks targeting users’ credit card numbers with fake messages about a problem with online orders, this new attack goes after something potentially even more valuable: users’ Office 365 passwords. Once obtained, hackers have full access to the victim’s Office 365 account, providing an unlimited ability to embed malware, launch additional phishing attacks on the victim’s contacts, steal sensitive company information, reroute invoice remittance details, download customer information such as social security numbers and much, much more. The phishing attack starts with an email that appears to come from FedEx, informing the user that an important package is waiting for the victim. The email contains a link, which is displayed as, http://www.fedex.com/us/track. The actual URL that’s embedded within this displayed link starts with http://fedex-international.com but continues with “.xn-sicherheit-schlsseldienst-twc.de/track.” The .xn uses a Unicode-encoding method called Punycode, which effectively fools Office 365 into thinking this is a legitimate URL that doesn’t contain any malicious intent. The resulting page displayed upon clicking this link is a fake Office 365 login page, asking for the user to provide his or her Office 365 password. Users still trying to access information about their package are likely to input their Office 365 password at this point, thinking that they had inadvertently logged out of Office 365, and therefore need to log back in to continue to track their package. In reality, however, they are giving up the keys to their workplace environment to hackers. “The email scanners and threat protection provided by Microsoft are not stopping the latest phishing emails from getting into our organization,” said Matt Litchfield, vice president of Information Technology at JD Norman Industries. “We are experiencing phishing emails that target my users’ Office 365 credentials. These types of attacks represent a very serious security concern for my organization. I no longer believe that Office 365 email scanning offers sufficient protection from phishing attacks by itself; we must layer additional security on top of what Microsoft already provides to ensure a comprehensive email security solution.” “This is a very significant attack,” said cloud security expert Gil Friedrich, Avanan’s CEO. “With this attack, it’s clear that hackers now realize they can exploit victims’ workplace shopping habits to infiltrate corporate networks, which can be potentially much more valuable than petty credit card theft.” This exploit represents the latest attack on business users of Microsoft Office 365 and Google’s business Gmail programs, which have become platforms of choice for attacks since hackers can test the deliverability of their messages through their own low-cost test accounts. Companies that have migrated to these SaaS-based mail programs without adding necessary security layers have effectively exposed their users to the growing world of cloud security attacks. How to protect from this and future attacks Office 365 and Gmail have inherently limited abilities to block these attacks, since hackers can simply keep testing the deliverability of their messages until they successfully bypass built-in security layers. No one vendor can provide total protection, which is why Avanan recommends a multi-vendor, defense-in-depth approach. Avanan’s cloud security platform enables businesses to apply any combination of more than 60 best-of-breed security tools to Office 365, Gmail and any other SaaS application, all in Avanan’s elegant single pane of glass, and all with just one click. The added layers of security via Avanan’s platform make it impossible for hackers to “test-bench” the deliverability of their attacks, making unprotected users even more attractive and vulnerable. Free scan offer Avanan has offered to provide a free tool to scan Office 365 mailboxes to see how many users in an organization were victims of this attack. To take advantage of this limited-time offer, visit http://www.avanan.com/puny-phishing-office-365. About Avanan, the Cloud Security Platform (http://www.avanan.com) Avanan secures any SaaS application, such as Office 365 and Google Mail, or any cloud application with one click, using best-of-breed security technology from industry-leading vendors. Avanan has been named a 2016 Gartner Cool Vendor, a Red Herring Top 100 North American Tech Startup and one of CRN’s 20 Coolest Cloud Security Vendors of 2016.
Pearson S.,Cloud Security |
Benameur A.,Cloud Security
Proceedings - 2nd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2010 | Year: 2010
Cloud computing is an emerging paradigm for large scale infrastructures. It has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay-per-use business model. These new features have a direct impact on the budgeting of IT budgeting but also affect traditional security, trust and privacy mechanisms. Many of these mechanisms are no longer adequate, but need to be rethought to fit this new paradigm. In this paper we assess how security, trust and privacy issues occur in the context of cloud computing and discuss ways in which they may be addressed. © 2010 IEEE.
Ko R.K.L.,Cloud Security |
Lee B.S.,Cloud Security |
Pearson S.,Cloud Security
Communications in Computer and Information Science | Year: 2011
The lack of confidence in entrusting sensitive information to cloud computing service providers (CSPs) is one of the primary obstacles to widespread adoption of cloud computing, as reported by a number of surveys. From the CSPs' perspective, their long-term return-on-investment in cloud infrastructure hinges on overcoming this obstacle. Encryption and privacy protection techniques only solve part of this problem: in addition, research is needed to increase the accountability and auditability of CSPs. However, achieving cloud accountability is a complex challenge; as we now have to consider large-scale virtual and physical distributed server environments to achieve (1) real-time tracing of source and duplicate file locations, (2) logging of a file's life cycle, and (3) logging of content modification and access history. This position paper considers related research challenges and lays a foundation towards addressing these via three main abstraction layers of cloud accountability and a Cloud Accountability Life Cycle. © 2011 Springer-Verlag.
Papanikolaou N.,Cloud Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2012
We discuss ongoing work on developing tools and techniques for understanding natural-language descriptions of security and privacy rules, particularly in the context of cloud computing services. In particular, we present a three-part toolkit for analyzing and processing texts, and enforcing privacy and security rules extracted from those texts. We are interested in developing efficient, accurate technologies to reduce the time spent analyzing and reasoning about new privacy laws and security rules within the enterprise. We describe the tools we have developed for semantic annotation, and also for information extraction - these are specifically intended for analysis of cloud terms of service, and therefore designed to help with self-compliance; however, the techniques involved should be generalizable to other relevant texts, esp. rules and regulations for data protection. © 2012 Springer-Verlag.
Pearson S.,Cloud Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013
In conjunction with regulation, information security technology is expected to play a critical role in enforcing the right for privacy and data protection. The role of security in privacy by design is discussed in this paper, as well as the relationship of these to accountability. The focus within these discussions is on technological methods to support privacy and data protection in cloud scenarios. © 2013 Springer-Verlag.
Cloud Security | Date: 2014-04-25
The present invention relates to a camera device, wherein the camera device comprising a base with a fillister; a body with a spherical unit and a neck; and a camera configured onto the body. The spherical unit fits the fillister to form a joint allowing a wide range of rotation in all direction. The base further comprises a first fixing unit and a second fixing unit. Therefore, the camera device is able to be easily mounted onto a targeted surface; and, the camera field of view is able to be rapidly optimized toward a specific direction.
Cloud Security | Date: 2014-04-25
The present invention provides a camera system and the operating method thereof, wherein the camera system transmits a digital token via sound waves and uses the digital token for device pairing, authorizing, or authenticating. The camera system comprises a transmitting device, for converting the digital token to an acoustic signal, and a camera device, for converting the acoustic signal to the digital signal.
Cloud Security | Date: 2014-04-21
Burglar alarms; audiovisual teaching apparatus, namely, speakers, monitors, headphones, and microphones; camcorders; photographic cameras; electric monitoring apparatus, namely, cameras, motion sensors, and burglar alarms; sound recording and transmitting apparatus; electric theft prevention installations, namely, alarms and detectors; electric locks; warning bells; computer software for use with security monitors and alarm systems; data processing apparatus; downloadable image files containing videos and pictures from security monitors and web links relating to theft prevention; electric installations for the remote control of industrial operations; fire alarms; intercommunication apparatus, namely, telephones, intercoms, headphones, and microphones; life-saving apparatus and equipment, namely, telephones, intercoms, headphones, and microphones; computer monitors; push buttons for bells; remote control apparatus for alarm systems and camera systems; signal bells; sirens; sound alarms; alarm signal whistles.
Cloud Security | Date: 2014-04-21
Camcorders; photographic cameras; electric monitoring apparatus, namely, cameras, motion sensors, and burglar alarms; sound recording and transmitting apparatus; computer software for use with security monitors and alarm monitoring systems to collect, process, and organize photographs, videos, and data from security monitors and alarm monitoring systems; downloadable image files containing videos and pictures from security monitors and web links relating to theft prevention; electric installations for the remote control of industrial operations; intercommunication apparatus, namely, telephones, intercoms, headphones, and microphones; remote control apparatus for alarm monitoring systems and camera systems, namely, computers for remotely managing alarm monitoring and camera systems.