the city ’ s network system and encrypted data . The details are somewhat slim for now , but hackers reportedly used the SamSam ransomware and demandAttack.Ransomaround $ 51,000 in Bitcoin to unlock the city ’ s seized computers . Atlanta is currently working with the Department of Homeland Security , the FBI , Microsoft , and Cisco cybersecurity officials to determine the scope of the damage and regain control of the data held hostage . “ Our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue , ” the city ’ s official Twitter account states . “ We are confident that our team of technology professionals will be able to restore applications soon . Our city website , Atlantaga.gov , remains accessible and we will provide updates as we receive them. ” As of Thursday afternoon , the city said it faced outages on various “ internal and customer facing applications , ” such as means for accessing court-related information and paying bills . But the city itself isn ’ t exactly under siege : Airport , public safety , and water operations remain unaffected by the attack , and the city payroll wasn ’ t touched . The only bone Atlanta is throwing the public is that the attack affects “ various city systems. ” According to Atlanta ’ s newly appointed chief operating officer , Richard Cox , Atlanta Information Management officials were made aware of problems with internal and customer-facing applications at 5:40 a.m. Thursday . At the time , he acknowledged that the city fell prey to ransomware , but given the investigation is still ongoing , he couldn ’ t provide the extent of the damage . “ The ongoing investigation will determine whether personal information , financial , or employee data has been compromisedAttack.Databreach, ” he said during a press briefing . “ As a precaution , we are asking that all employees take the appropriate measures to ensure their data is not compromisedAttack.Databreach. The city advises employees to monitor and protect personal information and in the coming days we will offer employees additional resources if needed. ” What the city didn ’ t officially disclose was the ransomware note discovered in the investigation . A screenshot reveals the hackers ’ demandsAttack.Ransom: 0.8 Bitcoins for each seized computer , or six bitcoins to unlock all computers held hostage , equaling to around $ 51,000 in real cash . Once Atlanta sends the Bitcoins to a digital wallet , the city is to leave a message containing the host name on a specific website . The hackers will then provide decryption software to release the computers from captivity . The SamSam malware doesn ’ t take the typical route of installing itself on computers when unsuspecting owners click a link within an email . Instead , hackers findVulnerability-related.DiscoverVulnerabilityunpatched vulnerabilities in network servers and manually unleash SamSam to seize key data systems and cause maximum damage to the company ’ s infrastructure . SamSam is one of many in a family of ransomware targeting government and healthcare organizations . It was first observed in 2015 and encrypts various file types using the Advanced Encryption Standard ( aka Rijndael ) . It then encrypts that key with RSA 2048-bit encryption to make the files utterly unrecoverable . As of Friday morning , Atlanta ’ s main website and its affiliated portals remained unaffected by the ransomware attackAttack.Ransom.
The city has spent the past two weeks restoring online services disruptedAttack.Ransomby ransomware that held encrypted data hostage . Soon after Atlanta City Auditor Amanda Noble logged onto her work computer the morning of March 22 , she knew something was wrong . The icons on her desktop looked different—in some cases replaced with black rectangles—and she noticed many of the files on her desktop had been renamed with “ weapologize ” or “ imsorry ” extensions . Noble called the city ’ s chief information security officer to report the problem and left a message . Next , she called the help desk and was put on hold for a while . “ At that point , I realized that I wasn ’ t the only one in the office with computer problems , ” Noble says . Those computer problems were part of a high-profile “ransomware” cyberattackAttack.Ransomon the City of Atlanta that has lasted nearly two weeks and has yet to be fully resolved . During that time the metropolis has struggled to recover encrypted data on employees ’ computers and restore services on the municipal Web site . The criminals initially gave the city seven days to payAttack.Ransomabout $ 51,000 in the cryptocurrency bitcoin to get the decryption key for their data . That deadline came and went last week , yet several services remain offline , suggesting the city likely did not pay the ransomAttack.Ransom. City officials would not comment on the matter when contacted by Scientific American . The Department of Watershed Management , for example , still can not accept online or telephone payments for water and sewage bills , nor can the Department of Finance issue business licenses through its Web page . The Atlanta Municipal Court has been unable to process ticket payments either online or in person due to the outage and has had to reschedule some of its hearings . The city took down two of its online services voluntarily as a security precaution : the Hartsfield–Jackson Atlanta International Airport wi-fi network and the ability to process service requests via the city ’ s 311 Web site portal , according to Anne Torres , Atlanta ’ s director of communications . Both are now back online , with airport wi-fi restored Tuesday morning . The ransomware used to attack Atlanta is called SamSam . Like most malicious software it typically enters computer networks through software whose security protections have not been updated . When attackers findVulnerability-related.DiscoverVulnerabilityvulnerabilities in a network , they use the ransomware to encrypt files there and demand paymentAttack.Ransomto unlock them . Earlier this year attackers used a derivative of SamSam to lock up files at Hancock Regional Hospital in Greenfield , Ind . The health care institution paidAttack.Ransomnearly $ 50,000 to retrieve patient data . “ The SamSam ransomware used to attackAttack.RansomAtlanta is interesting because it gets into a network and spreads to multiple computers before locking them up , ” says Jake Williams , founder of computer security firm Rendition Infosec . “ The victim then has greater incentive to pay a larger ransomAttack.Ransomin order to regain control of that network of locked computers. ” The city ’ s technology department—Atlanta Information Management ( AIM ) —contacted local law enforcement , along with the FBI , Department of Homeland Security , Secret Service and independent forensic experts to help assess the damage and investigate the attack . The attackers set upAttack.Ransoman online payment portal for the city but soon took the site offline after a local television station published a screen shot of the ransom note , which included a link to the bitcoin wallet meant to collect the ransomAttack.Ransom. Several clues indicate Atlanta likely did not payAttack.Ransomthe attackers , Williams says . “ Ransomware gangs typically cut off communications once their victims get law enforcement involved , ” he says . “ Atlanta made it clear at a press conference soon after the malware was detected ” that they had done so . The length of time it has taken to slowly bring services back online also suggests the cyber criminals abandoned Atlanta without decrypting the city ’ s files , Williams says . “ If that ’ s the case , the city ’ s IT staff spent the past week rebuilding Atlanta ’ s online systems using backed-up data that had not been hitAttack.Ransomby the ransomware , ” he says , adding that any data not backed up is likely “ lost for good. ” “ If the city had paid the ransomAttack.Ransom, I would have expected them to bring up systems more quickly than they have done , ” says Justin Cappos , a professor of computer science and engineering at New York University ’ s Tandon School of Engineering . “ Assuming the city did not pay the ransomAttack.Ransom, their ability to recover their systems at all shows that they at least did a good job backing up their data . ”
Virgin Media has – perhaps rather belatedly – fixedVulnerability-related.PatchVulnerabilitya series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reportedVulnerability-related.DiscoverVulnerabilitymore than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to findVulnerability-related.DiscoverVulnerabilitya remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to findVulnerability-related.DiscoverVulnerabilitymultiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Virgin Media in March 2017 , but says they weren't fixedVulnerability-related.PatchVulnerabilityuntil the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues describedVulnerability-related.DiscoverVulnerabilityby NCC have been fixedVulnerability-related.PatchVulnerability, ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled outVulnerability-related.PatchVulnerabilityin August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .
Virgin Media has – perhaps rather belatedly – fixedVulnerability-related.PatchVulnerabilitya series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reportedVulnerability-related.DiscoverVulnerabilitymore than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to findVulnerability-related.DiscoverVulnerabilitya remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to findVulnerability-related.DiscoverVulnerabilitymultiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Virgin Media in March 2017 , but says they weren't fixedVulnerability-related.PatchVulnerabilityuntil the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues describedVulnerability-related.DiscoverVulnerabilityby NCC have been fixedVulnerability-related.PatchVulnerability, ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled outVulnerability-related.PatchVulnerabilityin August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .
It ’ s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paidAttack.Ransom. Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to stealAttack.Ransommore than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware ’ s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message “ You Hacked ” at public transit ticket kiosks . The city ’ s light rail was hit by ransomware that forced them to offerAttack.Ransomfree rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hitAttack.Ransomhealthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid upAttack.Ransomor recovered files . The New Jersey Spine Center and Marin Healthcare District were attackedAttack.Ransomby Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California ’ s Hollywood Presbyterian Medical Center , The University of Southern California ’ s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King ’ s Daughter ’ s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year ’ s predictions , I forecast that you ’ ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms – like the examples mentioned above – exploitedVulnerability-related.DiscoverVulnerabilitynetwork software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven ’ t seen many wildly successful network worms lately , they ’ re still a threat . All it takes is for one black hat to findVulnerability-related.DiscoverVulnerabilitya new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealingAttack.Databreacha computer ’ s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there ’ s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you ’ ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup – Sure , I know most people just want to prevent ransomware , but you ’ ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don ’ t already backup your important data , ransomware is the best reason yet to do so . Patch your software – There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixedVulnerability-related.PatchVulnerabilitya huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to dateVulnerability-related.PatchVulnerability, you won ’ t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patchedVulnerability-related.PatchVulnerability. Implement Killchain Defense – You won ’ t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass
To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known asVulnerability-related.DiscoverVulnerabilityCVE-2017-0199 . The bug was unusually dangerous but of a common genre : it was in Microsoft software , could allow a hacker to seize control of a personal computer with little trace , and was fixedVulnerability-related.PatchVulnerabilityApril 11 in Microsoft ’ s regular monthly security update . But it had traveled a rocky , nine-month journey from discovery to resolution , which cyber security experts say is an unusually long time . Google ’ s security researchers , for example , give vendors just 90 days’ warningVulnerability-related.DiscoverVulnerabilitybefore publishingVulnerability-related.DiscoverVulnerabilityflaws they findVulnerability-related.DiscoverVulnerability. Microsoft Corp ( MSFT.O ) declined to say how long it usually takes to patchVulnerability-related.PatchVulnerabilitya flaw . While Microsoft investigated , hackers foundVulnerability-related.DiscoverVulnerabilitythe flaw and manipulated the software to spy on unknown Russian speakers , possibly in Ukraine . And a group of thieves used it to bolster their efforts to stealAttack.Databreachfrom millions of online bank accounts in Australia and other countries . Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code . Microsoft confirmed the sequence of events . The tale began last July , when Ryan Hanson , a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise , foundVulnerability-related.DiscoverVulnerabilitya weakness in the way that Microsoft Word processes documents from another format . That allowed him to insert a link to a malicious program that would take control of a computer . The company often pays a modest bounty of a few thousands dollars for the identification of security risks . Soon after that point six months ago , Microsoft could have fixedVulnerability-related.PatchVulnerabilitythe problem , the company acknowledgedVulnerability-related.DiscoverVulnerability. But it was not that simple . A quick change in the settings on Word by customers would do the trick , but if Microsoft notifiedVulnerability-related.DiscoverVulnerabilitycustomers about the bug and the recommended changesVulnerability-related.PatchVulnerability, it would also be telling hackers about how to break in . Alternatively , Microsoft could have createdVulnerability-related.PatchVulnerabilitya patch that would be distributedVulnerability-related.PatchVulnerabilityas part of its monthly software updates . But the company did not patch immediatelyVulnerability-related.PatchVulnerabilityand instead dug deeper . It was not aware that anyone was using Hanson ’ s method , and it wanted to be sure it had a comprehensive solution . “ We performedVulnerability-related.PatchVulnerabilityan investigation to identify other potentially similar methods and ensure that our fix addresses [ sic ] more than just the issue reported , ” Microsoft said through a spokesman , who answered emailed questions on the condition of anonymity . “ This was a complex investigation. ” Hanson declined interview requests . The saga shows that Microsoft ’ s progress on security issues , as well as that of the software industry as a whole , remains uneven in an era when the stakes are growing dramatically . Finally , on the Tuesday , about six months after hearing from Hanson , Microsoft madeVulnerability-related.PatchVulnerabilitythe patch availableVulnerability-related.PatchVulnerability. As always , some computer owners are lagging behind and have not installed it . Ben-Gurion University employees in Israel were hacked , after the patch , by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals , said Michael Gorelik , vice president of cyber security firm Morphisec . When Microsoft patchedVulnerability-related.PatchVulnerability, it thanked Hanson , a FireEye researcher and its own staff . A six-month delay is bad but not unheard of , said Marten Mickos , chief executive of HackerOne , which coordinates patching efforts between researchers and vendors . “ Normal fixing times are a matter of weeks , ” Mickos said . Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to makeVulnerability-related.PatchVulnerabilityfixes before publishing researchVulnerability-related.DiscoverVulnerabilitywhen appropriate , and that it “ materially followed ” that practice in this case . If the patchingVulnerability-related.PatchVulnerabilitytook time , others who learned of the flaw moved quickly . On the final weekend before the patch , the criminals could have sold it along to the Dridex hackers , or the original makers could have cashed in a third time , Hultquist said , effectively staging a last clearance sale before it lost peak effectiveness . It is unclear how many people were ultimately infected or how much money was stolen .
Hackers are likely exploiting the easy-to-find vulnerabilities , according to the security researcher who warnedVulnerability-related.DiscoverVulnerabilitythe Pentagon of the flaws months ago . The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department 's systems to make it look as though it originated from US networks . Dan Tentler , founder of cybersecurity firm Phobos Group , who discoveredVulnerability-related.DiscoverVulnerabilitythe vulnerable hosts , warnedVulnerability-related.DiscoverVulnerabilitythe flaws are so easy to findVulnerability-related.DiscoverVulnerabilitythat he believes he was probably not the first person to findVulnerability-related.DiscoverVulnerabilitythem . `` It 's very likely that these servers are being exploited in the wild , '' he told me on the phone . While the Pentagon is said to be awareVulnerability-related.DiscoverVulnerabilityof the vulnerable servers , it has yet to implement any fixesVulnerability-related.PatchVulnerability-- more than eight months after the department was alertedVulnerability-related.DiscoverVulnerability. It 's a unique case that casts doubts on the effectiveness of the Trump administration 's anticipated executive order on cybersecurity , which aims to review all federal systems of security issues and vulnerabilities over a 60-day period . The draft order was leakedAttack.Databreachlast week , but it was abruptly pulled minutes before it was expected to be signed on Tuesday . Tentler , a critic of the plans , argued that the draft plans are `` just not feasible . '' `` It 's laughable that an order like this was drafted in the first place because it demonstrates a complete lack of understanding what the existing problems are , '' he said . `` The order will effectively demand a vulnerability assessment on the entire government , and they want it in 60 days ? It 's been months -- and they still have n't fixed it , '' he said . In the past year , the Pentagon became the first government department to ease up on computer hacking laws by allowing researchers to find and report bugs and flaws in systems in exchange for financial rewards . Trump aides ' use of encrypted messaging may violate records law Using disappearing messages in government could be a `` recipe for corruption , '' says one expert . Researchers must limit their testing to two domains -- `` defense.gov '' ( and its subdomains ) and any `` .mil '' subdomain . In an effort to pare down the list of hosts from `` all public Department of Defense hosts '' to `` only the ones in scope , '' Tentler was able to identify several hosts that answered to the domain names in scope . `` There were hosts that were discoveredVulnerability-related.DiscoverVulnerabilitythat had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country , who could want to implicate the US as culprits in hacking attacks if they so desire , '' he told me . `` The flaw could allow politically motivated attacks that could implicate the US , '' he added . In other words , a foreign hacker or nation-state attacker could launch a cyberattack and make it look like it came from the Pentagon 's systems . Tentler argued that the hosts were covered by the scope of the wildcard domains . A Pentagon spokesperson confirmed Tuesday that the vulnerabilities had been fixedVulnerability-related.PatchVulnerability, and encouraged researchers to continue to submitVulnerability-related.DiscoverVulnerabilitybugs and vulnerabilities , which are covered under the Pentagon 's vulnerability disclosure policy .
Popular security products such as anti-viruses and middleboxes put customers at risk through poor transport layer security ( TLS ) interception implementations , researchers have foundVulnerability-related.DiscoverVulnerability. A group of researchers from United States universities as well as tech companies Google , Mozilla , and Cloudflare tested middleboxes - which act as network proxies for traffic analysis and content filtering - from A10 , Blue Coat , Barracuda , CheckPoint , Cisco , Fortinet , Juniper , Microsoft , Sophos , Untangle , and WebTitan . All but the BlueCoat device weakened connection security and introducedVulnerability-related.DiscoverVulnerabilityTLS vulnerabilities such as Logjam , weak export and RC4 ciphers , or did n't validate digital certificates properly . The researchers also tested [ pdf ] 29 anti-viruses , and foundVulnerability-related.DiscoverVulnerability13 would intercept TLS connections . Only Avast versions 10 and 11 for Windows did not reduce TLS connection security . Interception of TLS connections involves security products injecting their own certificates in web browsers or devices in organisation networks . This alllows them to terminate TLS connections , decrypt the traffic so as to look for malicious or disallowed content , and then re-initiate the TLS connection after analysis is complete . Such interception is increasingly prevalent , the researchers said , meaning the security community is working at cross purposes - the attempts to detect and block harmful traffic dramatically reduces connection security , the researchers said . `` Many of the vulnerabilities we findVulnerability-related.DiscoverVulnerabilityin anti-virus products and corporate middleboxes — such as failing to validate certificates and advertising broken ciphers — are negligent and another data point in a worrying trend of security products worsening security rather than improving it , '' they wrote . Compounding the problem , the researchers noted that while it was possible to adjust middlebox settings in many cases to avoid them degrading TLS security , their configuration was `` confusing , oftentimes with little or no documentation '' . `` We note that the installation process for many of these proxies is convoluted , crash-prone , and at times , non-deterministic , '' they said . Testing middleboxes with services such as Qualys SSL Labs , How 's My SSL , and Bad SSL is a must for administrators , the researchers said . There is no good reason for anti-virus vendors to intercept TLS since their software operates locally and already has access to the file system , browser memory , and any content loaded over HTTPS , they claimed . The researchers disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities in the security products to vendors , but said the reception to the reports varied greatly . `` In many cases , we received no response and in other cases , we were unable to convince manufacturers that TLS vulnerabilities such as Logjam required patchingVulnerability-related.PatchVulnerability, '' they wrote .
Networked printers for years have left gaping holes in home and office network security . Today , experts continue to findVulnerability-related.DiscoverVulnerabilityflaws in popular laser printers , which are putting businesses at risk . Experts at the University Alliance Ruhr recently announcedVulnerability-related.DiscoverVulnerabilityvulnerabilities in laser printers from manufacturers including Dell , HP , Lexmark , Samsung , Brother , and Konica . The flaws could permit print docs to be captured , allow buffer overflow exploits , disclose passwords , or cause printer damage . Up to 60,000 currently deployed printers could be vulnerableVulnerability-related.DiscoverVulnerability, they estimate . When unprotected , printers expose users to several types of attacks , says Jeremiah Grossman , chief of security strategy at SentinelOne . Hackers can use vulnerabilities to capture old printer logs , which may contain sensitive information . They may also use these flaws to establish their foothold in a networked device and move laterally throughout the organization to gather data . Some attackers want to wreak havoc outside a single business . With networked printers under their control , a cybercriminal may use one company 's bandwidth to perform DDoS attacks on other organizations and individuals around the world . These examples are among the many types of damage that will continue to threaten security as part of the growing Internet of Things , Grossman predicts . `` Most of the time , printers are not going to be terribly different from any IoT device , '' he explains . Hackers who findVulnerability-related.DiscoverVulnerabilityvulnerabilities in the web interface can take over , as they could for any device connected to the network . The difference , of course , is printers have been around far longer than most IoT products . This presents a market failure that will be difficult to correct because patches wo n't be made availableVulnerability-related.PatchVulnerability. Even when they are , devices wo n't be patchedVulnerability-related.PatchVulnerabilityoften . Right now the easiest vectors include web hacking and email attacks , but they will move to IoT as computers and operating systems get more secure . Printers are low-hanging fruit , he says , and easier to target . He also recommends isolating printers on local networks , separate from PCs , and disabling out-of-network communication so even if they 're hacked , printers ca n't interact with adversaries outside the organization . Wingate suggests adopting the same baseline security practices businesses employ for computers ; for example , periodically update passwords so sensitive content is n't left in the open for people to steal . He also recommends intrusion detection , another practice people use for their PCs but do n't frequently employ on printers .
Networked printers for years have left gaping holes in home and office network security . Today , experts continue to findVulnerability-related.DiscoverVulnerabilityflaws in popular laser printers , which are putting businesses at risk . Experts at the University Alliance Ruhr recently announcedVulnerability-related.DiscoverVulnerabilityvulnerabilities in laser printers from manufacturers including Dell , HP , Lexmark , Samsung , Brother , and Konica . The flaws could permit print docs to be captured , allow buffer overflow exploits , disclose passwords , or cause printer damage . Up to 60,000 currently deployed printers could be vulnerableVulnerability-related.DiscoverVulnerability, they estimate . When unprotected , printers expose users to several types of attacks , says Jeremiah Grossman , chief of security strategy at SentinelOne . Hackers can use vulnerabilities to capture old printer logs , which may contain sensitive information . They may also use these flaws to establish their foothold in a networked device and move laterally throughout the organization to gather data . Some attackers want to wreak havoc outside a single business . With networked printers under their control , a cybercriminal may use one company 's bandwidth to perform DDoS attacks on other organizations and individuals around the world . These examples are among the many types of damage that will continue to threaten security as part of the growing Internet of Things , Grossman predicts . `` Most of the time , printers are not going to be terribly different from any IoT device , '' he explains . Hackers who findVulnerability-related.DiscoverVulnerabilityvulnerabilities in the web interface can take over , as they could for any device connected to the network . The difference , of course , is printers have been around far longer than most IoT products . This presents a market failure that will be difficult to correct because patches wo n't be made availableVulnerability-related.PatchVulnerability. Even when they are , devices wo n't be patchedVulnerability-related.PatchVulnerabilityoften . Right now the easiest vectors include web hacking and email attacks , but they will move to IoT as computers and operating systems get more secure . Printers are low-hanging fruit , he says , and easier to target . He also recommends isolating printers on local networks , separate from PCs , and disabling out-of-network communication so even if they 're hacked , printers ca n't interact with adversaries outside the organization . Wingate suggests adopting the same baseline security practices businesses employ for computers ; for example , periodically update passwords so sensitive content is n't left in the open for people to steal . He also recommends intrusion detection , another practice people use for their PCs but do n't frequently employ on printers .