Monthly Archives: March 2019

Accenture reports revenues of $10.5 billion

Accenture reported financial results for the second quarter of fiscal 2019, ended Feb. 28, 2019, with revenues of $10.5 billion, an increase of 5 percent in U.S. dollars and 9 percent in local currency over the same period last year.

Diluted earnings per share were $1.73, compared with $1.37 for the second quarter last year, which included a $0.21 charge related to U.S. tax law changes.

Diluted EPS for the second quarter of fiscal 2019 increased 9 percent from adjusted diluted EPS of $1.58 in the same period last year.

Operating income was $1.39 billion, a 7 percent increase over the same period last year, and operating margin was 13.3 percent, an expansion of 20 basis points.

New bookings for the quarter were $11.8 billion, with consulting bookings of $6.7 billion and outsourcing bookings of $5.1 billion.

David Rowland, Accenture’s interim chief executive officer, said, “We delivered outstanding financial results for the second quarter. I am particularly pleased with our record new bookings of $11.8 billion and revenue growth of 9 percent in local currency, which reflect significant market share gains. In addition, we delivered very strong profitability while generating excellent free cash flow.”

“The durability of our performance reflects the power of our highly differentiated growth strategy — from our leadership position in the New, to our rapidly growing business in Intelligent Platform Services, to our relentless focus on leading with innovation. With the successful execution of our strategy, combined with the disciplined management of our business, we are very well-positioned to continue growing ahead of the market and delivering significant value for clients and shareholders.”

from Help Net Security – News http://bit.ly/2TLJL9B
via IFTTT

Week in review: Employee cybersecurity essentials, ASUS attack, lessons learned from crypto hacks

Here’s an overview of some of last week’s most interesting news and articles:

Attackers compromised ASUS to deliver backdoored software updates
Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers. A few days after the revelation (by Kaspersky Lab researchers) ASUS confirmed the compromise and released a clean version of Live Update software.

Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports
In 2018, SonicWall recorded the decline of cryptojacking, but more ransomware, highly targeted phishing, web application attacks and encrypted attacks.

Employee cybersecurity essentials part 1: Passwords and phishing
Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn’t mean you’re not at risk for a breach, or that – as an employee, that you’re not putting your company at risk.

What worries you the most when responding to a cybersecurity incident?
The clock starts ticking immediately following a cybersecurity incident with the first 24 hours vital in terms of incident response.

Lessons learned from the many crypto hacks
The one poignant lesson that crypto investors globally have learned over the years is that despite the immutable, impenetrable nature of the technology behind cryptocurrencies and blockchain, their crypto investments and transactions are not secure.

Apple fixed some interesting bugs in iOS and macOS
In addition to announcing a number of new products and subscription services, Apple has released security updates for iOS, macOS, Safari, tvOS, iTunes, iCloud, and Xcode.

61% of CIOs believe employees leak data maliciously
There is a perception gap between IT leaders and employees over the likelihood of insider breaches. It is a major challenge for businesses: insider data breaches are viewed as frequent and damaging occurrences, of concern to 95% of IT leaders, yet the vectors for those breaches – employees – are either unaware of, or unwilling to admit, their responsibility.

Identify web application vulnerabilities and prioritize fixes with Netsparker
In this Help Net Security podcast, Ferruh Mavituna, CEO at Netsparker, talks about web application security and how Netsparker is helping businesses of any size keep their web applications secure.

When it comes to file sharing, the cloud has very few downsides
Organizations storing data and documents they work on in the cloud is a regular occurrence these days. The cloud offers scalability in terms of storage and cloud services often provide helpful folder- and file-sharing capabilities and content control measures.

Consumers willing to dump apps that collect private data, but can’t tell which are doing so
Two in three consumers are willing to dump data-collecting apps if the information collected is unrelated to the app’s function, or unless they receive real value – such as that derived through email or browsers.

How to build an effective vulnerability management program
The concept of vulnerability management has undergone a number of changes in the last few years. It is no longer simply a synonym for vulnerability assessment, but has grown to include vulnerability prioritization, remediation and reporting.

Weighing the options: The role of cyber insurance in ransomware attacks
When companies become victims of a ransomware event, it may be tempting for them to simply pay the ransom and move on. But for organizations who hold a cyber insurance policy, other factors must be analyzed to determine what comes next.

Cybercriminals are increasingly using encryption to conceal and launch attacks
In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses on SSL/TLS based threats.

The ransomware attack cost Norsk Hydro $40 million so far
A little over a week after the beginning of the ransomware attack targeting Norsk Hydro, the company has estimated that the costs it incurred because of it have reached 300-350 million Norwegian crowns ($35-41 million).

Cisco botched patches for its RV320/RV325 routers
Cisco RV320 and RV325 WAN VPN routers are still vulnerable to attack through two flaws that Cisco had supposedly patched.

Serverless, shadow APIs and Denial of Wallet attacks
In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise security leaders are having to tackle.

2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise
Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack, according to WatchGuard Technologies latest Internet Security Report for the last quarter of 2018.

Secure workloads without slowing down your DevOps flows
In this Help Net Security podcast recorded at RSA Conference 2019, David Meltzer, CTO at Tripwire, and Lamar Bailey, Senior Director of Security Research at Tripwire, discuss the challenges of securing DevOps.

Third-party cyber risk management is a burden on human and financial resources
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective.

Build-time security: Block risk and security issues from production rings
Build-time security has become a standard part of any security program and continues to grow in popularity with the shift left movement. In its most popular form, it’s a series of checks that take place as code makes its way from a developer’s laptop into production to ensure that the code is free from known vulnerabilities.

New infosec products of the week: March 29, 2019
A rundown of infosec products released last week.

from Help Net Security – News http://bit.ly/2uCCyyE
via IFTTT

Annual Protest Raises $250K to Cure Krebs

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive, a now-defunct cryptocurrency mining service that was massively abused by cybercriminals. Krebs is translated as “cancer” in German.

Images posted to the decidedly not-safe-for-work German-language image forum pr0gramm[.]com. Members have posted thousands of thank you receipts from cancer research organizations that benefited from their fight cancer/krebs campaign.

On March 26, 2018, KrebsOnSecurity published Who and What is Coinhive, which showed the founder of Coinhive was the co-creator of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work).  I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespread abuse of its platform.

Pr0gramm’s top members accused KrebsOnSecurity of violating their privacy, even though all of the research published about them was publicly available online. In protest, the forum’s leaders urged members to donate money to medical research in a bid to find a cure for Krebs (i.e. “cancer”).

All told, thousands of Pr0gramm’s members donated more than USD $250,000 to cancer cure efforts within days of that March 2018 story. This week, the Pr0gramm administrators rallied members to commemorate that successful fundraiser with yet another.

“As announced there will be a donation marathon at anniversary day of Krebsaction,” Pr0gramm’s administrators announced. “Today, March 27th, we’re firing the starting shot for the marathon. Please tag your donation bills properly if they shall be accounted. The official tag is ‘krebsspende.’

According to a running tally on Pr0gramm’s site, this year’s campaign has raised 252,000 euros for cancer research so far, or about USD $284,000. That brings the total that Pr0gramm members have donated to cancer research to more than a half-million dollars.

As a bonus, Coinhive announced last month that it was shutting down, citing a perfect storm of negative circumstances. Coinhive had made structural changes to its systems following my 2018 story so that it would no longer profit from accounts used on hacked Web sites. Perhaps more importantly, the value of the cryptocurrency Coinhive’s code helped to mine dropped precipitously over the past year.

from Krebs on Security http://bit.ly/2I1p2fS
via IFTTT

Man Behind Fatal ‘Swatting’ Gets 20 Years

Tyler Barriss, a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison.

Tyler Barriss, in an undated selfie.

Barriss has admitted to his role in the Kansas man’s death, as well as to dozens of other non-fatal “swatting” attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompting a heavily-armed police response to the location of the claimed incident.

On Dec. 28, 2017, Barriss placed a call from California to police in Wichita, Kan., claiming that he was a local resident who’d just shot his father and was holding other family members hostage.

When Wichita officers responded to the address given by the caller — 1033 W. McCormick — they shot and killed 28-year-old Andrew Finch, a father of two who had done nothing wrong.

Barriss admitted setting that fatal swatting in motion after getting in the middle of a dispute between two Call of Duty online gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita. Viner and Gaskill are awaiting their own trials in connection with Finch’s death.

Barriss pleaded guilty to making hoax bomb threats in phone calls to the headquarters of the FBI and the Federal Communications Commission in Washington, D.C. He also made bomb threat and swatting calls from Los Angeles to emergency numbers in Ohio, New Hampshire, Nevada, Massachusetts, Illinois, Utah, Virginia, Texas, Arizona, Missouri, Maine, Pennsylvania, New Mexico, New York, Michigan, Florida and Canada.

“I hope that this prosecution and lengthy sentence sends a strong message that will put an end to the juvenile and reckless practice of ‘swatting’ within the gaming community, as well as in any other context,” said Kansas U.S. Attorney Stephen McAllister said in a written statement. “Swatting is just a terrible idea. I also hope that today’s result helps bring some peace to the Finch family and some closure to the Wichita community.”

Many readers have commented here that the officer who fired the shot which killed Andrew Finch should also face prosecution. However, the district attorney for the county that encompasses Wichita decided in April 2018 that the officer will not face charges, and will not be named because he isn’t being charged with a crime.

As the victim of a swatting attack in 2013 and two other attempted swattings, I’m glad to finally see a swatting prosecution that may actually serve as a deterrent to this idiotic and extremely dangerous crime going forward.

But as I’ve observed in previous stories about swatting attacks, it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

For example, perpetrators of swatting often call non-emergency numbers at state and local police departments to carry out their crimes precisely because they are not local to the region and cannot reach the target’s police department by calling 911. This is exactly what Tyler Barriss did in the Wichita case and others. Swatters also often use text-to-speech (TTY) services for the hearing impaired to relay hoax swat calls, as was the case with my 2013 swatting.

from Krebs on Security http://bit.ly/2JQnGaq
via IFTTT

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Some 2.1 million+ credit and debit card accounts stolen from dozens of Earl Enterprises restaurant locations went up for sale on a popular carding forum on Feb. 20, 2019.

In a statement posted to its Web site today, Orlando, Fla. based hospitality firm Earl Enterprises said a data breach involving malware installed on its point-of-sale systems allowed cyber thieves to steal card details from customers between May 23, 2018 and March 18, 2019.

Earl Enterprises did not respond to requests for specifics about how many customers total may have been impacted by the 10-month breach. The company’s statement directs concerned customers to an online tool that allows one to look up breached locations by city and state.

According to an analysis of that page, it appears the breach impacts virtually all 67 Buca di Beppo locations in the United States; a handful out of the total 31 Earl of Sandwich locations; and Planet Hollywood locations in Las Vegas, New York City and Orlando. Also impacted were Tequila Taqueria in Las Vegas; Chicken Guy! in Disney Springs, Fla.; and Mixology in Los Angeles.

KrebsOnsecurity contacted the executive team at Buca di Beppo in late February after determining most of this restaurant’s locations were likely involved a data breach that first surfaced on Joker’s Stash, an underground shop that sells huge new batches of freshly-stolen credit and debit cards on a regular basis.

Joker’s Stash typically organizes different batches of stolen cards around a codename tied to a specific merchant breach. This naming convention allows criminals who purchased cards from a specific batch and found success using those cards fraudulently to buy from the same batch again when future cards stolen from the same breached merchant are posted for sale.

While a given batch’s nickname usually has little relation to the breached merchant, Joker’s Stash does offer a number of search options for customers that can sometimes be used to trace a large batch of stolen cards back to a specific merchant.

This is especially true if the victim merchant has a number of store locations in multiple smaller U.S. towns. That’s because while Joker’s Stash makes its stolen cards searchable via a variety of qualities — the card-issuing bank or expiration date, for example — perhaps the most useful in this case is the city or ZIP code tied to each card.

As with a number of other carding sites, Joker’s Stash indexes cards by the city and/or ZIP code of the store from which the card was stolen (not the ZIP code of the affected cardholders).

On Feb. 20, Joker’s Stash moved a new batch of some 2.15 million stolen cards that it dubbed the “Davinci Breach.” An analysis of the cities and towns listed among the Davinci cards for sale included a number of hacked store locations that were not in major cities, such as Burnsville, Minn., Levonia, Mich., Midvale, Utah, Norwood, Ohio, and Wheeling, Ill.

Earl Enterprises said in its statement the malicious software installed at affected stores captured payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder names. The company says online orders were not affected.

Malicious hackers typically steal card data from organizations by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic stripe. Thieves can use that data to clone the cards and then use the counterfeits to buy high-priced merchandise from electronics stores and big box retailers.

Cardholders are not responsible for fraudulent charges, but your bank isn’t always going to detect card fraud. That’s why it’s important to regularly review your monthly statements and quickly report any unauthorized charges.

from Krebs on Security http://bit.ly/2OxzNI6
via IFTTT