What is Amazon Chime?

Amazon Chime is a new communication service by Amazon that supports video conferencing, calls, chat, and the sharing of content.

The product is available for devices running Windows and Mac OS X, and for the mobile operating systems Android and iOS, and as an online version that you can use device-independent.

Data is automatically synced regardless of device that you are using to access Amazon Chime.

Amazon users may sign in to the application using their account, or separate their Amazon shopping account from Amazon Chime if they prefer to do so.

It is furthermore possible to join meetings without an account by entering the meeting ID in the Amazon Chime application.

amazon chime

Amazon Chime is on AWS. Amazon notes that content — messages, voice, video and other data — is encrypted using AES 256-bit encryption.

Amazon Chime Features

As far as features are concerned, there are plenty available right now:

  • Online Meetings — Create or join online meetings from any supported device or the online version. The interface highlights the participants, and anyone has options to mute noise. Meetings can be locked so that only authenticated users may join.
  • Video Conferencing — You may join video conferences with up to 16 people on the desktop, and up to 8 people on mobile devices. High quality audio and high definition video is supported.
  • Chat — Message people inside and outside your organization. Chime displays notifications when you receive new chat messages, and you may chat with individuals or with groups. The chat history is searchable, and synced across devices automatically.
  • Chat Rooms — You may create chat rooms in Amazon Chime to bring people together. This may be a chat room for a project group for instance. File sharing is supported, and the chat history is searchable and available on all devices as well.
  • File Sharing — You may use Chime to attach files to meetings, chats, or chat rooms.
  • Microsoft Active Directory — Chime supports Microsoft Active Directory to authenticate users. This means that employees may sign in using company usernames and passwords, and that policies for user credentials apply to Amazon Chime as well.
  • Administration — Chime offers an administration console that reveals usage reports, allows admins to add or remove users from subscriptions, and run support related tasks such as assigning meeting Pins.

Chime apps are supported on the following operating systems officially:

  • Microsoft Windows 7, Windows 8, and Windows 10
  • Apple Mac OS X, version 10.10 and above
  • Apple iOS, version 8.0 and above
  • Android, version 5.0 and above

Check out the getting started help page for information on making your first steps in Chime.

Amazon Chime Pricing

Amazon Chime offers three different plans. The Basic plan is free, while Plus and Pro are both subscription based.

Edition Basic Plus Pro
Calls & meetings
1:1 Video calls X X X
1:1 Voice calls X X X
Outlook plugin X X X
Screen sharing X X
Remote Desktop Control X X
Schedule and host meetings (attendees are always free) X
Record meetings X
Personalized meeting URLs X
Conference room video systems X
Join meetings using a standard phone line*
Maximum attendees 2 2 100
Chat
1:1 Chat  X  X  X
Chat rooms  X  X  X
IT Administration
User management  X  X
Usage reports  X  X
Active Directory integration  X  X
Message history 30 days Up to 1GB/user Up to 1GB/user

The free plan is limited to one on one chats, voice calls and video calls, and the message history is only kept for a maximum of 30 days.

Amazon Chime Plus is available for $2.50 per month per user. It adds screen sharing and remote desktop control to Chime, IT administrative features, and up to 1 Gigabyte of storage for a user’s message history.

Amazon Chime Pro can be tried for free for 30 days. Chime users may then subscribe to Plus or Pro plans, or use the free Basic plan instead.

Closing Words

Is Amazon Chime a Skype competitor? It surely looks like it is. There is a free version that should be sufficient for many home use scenarios, and two subscription versions for corporations who require more functionality.

Now You: What is your initial opinion of Amazon Chime?

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post What is Amazon Chime? appeared first on gHacks Technology News.

via https://ift.tt/2kOUOR4

Fileless Memory-Based Malware Plagues 140 Banks, Enterprises

Attackers have been using well-known, standard utilities to carry out attacks on organizations around the world, and covering their tracks by wiping their activity from the machine’s memory before its rebooted.

The attackers, who may be connected to the GCMAN and Carbanak groups, aren’t using signature-based malware to carry out their attackers, instead they’re using fileless malware hidden in the memory of the affected servers.

Researchers with Kaspersky Lab’s Global Research and Analysis Team described the attacks Wednesday in a blog post on Securelist.

More than 140 enterprises–primarily banks, government organizations, and telecommunications firms in 40 countries, including the U.S., France, and Ecuador–have been affected, according to Kaspersky.

Researchers uncovered the attacks after banks in the Commonwealth of Independent States found Meterpreter, an extensible payload component used by Metasploit, inside the physical memory of a domain controller. Researchers with Kaspersky Lab found the software had been combined with PowerShell scripts in order to invisibly siphon up the passwords of system administrators.

Once they got this information, the researchers claim the attackers essentially had remote access to the machines. They were also spotted using another legitimate utility, Microsoft’s command-line scripting utility NETSH, to funnel traffic from the victim’s host to the attacker’s command and control system.

Researchers believe attackers used Mimikatz, an open-source, post-exploit utility, to grab credentials for service accounts with admin privileges. After achieving admin privileges, they could use NETSH and another Microsoft utility, SC, and carry out the usage of malicious PowerShell scripts.

While researchers were able to determine the techniques used in the attacks; narrowing down who exactly carried them out is difficult given they were carried out with everyday tools and how skilled the attackers are at evading detection.

“The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware,” Sergey Golovanov, Principal Security Researcher at Kaspersky Lab said Wednesday.

“That is why memory forensics is becoming critical to the analysis of malware and its functions. In these particular incidents, the attackers used every conceivable anti-forensic technique; demonstrating how no malware files are needed for the successful exfiltration of data from a network, and how the use of legitimate and open source utilities makes attribution almost impossible.”

It’s unclear how victim enterprises had their servers hacked in the first place. According to researchers, the attackers used a known exploit for an unpatched vulnerability.

Golovanov and Igor Soumenkov, another researcher with the company’s GReAT team plan to present additional details around the operation – including a second part, how attackers extracted money from banks via ATMs – in April, at the Kaspersky Lab Security Analyst Summit.

While researchers claim they’re unsure who’s behind the attacks, they said their approaches do bear a resemblance to groups previously uncovered by Kaspersky Lab, such as GCMAN and Carbanak.

Like these attacks, GCMAN, a group the firm described at the Security Analyst Summit last year, used legitimate pen-testing tools, like Meterpreter, to target banks. Once inside a network, they pivoted, bouncing around from machine to machine until they could transfer money from a bank computer to e-currency services. Attackers managed in one instance to transfer $200 payments per minute to a money-mule account without the bank being any the wiser.

Details around the Carbanak gang, a group of attackers who purportedly stole $1 billion from 100 banks, emerged at the Security Analyst Summit in 2015. In that campaign attackers used a one-two punch of a spear-phishing email and a backdoor to manipulate access to banking networks and steal money.

Over the last few months the group has reemerged and been seen shifting its gears, in November 2016 it began targeting the hospitality and restaurant industry. Last month it was learned the group was using Google hosted services for its command and control channels.

via https://ift.tt/2kUmrbX

Metadefender Endpoint: Windows PC security scanner

Opswat Metadefender Endpoint is a free security scanner for computer systems running Microsoft’s Windows operating system.

The program checks settings, installed programs and security, and computes a score based on that. It furthermore provides you with options to remove potentially unwanted programs from the computer system.

You need to fill out a form on the Opswat website before downloads for Windows or Mac OS X become available. The information is not verified though, and download links are provided right after you enter the information and submit the form.

Note: The program will submit a report to the Opswat website. There you find listed information on critical issues, other issues, and information.

Metadefender Endpoint

metadefender endpoint

The application runs a scan automatically when it starts. It reveals the security score and the removable applications on the first page that you see when it is done scanning the system.

The score ranges from 0 to 100 points, and is based on points that Opswat Metadefender Endpoint  gives to each item it scans.

A click on the score opens these individual scores. The items it scans are: firewall, hard disk encryption, patch management, backup, public file sharing, antivirus, and anti-phishing.

security score

The scores are color coded to indicate perfect, medium and low scores. As you can see on the screenshot above, items are weighted differently.

Antivirus and anti-phishing make up 50 percent of the maximum score, while firewall and patch management only 15 percent.

You may click on any item to find out more about the score. The program lists applications that it detected, as well as information on what it discovered during the scan.

Not all scores may make sense. The system I tested Metadefender Endpoint on got a 10 out of 20 score in the backup category. The reason for that was that the program failed to score Veeam Endpoint Backup. It only scored Windows File History, something that was not used all that much on the particular device in the past.

The antivirus category had similar issues. It only detected Windows Defender, but not Malwarebytes Anti-Malware, or any of the other security programs installed on the device.

metedafender endpoint score

Move the mouse cursor over the information icon next to each item on the details page to display information on that particular item.

Some entries hold multiple programs that Metadefender Endpoint found during its security scan. The anti-phishing category for instance lists web browsers that are available on the system.

It is interesting to note that some score worse than others. Vivaldi, Google Chrome, Microsoft Edge and Opera for instance are listed with a score of 5 of 20, while Firefox and Internet Explorer with a score of 20 of 20.

Chrome’s and Edge’s phishing protections were turned off, that explained the scores, but the program failed to identify Vivaldi’s and Opera’s protective features properly.

You can right-click on the program icon and select "critical device issues to fix" to load the public page on the Opswat website that highlights the security issues that the program recommends to address first.

This includes issues that may not be mentioned in the program interface. It highlighted for instance that no lock screen timeout was set on that page.

App Remover

The App Remover section lists programs that are potentially unwanted. This includes high profile programs such as Google Drive, CCleaner, Google Chrome, Mozilla Firefox, or Windows Firewall Control.

It is interesting to note that qBittorrent, CCleaner and Google Drive were listed under potentially unwanted applications. I’m not sure how that classification came to be, but it is probably fair to say that most users would not classify those programs this way.

Closing Words

Metadefender Endpoint may point you in the right direction when it comes to security issues on your computer system. May, because it may also fail to identify a setup which may result in lower scores.

It is therefore advised to check all low score areas to make sure the program did not miss a solution installed on the system. (via Windows Club)

Now You: Which security programs or categories do you consider most important?

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Metadefender Endpoint: Windows PC security scanner appeared first on gHacks Technology News.

via https://ift.tt/2lyy5Hw

Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms

What’s the worst that could happen when a Ransomware hits a Hotel?

Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.

Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise.

Ransomware

is one of them.

The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars.

Now, the

Romantik Seehotel Jäegerwirt 4-Star Superior Hotel

has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests from entering or leaving their rooms.

The luxury hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria, like several other hotels in the industry, has a modern IT system that includes key cards for its hotel doors, which could not be programmed.

Also Read: This Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data

According to the hotel management, the hotel has been hit multiple times by hackers, but this time they managed to take down the entire key system, preventing its guests to getting in or going out of their rooms,

reported

The Local.

Besides gaining control of the electronic key system, the hackers even gained control over the general computer system, shutting down all hotel computers, including the reservation system and the cash desk system.

Once the hotel made the payment, the system was completely restored that allowed the hotel staff to gain access to the network and hotel guests to enter and exit their rooms.

What’s interesting? Even after the hotel fulfilled the hackers demand, the hackers left a backdoor to the hotel system in an attempt to conduct another cyber attack later.

Fortunately, the security standards of the hotel had been improved by its IT department, and critical networks had been separated to thwart the attack, giving attackers no chance to harm the hotel again.

Furious hotel managers decided to go public with the incident to warn others about the dangers of cyber attack, with Managing Director Christoph Brandstaetter said:

“The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case. 

The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found. 

Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly.”

The Ransomware had stolen the nights of many businesses and organizations, as they would often be blamed to fight up to this nasty threat.

Ransomware criminals often demand the ransom in Bitcoin (BTC) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.

The frequent payment to Ransomware encourages criminals to stash the cash and develop a more enticing framework for the next target. So, instead of paying or encouraging this scheme, keep your software and systems updated and avoid clicking suspicious links.

via https://ift.tt/2kfD6Xj

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected.

Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear models that potentially affects over one million Netgear customers.

The new vulnerability,

discovered

by Trustwave’s SpiderLabs researcher Simon Kenin, can allow remote hackers to obtain the admin password for the Netgear router through a flaw in the password recovery process.

Kenin discovered the flaw (

CVE-2017-5521

) when he was trying to access the management page of his Netgear router but had forgotten its password.

Exploiting the Bug to Take Full Access on Affected Routers

So, the researcher started looking for ways to hack his own router and found a couple of exploits from 2014 that he leveraged to discover this flaw which allowed him to query routers and retrieve their login credentials easily, giving him full access to the device.

But Kenin said the newly discovered flaw could be remotely exploited only if the router’s remote management option is enabled.

While the router vendor claims the remote management option is turned off on its routers by default, according to the researcher, there are “hundreds of thousands, if not over a million” routers left remotely accessible.

“The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on,” Kenin said. “However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public Wi-Fi spaces like cafés and libraries using the vulnerable equipment.”

If exploited by bad actors, the vulnerability that completely bypasses any password on a Netgear router could give hackers complete control of the affected router, including the ability to change its configuration, turn it into botnets or even upload entirely new firmware.

After trying out his flaw on a range of Netgear routers, Kenin was surprised to know that more than ten thousand vulnerable devices used the flawed firmware and can be accessed remotely.

He has also released an 

exploit code

 for testing purpose, written in Python.

List of Vulnerable NETGEAR Router Models

The SpiderLabs researcher stressed that the vulnerability is very serious as it affects a large number of Netgear router models. Here’s a list of affected Netgear routers:

  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400
  • C6300 (firmware released to ISPs)

Update the Firmware of your NETGEAR Router Now!

Kenin notified Netgear of the flaw, and the company confirmed the issue affects a large number of its products.

Netgear has

released

firmware updates for all of its affected routers, and users are strongly advised to upgrade their devices.

This is the second time in around two months when researchers have discovered flaws in Netgear routers. Just last month, the US-CERT advised users to

stop using Netgear’s R7000 and R6400

routers due to a serious bug that permitted command injection.

However, in an effort to make its product safe, Netgear recently partnered up with Bugcrowd to launch a

bug bounty program

that can earn researchers cash rewards of up to $15,000 for finding and responsibly reporting flaws in its hardware, APIs, and the mobile apps.

via https://ift.tt/2jOSCso

PCI SSC publishes best practices for securing e-commerce

Exponential online sales growth paired with the EMV chip migration in the US makes e-commerce payment security for merchants more important than ever before. As EMV chip technology continues to reduce face-to-face credit card fraud, the shift to e-commerce security becomes increasingly important to businesses large and small.

securing e-commerce

Best practices for securing e-commerce

To help merchants shore up their e-commerce platforms, the PCI Security Standards Council released Best Practices for Securing E-commerce. The information supplement will educate merchants on accepting payments securely online and is an update to existing guidance previously published in 2013.

Educating merchants

Securing the e-commerce environment continues to be critically important. A recent survey found that 66% of consumers claim they won’t purchase from an organization that has been breached.

The Best Practices for Securing E-commerce information supplement includes practical recommendations and case studies to help merchants identify the best solution for their specific cardholder data environment.

Guidance for third party e-commerce service providers

In addition to educating merchants, this latest resource from the Council also provides guidance for third party e-commerce service providers and assessors that support the ongoing security of e-commerce environments.

Following industry recommendations, in December 2015 the Council announced that all organizations that accept payment cards must use TLS 1.1 encryption or higher by June 2018. SSL/TLS encrypts a channel between two endpoints (for example, between a web browser and web server) to provide privacy and reliability of data transmitted over the communications channel.

To underline the importance of using an encrypted channel, Google announced that beginning in January 2017, the Chrome browser will warn users when a website doesn’t use HTTPS.

As there is still confusion in the industry regarding encryption and certificate selection, a large portion of the e-commerce supplement is dedicated to explaining SSL/TLS, with guidance on how to select a certificate authority, an outline of the different types of certificates and a list of potentials questions merchants can ask service providers regarding digital certificates and encryption.

“Our community of members boasts a wealth of payment security knowledge to protect e-commerce transactions all over the world,” said Troy Leach, Chief Technology Officer for the Council. “This information supplement is a testament to their collaboration and willingness to share their experience with others and provides easy to understand examples of e-commerce scenarios along with best practices to secure cardholder data and meet PCI DSS requirements. Their engagement on Council efforts like this paper, the Small Merchant Task Force, and other resource guides help educate merchants on how to make better business decisions to secure cardholder data. Our aim is to make cardholder data more secure in the most sensible way possible.”

via https://ift.tt/2kTUBxo

Google Adds Security Key Enforcement to G Suite Apps, Hosted S/MIME to Gmail

Google on Wednesday pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite.

Admins inside enterprises managing deployments of the suite of cloud-based productivity apps, formerly known as Google Apps, can now enable two-step verification using Security Keys as a second factor.

Related Posts

February 1, 2017 , 3:08 pm

February 1, 2017 , 2:50 pm

February 1, 2017 , 9:40 am

Security Keys are physical USB tokens that can be configured to cryptographically verify a user at login.

Google also announced the availability of a hosted S/MIME service extending encryption capabilities on Gmail beyond TLS.

“TLS only guarantees to the sender’s service that the first hop transmission is encrypted and to the recipient that the last hop was encrypted. But in practice, emails often take many hops (through forwarders, mailing lists, relays, appliances, etc),” Google said. “With hosted S/MIME, the message itself is encrypted. This facilitates secure transit all the way down to the recipient’s mailbox.”

Google said the availability of S/MIME adds account-level signature authentication, which is unlike DKIM, which provides only domain-based authentication.

“This means that email receivers can ensure that incoming email is actually from the sending account, not just a matching domain, and that the message has not been tampered with after it was sent,” Google said.

On both fronts, Google is providing users additional identity verification and authentication. With Security Keys, which Google has supported since 2014, Google is positioning this support as enhanced protection against phishing.

“Instead of entering a unique code as a second factor at sign-in, Security Keys send us cryptographic proof that users are on a legitimate Google site and that they have their Security Keys with them,” said Christiaan Brand and Guemmy Kim of the Google Account Security team. “Since most hijackers are remote, their efforts are thwarted because they cannot get physical possession of the Security Key.”

Google also announced that this protection can extend to mobile devices (Android and iOS) since the Security Keys also support Bluetooth Low Energy and pair with devices over the BLE protocol.

“BLE Security Keys, which work on both Android and iOS, improve upon the usability of other form factors,” Brand and Kim said.

Yesterday’s announcement was a complement to a larger rollout on Monday of enterprise controls to G Suite, Google said.

In addition to Security Key enforcement, G Suite also supports data loss prevention technology in Google Drive. Admins can use it to add security controls to sensitive data and manage content as it’s stored and how it’s shared. It can also be configured to protect scanned documents via OCR and enforce data protection and sharing policies on that front.

Facebook, last week, announced that it had added support for physical keys for account security as a second form of authentication.

“Most people get their security code for login approvals from a text message (SMS) or by using the Facebook app to generate the code directly on their phone. These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone,” said Facebook security engineer Brad Hill.

Google, Facebook and other technology providers have for years supported second factors of authentication, usually via SMS or email messages that prompt users to enter a PIN in addition to their passwords. Google said additional protection is coming soon for personal accounts, which builds off its partnerships with FIDO Alliance; the FIDO Universal Second Factor authentication has been used internally on Google physical keys, the company said.

via https://ift.tt/2l0SPGP