Apex Computer

(Apex Computer)

Google Launches Backstory — A New Cyber Security Tool for Businesses
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats.

Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs.

However, unfortunately, most companies either don’t collect the right telemetry or even when they do, it's practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that.

Backstory solves this problem by allowing organizations to privately upload and store their petabytes of "internal security telemetry" on Google cloud platform and leverage machine learning and data analytics technologies to monitor and analyze it efficiently to detect and investigate any potential threat from a unified dashboard.
"Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity," Alphabet subsidiary Chronicle said in a blog post.

"With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever."

Just like SIEM solutions, Backstory converts log data—such as DNS traffic, NetFlow, endpoint logs, proxy logs—into meaningful, quickly searchable and actionable information to help companies gain insights into digital threats and attacks on their networks, but at scale to offer a more complete picture of the threat landscape.

Backstory also compares data against "threat intelligence" signals collected from a variety of partners and other sources, including the Alphabet-owned VirusTotal, Avast, Proofpoint and Carbon Black.
"Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly," Chronicle said.

"It also continuously compares any new piece of information against your company's historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats."

Since Chronicle wants customers to collect and upload as much data as possible, Backstory will not be priced based on the volume of customer's data, but rather Chronicle will sell licenses based on the size of the company.
"Building a system that can analyze large amounts of telemetry for you won't be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process," Chronicle explained.

"Since most organizations generate more data every year, their security bills keep rising, but they aren't more secure."

Microsoft has also recently announced similar security analytics services, called Threat Hunter and Azure Sentinel, which Microsoft is pitching as the "first native SIEM within a major cloud platform" to help companies detect, prevent, and respond to threats across their networks.

Splunk, a company that offers a similar product, saw its stock down 5% at the time of close on Monday following the announcement of the Backstory service.

(Apex Computer)

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019.

Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites.

For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal, WordPress, and others] to hack thousands of websites and wireless routers, and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves.

Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.

Now, while explaining the reason to shut down in a note published on its website yesterday, the Coinhive team said mining Monero via internet browsers is no longer "economically viable."

"The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the 'crash' of the cryptocurrency market with the value of XMR depreciating over 85% within a year," the service said.

"This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive."

So users who have an account on Coinhive website with above the minimum payout threshold balance can withdraw funds from their accounts before April 30, 2019.

Though Coinhive was launched as a legitimate service for website administrators to alternative generate more revenue from their websites, its extreme abuse in cyber criminals activities forced tech companies and security tools to label it as "malware" or "malicious tool."

To prevent cryptojacking by browser extensions that mine digital currencies without users' knowledge, last year Google also banned all cryptocurrency mining extensions from its Chrome Web Store.

A few months after that Apple also banned all cryptocurrency mining apps from its official app store.

(Apex Computer)

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
Great news.

If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.

Are you thinking… what the heck that actually means?

It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android's built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday.

FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices.

FIDO2 protocol is a combination of W3C's WebAuthn API that allows developers to integrate FIDO authentication into web browsers, and FIDO's Client to Authenticator Protocol (CTAP) which allows users to login without a password.

FIDO2 certified devices work on Mac OS X, Windows, Linux, Chrome OS and supported by all major browsers including Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari (included as a preview).

Though Android already offered FIDO-based authentication for installed apps using external hardware authenticator like YubiKey or Titan Security Key, the new update now expands this functionality to online web services via mobile browsers.

"Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to a rapidly expanding base of end users who already have leading Android devices and/or will upgrade to new devices in the future," FIDO Alliance announced.

If your FIDO2 certified Android device does not have a fingerprint sensor, you can use other authentication methods, like a PIN or swipe pattern that you use to unlock your phone, to log into apps and online accounts.

Last year, Google also launched a FIDO-based Titan Security Key that verifies the integrity of security keys at the hardware level to provide the highest level of protection against phishing attacks.