Wednesday, August 16, 2017

Wire, Barbed

The telecom of the 19th century North American West. via Kottke. In-built physical security, easy propagation...

from Wire, Barbed

Who will own the data from your autonomous car?

If you're hoping that Congress to lock in protection for your privacy, you should probably lower your expectations

from Who will own the data from your autonomous car?

Mobile data theft a risk from shared app libraries

Matthew Rose, ‎global director of application security strategy at Checkmarx, an application security software vendor headquartered in Israel, said there […]

The post Mobile data theft a risk from shared app libraries appeared first on Checkmarx.



from Mobile data theft a risk from shared app libraries

Cyber and Securities – Financial Institutions Attack Landscape

Recently Italian bank Unicredit suffered two security breaches. Data of 400,000 customers was stolen, including loan account numbers and Personally Identifiable Information (PII). There is a suspicion the breach had to do with interaction with a 3rd party. This incident is the latest reported in a long history of cyber-attacks against financial institutions. Every hack […]

The post Cyber and Securities – Financial Institutions Attack Landscape appeared first on Radware Blog.



from Cyber and Securities – Financial Institutions Attack Landscape

Bot armies of fake followers are the footsoldiers of fake news

Actual humans are left in the dust by the army of bots who pick up and amplify fake news - but how should they be stopped?

from Bot armies of fake followers are the footsoldiers of fake news

PHP Lab: Analyze the code and spot the vulnerability

Introduction and background: A penetration test has been conducted on the following URL, and a SQL Injection vulnerability was identified. http://192.168.56.101/webapps/sqli/sqli.php The developers... Go on to the site to read the full article

from PHP Lab: Analyze the code and spot the vulnerability

Preparedness & Cyber Risk Reduction Part Five C: Operations-Based Exercises

As we continue in our series on Preparedness, and concluding this mini-series on exercises, in the section that follows, we’ll look at different types of operations-based exercises as we continue to explore some of the ways our fictional character, Johnny, and his colleagues at Acme Innovations can take a progressively challenging approach to exercise design… Read More

from Preparedness & Cyber Risk Reduction Part Five C: Operations-Based Exercises

Scottish Parliament Targeted by Brute Force Attackers

Bad actors have targeted the Scottish Parliament with a brute force attack designed to crack weak passwords used by MSPs and staff. In a message sent to MSPs and staff members with parliamentary email addresses, chief executive Sir Paul Grice compared the attack to an assault that targeted the British Parliament in June. It’s unclear […]… Read More

The post Scottish Parliament Targeted by Brute Force Attackers appeared first on The State of Security.



from Scottish Parliament Targeted by Brute Force Attackers

Toronto woman leads the fight against creepshot image sites

There are tools that can help track down and take down stolen and creepshot images of women - but the challenge is a tough one

from Toronto woman leads the fight against creepshot image sites

ShadowPad: Backdoor in enterprise server software exposed

The NetSarang server software is used by hundreds of companies worldwide.

from ShadowPad: Backdoor in enterprise server software exposed

Tuesday, August 15, 2017

Hacking a Gene Sequencer by Encoding Malware in a DNA Strand

One of the common ways to hack a computer is to mess with its input data. That is, if you can feed the computer data that it interprets -- or misinterprets -- in a particular way, you can trick the computer into doing things that it wasn't intended to do. This is basically what a buffer overflow attack is: the data input overflows a buffer and ends up being executed by the computer process.

Well, some researchers did this with a computer that processes DNA, and they encoded their malware in the DNA strands themselves:

To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s.

Erlich says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file.

News articles. Research paper.



from Hacking a Gene Sequencer by Encoding Malware in a DNA Strand

XKCD, Computers vs Humans

Via the demiurgic grey matter of Randall Munroe at XKCD. Permalink

from XKCD, Computers vs Humans

C-Suite Priorities: Privacy or Profit?

Privacy or profit, that is the question. For C-suite executives around the world, striking a balance between safeguarding their organization’s data and meeting government regulations without adversely affecting day-to-day operations has always been a careful balancing act. In light of recent high-profile cyber-attacks in 2016 and 2017 and changing government policies regarding data privacy and […]

The post C-Suite Priorities: Privacy or Profit? appeared first on Radware Blog.



from C-Suite Priorities: Privacy or Profit?

Too many big online brands allow terrible passwords

Some of the biggest online names are the among the worst when it comes to password policies

from Too many big online brands allow terrible passwords

Microsoft Azure Adding Two Data Centers Down Under in Australia

Microsoft has now announced 42 Azure regions globally easily surpassing other cloud providers. read more

from Microsoft Azure Adding Two Data Centers Down Under in Australia

Privacy and Data Protection: A Priority, and now a Product

The threat to data is real. According to our 2017 Global Data Threat Report, 68 percent of respondents have experienced a breach in the past, with 26 percent experiencing a...

The post Privacy and Data Protection: A Priority, and now a Product appeared first on Data Security Blog | Thales e-Security.



from Privacy and Data Protection: A Priority, and now a Product

How shared Android libraries could be weaponized for data theft

When you're installing an Android app, pause before you approve one that asks for a lot of permissions - do you really need that app on your device?

from How shared Android libraries could be weaponized for data theft

Google Hires Former Star Apple Engineer for Its AI Team

Bloomberg
Chris Lattner, a legend in the world of Apple software, has joined another rival of the iPhone maker: Alphabet Inc.’s Google, where he will work on artificial intelligence.

read more



from Google Hires Former Star Apple Engineer for Its AI Team

Friendly neighborhood hacker helps family regain access to locked car

A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key. David Bisson reports.

from Friendly neighborhood hacker helps family regain access to locked car

Require Analytic Skills to Hire and Promote 

Unless your department is still in the early stages of your analytics journey, analytic skills should be one of your hiring and promotion criteria. In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics. One of the … Continue reading

from Require Analytic Skills to Hire and Promote 

How much HBO hackers have is hazy; what they want is clear – cash

'Mr Smith', apparently the HBO hackers' spokesman, is making extravagant claims and increasingly hostile demands

from How much HBO hackers have is hazy; what they want is clear – cash

Monday, August 14, 2017

Deoxyribonucleic Acid, Malware Edition

via the illustrative writing of John Timmer at ArsTechnica, we learn of the latest malware infect vector - en...

from Deoxyribonucleic Acid, Malware Edition

Ditching Textbooks and Teaching Cybersecurity Via News Headlines: Modern Times Call for Modern Measures

In a constantly changing field like cybersecurity, nothing stays the same for long. And as Jim Lewis, a senior VP at the Center for Strategic and International Studies, has learned first hand, this makes teaching about cybersecurity a challenge. Lewis this spring started teaching a section of a social engineering course to cybersecurity majors at the U.S. Naval Academy. Once it became apparent that the textbooks available to support the course were all several years old, Lewis opted to ditch the traditional approach and adopt a different source of reading materials: daily newspapers. And why…

from Ditching Textbooks and Teaching Cybersecurity Via News Headlines: Modern Times Call for Modern Measures

Resource: Automating Windows as a Service

This is one of the most comprehensive break downs of Windows as a Service I have ever come across and it should be on your reading list. read more

from Resource: Automating Windows as a Service

What do you see as the biggest security challenge your organization faces right now?

Phishing Attacks Patch Management Insider Threats Denial of Service Ransomware

from What do you see as the biggest security challenge your organization faces right now?

Those ‘stingray’ detector apps are basically useless, say researchers

Researchers found at least one major flaw in the five leading stingray surveillance trackers for Android.

from Those ‘stingray’ detector apps are basically useless, say researchers

Court records system has been open to hackers for decades

The easily exploitable and long-standing hole has finally been patched, said the Free Law Project, which set out a series of recommendations to improve the security of the system

from Court records system has been open to hackers for decades

Thousands of Android-spying apps in the wild: what to do about SonicSpy

Google has done a good job of removing infected apps from the Play store, but victims are being hit from other sources

from Thousands of Android-spying apps in the wild: what to do about SonicSpy

Ep. 096 – TKO Your Amygdala with Tim Larkin

In a society where we are on our cell phones and other devices non-stop, situational awareness is not something we hear too much about.  Our guest, Tim Larkin, talks about how important situational awareness is in staying safe. August 14, 2017 Contents Download Get Involved Download Ep. 096 – TKO Your Amygdala with Tim Larkin […]

The post Ep. 096 – TKO Your Amygdala with Tim Larkin appeared first on Security Through Education.



from Ep. 096 – TKO Your Amygdala with Tim Larkin

Gmail now warns iOS users about suspicious links, in fight against phishing threats

Gmail now warns iOS users about suspicious links, in fight against phishing threats

Stop! Should you really be clicking on that link you just received in your email?

Gmail’s iOS app is now offering some additional safety nets for the unwary.

Read more in my article on the We Live Security blog.



from Gmail now warns iOS users about suspicious links, in fight against phishing threats

Report: IT Leaders Feel Overwhelmed by Pace of Cloud Development

Eighty-one percent of IT leaders report to be either extremely concerned or very concerned about missing out on cloud advancements. read more

from Report: IT Leaders Feel Overwhelmed by Pace of Cloud Development

Sunday, August 13, 2017

2017 DerbyCon Hiring List

Created the 2017 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/vyqVHjZkxE4WhA9X2 (One small tip, first come first serve, so if you want to be on the top of the list it&rsq...

from 2017 DerbyCon Hiring List

Over a thousand spyware-infected Android apps discovered

A family of Android spyware has infected more than 1,000 apps, including some which infiltrated Google's Play Store. David Bisson reports.

from Over a thousand spyware-infected Android apps discovered

On Metrics: Responding to Failing Security Grades

A family of Android spyware has infected more than 1,000 apps, including some which infiltrated Google's Play Store. David Bisson reports.

from On Metrics: Responding to Failing Security Grades

R⁶ — Exploring macOS Applications with codesign, Gatekeeper & R

(General reminder abt “R⁶” posts in that they are heavy on code-examples, minimal on expository. I try to design them with 2-3 “nuggets” embedded for those who take the time to walk through the code examples on their systems. I’ll always provide further expository if requested in a comment, so don’t hesitate to ask if... Continue reading

from R⁶ — Exploring macOS Applications with codesign, Gatekeeper & R

BSides London 2017, Matthew Di Ferrante’s ‘Truly Anonymous Credentials Using Modern Cryptography’

Permalink

from BSides London 2017, Matthew Di Ferrante’s ‘Truly Anonymous Credentials Using Modern Cryptography’

BSides London 2017, Matthew Di Ferrante’s ‘Truly Anonymous Credentials Using Modern Cryptography’

Permalink

from BSides London 2017, Matthew Di Ferrante’s ‘Truly Anonymous Credentials Using Modern Cryptography’

Plenty of Phishing

Gentlemen and Gentlewomen, start your search engines.

from Plenty of Phishing

Friday Squid Blogging: Squid Eyeballs

Details on how a squid's eye corrects for underwater distortion: Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently as it falls on each location of the lens's surface....

from Friday Squid Blogging: Squid Eyeballs

Saturday, August 12, 2017

Security Sense: Are We More Secure Today Than Yesterday?

It's an often-asked yet very difficult to answer question - are we more secure today than yesterday? Well, yes... and no. read more

from Security Sense: Are We More Secure Today Than Yesterday?

Friday Squid Blogging: Squid Eyeballs

Details on how a squid's eye corrects for underwater distortion: Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently as it falls on each location of the lens's surface....

from Friday Squid Blogging: Squid Eyeballs

I Seem to Have a LinkedIn Account

I seem to have a LinkedIn account. This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn. Does anyone have any contacts into the company? I would like to report this fraudulent account, and possibly get control of it. I'm not on LinkedIn, but the best defense against this is probably...

from I Seem to Have a LinkedIn Account

DEF CON 25, Nathan Seidle’s ‘Open Source Safe Cracking Robots’

Permalink

from DEF CON 25, Nathan Seidle’s ‘Open Source Safe Cracking Robots’

How to Restore Website Backups from the Command Line

Earlier this week we wrote about how to use command line tools to back up your website. Check out our previous article for details on how we create these backups. In case the worst happens, you might need to restore your backup. No worries. We can easi...

from How to Restore Website Backups from the Command Line

Friday Squid Blogging: Squid Eyeballs

Details on how a squid's eye corrects for underwater distortion:

Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently as it falls on each location of the lens's surface. S-crystallin, the main protein in squid lenses, evolved the ability to do this by behaving as patchy colloids­ -- small molecules that have spots of molecular glue that they use to stick together in clusters.

Research paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.



from Friday Squid Blogging: Squid Eyeballs

I Seem to Have a LinkedIn Account

I seem to have a LinkedIn account.

This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn.

Does anyone have any contacts into the company? I would like to report this fraudulent account, and possibly get control of it. I'm not on LinkedIn, but the best defense against this is probably to create a real account.



from I Seem to Have a LinkedIn Account

Confusing Self-Driving Cars by Altering Road Signs

Researchers found that they could confuse the road sign detection algorithms of self-driving cars by adding stickers to the signs on the road. They could, for example, cause a car to think that a stop sign is a 45 mph speed limit sign. The changes are subtle, though -- look at the photo from the article.

Research paper:

"Robust Physical-World Attacks on Machine Learning Models," by Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song:

Abstract: Deep neural network-based classifiers are known to be vulnerable to adversarial examples that can fool them into misclassifying their input through the addition of small-magnitude perturbations. However, recent studies have demonstrated that such adversarial examples are not very effective in the physical world--they either completely fail to cause misclassification or only work in restricted cases where a relatively complex image is perturbed and printed on paper. In this paper we propose a new attack algorithm--Robust Physical Perturbations (RP2)-- that generates perturbations by taking images under different conditions into account. Our algorithm can create spatially-constrained perturbations that mimic vandalism or art to reduce the likelihood of detection by a casual observer. We show that adversarial examples generated by RP2 achieve high success rates under various conditions for real road sign recognition by using an evaluation methodology that captures physical world conditions. We physically realized and evaluated two attacks, one that causes a Stop sign to be misclassified as a Speed Limit sign in 100% of the testing conditions, and one that causes a Right Turn sign to be misclassified as either a Stop or Added Lane sign in 100% of the testing conditions.



from Confusing Self-Driving Cars by Altering Road Signs

Friday, August 11, 2017

News in brief: facial recognition planned for Carnival; spy chief backs encryption; ginger emoji planned

Your daily round-up of some of the other stories in the news

from News in brief: facial recognition planned for Carnival; spy chief backs encryption; ginger emoji planned

Esolang, Asciidots

via Motherboard writer Michael Byrne comes this escoteric language article describere esolang asciidots (ensc...

from Esolang, Asciidots

Establishing a root of trust: Trusted computing and Intel-based systems

STEVE EDWARDS, CURTISS-WRIGHT DEFENSE SOLUTIONS – Embedded.com  In the global defense-electronics market there is a growing demand for trusted computing solutions that carry effective protections against cyberattacks. Users want to be confident that when they power up their deployed embedded system, the code that their system is running can be trusted. In this sense,”trusted” means … Continue reading "Establishing a root of trust: Trusted computing and Intel-based systems"

The post Establishing a root of trust: Trusted computing and Intel-based systems appeared first on Trusted Computing Group.



from Establishing a root of trust: Trusted computing and Intel-based systems

Firefox 55 makes Flash click-to-run, fixes security bugs

The long march towards the death of Flash takes another step in Firefox's latest version

from Firefox 55 makes Flash click-to-run, fixes security bugs

‘You could see why someone might want to hack DNA’

Researchers pull off a proof of concept experiment to encode malware in DNA - and this should be 'a wake-up call to make sure it can't become a practical reality'

from ‘You could see why someone might want to hack DNA’

DEF CON may be over, but the challenge is still on

You may have read about our cool crypto challenge at Def Con here on our blog two weeks ago and may be wondering who won the prize (HackRF One).

from DEF CON may be over, but the challenge is still on

Latest viral sensation app Sarahah raises concerns about cyberbullying

'My son signed up for an account; within 24 hours someone posted a racist comment on his page including saying that he should be lynched'

from Latest viral sensation app Sarahah raises concerns about cyberbullying

Changes to the CISM Domains

CISM, Certified Information Security Manager, is one of the highest-level globally recognized certifications in the InfoSec industry. In December 2016, ISACA announced that there would be changes made to the CISM domains. These changes took effect with the first administration dates of the CISM exam in 2017. Changes to the CISM Domains ISACA, in a […]

The post Changes to the CISM Domains appeared first on Phoenix TS.



from Changes to the CISM Domains

Why NIST’s Bill Burr shouldn’t regret his 2003 password advice

We've learned a lot about passwords since 2003 - not least that you need more than even the best-crafted password to keep data safe

from Why NIST’s Bill Burr shouldn’t regret his 2003 password advice

TheShadowBrokers Continue to Leak Exploits and Generate Profits

A few weeks ago, our team at SurfWatch Labs released its mid-year threat intelligence report, which largely focused on how leaked exploits have helped to fuel cybercrime over the first half of the year. While the leak of exploits and hacking tools is not new — 2016’s surge of IoT-powered DDoS attacks were propelled by the… Read More

from TheShadowBrokers Continue to Leak Exploits and Generate Profits

Turning an Amazon Echo into an Eavesdropping Device

For once, the real story isn't as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but:

The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. But there's no software fix for older units, Barnes warns, and the attack can be performed without leaving any sign of hardware intrusion.

The way to implement this attack is by intercepting the Echo before it arrives at the target location. But if you can do that, there are a lot of other things you can do. So while this is a vulnerability that needs to be fixed -- and seems to have inadvertently been fixed -- it's not a cause for alarm.



from Turning an Amazon Echo into an Eavesdropping Device

Thursday, August 10, 2017

Turning an Amazon Echo into an Eavesdropping Device

For once, the real story isn't as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but: The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. But there's no software fix for...

from Turning an Amazon Echo into an Eavesdropping Device

Nearly Half of Popular Consumer Websites Lack Basic Password Security Requirements

A new analysis of over 40 popular consumer and enterprise websites revealed that many fail to implement the most basic password security requirements. According to the Password Power Rankings study conducted by Dashlane, a surprising 46 percent of consumer sites have “dangerously lax” password policies, including widely used Dropbox, Netflix and Pandora. Of the enterprise […]… Read More

The post Nearly Half of Popular Consumer Websites Lack Basic Password Security Requirements appeared first on The State of Security.



from Nearly Half of Popular Consumer Websites Lack Basic Password Security Requirements

News in brief: Vertus go cheap; Uber debuts chat; Ikea gets smart

Your daily round-up of some of the other stories in the news

from News in brief: Vertus go cheap; Uber debuts chat; Ikea gets smart

.why .it’s .time .to .fix .localhost

When you type in "localhost" it refers to your local host - this very computer right here. Or not. And Mike West wants to fix that.

from .why .it’s .time .to .fix .localhost

Watch out for Emotet, the trojan that’s nearly a worm

Emotet arrives as a malicious email attachment and tries to steal your online banking credentials

from Watch out for Emotet, the trojan that’s nearly a worm

10 Surefire Ways to Prevent a Data Breach in the Contact Center

By Aaron Lumnah, Digital Marketing Manager In a time where it seems like every other week another major brand reports that they suffered a data breach, it just goes to show that it only takes just one wrong move for your own company to make it into the headlines. Cyber threats are coming from all […]

The post 10 Surefire Ways to Prevent a Data Breach in the Contact Center appeared first on Semafone.



from 10 Surefire Ways to Prevent a Data Breach in the Contact Center

A Conversation With NYU’s Professor Nasir Memon

As part of RSA Conference’s dedication to importance of security education our own Cecilia Marinier spoke with Nasir Memon, Professor of Engineering and Associate Dean for Online Learning at New York University Tandon School of Engineering. Memon has been an active member of the academic world promoting the importance of information security education since the late 1990s. Throughout this conversation you’ll hear about the evolution of security in the classroom, programs such as CyberCorp and his thoughts on how to fill the much-needed gap in talent across the information security landscape. …

from A Conversation With NYU’s Professor Nasir Memon

Sorry, who did you say you were? We’ve forgotten about you

Britain's data proposals will enshrine GDPR's right to be forgotten in domestic law - but what's the situation elsewhere?

from Sorry, who did you say you were? We’ve forgotten about you

Ukraine police make arrest in Petya ransomware case

A 51-year-old Ukrainian national was arrested in connection with the ransomware attack

from Ukraine police make arrest in Petya ransomware case

Microsoft Warns Users to be Diligent as Tech Support Scams Get More Sophisticated

Tech support scammers are going beyond cold calls to sophisticated spam campaigns, Microsoft warns. read more

from Microsoft Warns Users to be Diligent as Tech Support Scams Get More Sophisticated

More on the Vulnerabilities Equities Process

Richard Ledgett -- a former Deputy Director of the NSA -- argues against the US government disclosing all vulnerabilities:

Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense -- but it is a gross oversimplification of the problem, one that not only would not have the desired effect but that also would be dangerous.

Actually, he doesn't make that argument at all. He basically says that security is a lot more complicated than finding and disclosing vulnerabilities -- something I don't think anyone disagrees with. His conclusion:

Malicious software like WannaCry and Petya is a scourge in our digital lives, and we need to take concerted action to protect ourselves. That action must be grounded in an accurate understanding of how the vulnerability ecosystem works. Software vendors need to continue working to build better software and to provide patching support for software deployed in critical infrastructure. Customers need to budget and plan for upgrades as part of the going-in cost of IT, or for compensatory measures when upgrades are impossible. Those who discover vulnerabilities need to responsibly disclose them or, if they are retained for national security purposes, adequately safeguard them. And the partnership of intelligence, law enforcement and industry needs to work together to identify and disrupt actors who use these vulnerabilities for their criminal and destructive ends. No single set of actions will solve the problem; we must work together to protect ourselves. As for blame, we should place it where it really lies: on the criminals who intentionally and maliciously assembled this destructive ransomware and released it on the world.

I don't think anyone would argue with any of that, either. The question is whether the US government should prioritize attack over defense, and security over surveillance. Disclosing, especially in a world where the secrecy of zero-day vulnerabilities is so fragile, greatly improves the security of our critical systems.



from More on the Vulnerabilities Equities Process

Wednesday, August 9, 2017

RingCentral Is Said to Hire Adviser After Takeover Interest

Bloomberg RingCentral could attract interest from technology-focused private equity firms and other cloud-based software providers. read more

from RingCentral Is Said to Hire Adviser After Takeover Interest

News in brief: Venezuelan protest hacking; Hutchins released on bail; Facebook steps up moderation

Your daily round-up of some of the other stories in the news

from News in brief: Venezuelan protest hacking; Hutchins released on bail; Facebook steps up moderation

Diablo6 Ransomware Virus on the Loose

A ransomware virus is on the loose again! It has been a long time, but it seems that the notorious Locky virus is back with a new alteration. Its latest variant goes under the name .Diablo6 Virus Ransomware; it changes the extension of the files it encrypts to .Diablo6. It has just been freshly unleashed […]… Read More

The post Diablo6 Ransomware Virus on the Loose appeared first on The State of Security.



from Diablo6 Ransomware Virus on the Loose

Sextortionist caught by investigators’ booby-trapped video

Tor-using man caught when he unwittingly handed over his IP address as he downloaded a video trap from investigators

from Sextortionist caught by investigators’ booby-trapped video

Low Skill Attack, The Siemens Method

Apparently, systemic - and therefore - fundamental - security incompetence 'reigns' supreme' at Siemens... Wi...

from Low Skill Attack, The Siemens Method

Cerber ransomware delivered in format of a different order of Magnitude

We review a trick that the Magnitude exploit kit uses to bypass security scanners.

Categories:

Tags:

(Read more...)

The post Cerber ransomware delivered in format of a different order of Magnitude appeared first on Malwarebytes Labs.



from Cerber ransomware delivered in format of a different order of Magnitude

Sad news- Intel drops Edison, Galileo, Joule, Curie

I had previously posted about some of Intel's efforts to get involved in the IoT and Maker communities with their own products such as the Edison, Galileo, Curie, and more.At the recent DefCon conference I was chatting with the guy behind HackerBo...

from Sad news- Intel drops Edison, Galileo, Joule, Curie

Carbon Black having some customer data leaking issues

My buddy Jim Broome at Direct Defense is stirring the pot a bit today with his latest blog post. Seems like that during an investigation of a potential breach they were performing for a customer, they accidentally discovered that it is possible to harvest some very sensitive data from the Carbon Black Cb Response product. …

Read More Read More



from Carbon Black having some customer data leaking issues

Carmakers warned to focus on security of connected vehicles

First principles for carmakers proposed by the UK government range from supply chains to aftercare

from Carmakers warned to focus on security of connected vehicles

Scanners to be patched after government warns of vulnerabilities

Siemens says that there's no evidence its scanners have been compromised - but the patches will be ready by the end of the month

from Scanners to be patched after government warns of vulnerabilities

Uber Drivers Hacking the System to Cause Surge Pricing

Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing:

According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars.

[...]

The study said drivers have been coordinating forced surge pricing, after interviews with drivers in London and New York, and research on online forums such as Uberpeople.net. In a post on the website for drivers, seen by the researchers, one person said: "Guys, stay logged off until surge. Less supply high demand = surge."

.

Passengers, of course, have long had tricks to avoid surge pricing.

I expect to see more of this sort of thing as algorithms become more prominent in our lives.



from Uber Drivers Hacking the System to Cause Surge Pricing

Tuesday, August 8, 2017

Social-Engineer Newsletter Vol 07 – Issue 95

  Vol 07 Issue 95 August 2017 In This Issue Lessons from Disasters to Improve Security Social-Engineer News Upcoming classes As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that. Check out the schedule of upcoming training on Social-Engineer.com 5-9 February, 2018 – […]

The post Social-Engineer Newsletter Vol 07 – Issue 95 appeared first on Security Through Education.



from Social-Engineer Newsletter Vol 07 – Issue 95

BSides London 2017, Chris Kubecka’s ‘Freaky Leaks from a Chic Geek’

Permalink

from BSides London 2017, Chris Kubecka’s ‘Freaky Leaks from a Chic Geek’

Microsoft fixes ‘critical’ security bugs affecting all versions of Windows

Microsoft patched 46 separate vulnerabilities — the majority of which were the highest "critical" rating.

from Microsoft fixes ‘critical’ security bugs affecting all versions of Windows

Explained: security certificates

Do you want to know how security certificates work and let us show you how malware can abuse the certificates system to block you from downloading and/or running your favorite software.

Categories:

Tags:

(Read more...)

The post Explained: security certificates appeared first on Malwarebytes Labs.



from Explained: security certificates

Explained: security certificates

Do you want to know how security certificates work and let us show you how malware can abuse the certificates system to block you from downloading and/or running your favorite software.

Categories:

Tags:

(Read more...)

The post Explained: security certificates appeared first on Malwarebytes Labs.



from Explained: security certificates

News in brief: Google fires memo writer; drones could be shot down; EU plans giant Sahara solar plant

Your daily round-up of some of the other stories in the news

from News in brief: Google fires memo writer; drones could be shot down; EU plans giant Sahara solar plant

Cyber Security Roundup for July 2017

Apologises for the delay in this month's Cyber Security Roundup release, I been away on holiday and taking a breach for monitor screens and keyboards for a couple of weeks.

The insider threat danger manifested at Bupa where an employee stole and shared 108,000 customer health insurance records. Bupa dismissed the employee and is planning to take legal action. The Bupa data breach was reported both to the FCA and the ICO, it remains to be seen if the UK government bodies will apportion any blame onto Bupa for the data loss. 

The AA was heavily criticised after it attempted to downplay a data compromise of over 13 gigabytes of its data, which included 117,000 customer records. The AA’s huge data cache was incorrectly made available online after an AA online shop server was “misconfigured” to share confidential data backup files.

A customer databreach for the World Wrestling Entertainment (WWE) should serve as a stark warning for businesses to adequately assure third parties and to secure hosted cloud systems. Three million WWE fan records were compromised after a third party misconfigured a cloud hosted Amazon server used by the WWE online shop.

The aftershock of Peyta \ NotPeyta rumbles on with, with malware still reported as disrupting firms weeks after the attack. There there are claims the mass media coverage of the attack have improved overall staff cyber security awareness.

It was found that over 1.6 million NHS patient records were illegally provided to Google's artificial intelligence arm, DeepMind, without patient concern meant the NHS and Google have breached the Data Protection Act.

A 29 year old British hacker named as Daniel K, but better known by his hacker handle "BestBuy" or "Popopret" admitted to hijack of 900,000 Deutsche Telekom routers in Germany after he was arrested at Luton airport in February. He said he made "the worst mistake of my life" when he carried out a failed attack in November for a Liberian client who paid him 8,500 Euros to attack the Liberian's business competitors. BestBuy used a variant of the Mirai malware to take advantage of a security vulnerability in Zyxel and Speedport model routers which were used by Germany Internet Service provider, with his intention to increase his botnet, and so the scale of DDoS attacks he could perform on behalf of clients.

A document from the National Cyber Security Centre (NCSC) was obtained by Motherboard and was verified by the BBC with NCSC as being legitimate. The document states some industrial software companies in the UK are "likely to have been compromised" by hackers, which is reportedly produced by the British spy agency GCHQ. The NCSC report discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.

UniCredit Bank had over 400,000 customer loan accounts accessed through a third party. This is the second security breach at the Italian bank in a year.

Finally this blog was awarded with the Best Technology Blogs of 2017 by Market Inspector and by Feedspot this month.

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS


from Cyber Security Roundup for July 2017

How do you feel about getting on a plane with no pilot?

We're already getting used to the notion of autonomous cars, but are we ready for autonomous aircraft?

from How do you feel about getting on a plane with no pilot?

AV-Comparatives Mac Security Review

AV-C’s Mac Security Test and Review report, July 2017: Mac Reviews / Tests Includes testing of the following: Avast Mac Security AVG AntiVirus for Mac Avira Antivirus Pro for Mac Bitdefender Antivirus for Mac BitMedic AntiVirus ESET Cyber Security Pro Intego Mac Premium Bundle X9 Kaspersky Internet Security for Mac Webroot SecureAnywhere Internet Security Complete […]

from AV-Comparatives Mac Security Review

RSAC 2017 Abu Dhabi: Trends in Call for Speakers Submissions

RSA Conference 2017 Abu Dhabi will take place November 7 and 8 at the Emirates Palace with a great line up of speakers exploring topics that we know will be of interest to our attendees. How do we know we’ve hit the mark? It’s an extensive and iterative process with regional experts reviewing all of our speaking submissions, debating the merits of the different options with each other, weighing their own experiences and perspectives against all of the potential topics at hand to hash out a balanced, educational agenda. These experts pick the sessions at the beginning of the process and also…

from RSAC 2017 Abu Dhabi: Trends in Call for Speakers Submissions

Monday, August 7, 2017

BSides London 2017, Jack’s ‘Running Circles On Social Media – Intelligent OSINT’

Permalink

from BSides London 2017, Jack’s ‘Running Circles On Social Media – Intelligent OSINT’

Learn About Microsoft Azure Site Recovery and Backup Capabilities

These on-demand and live learning opportunities will help you better understand the key aspects of using Azure Site Recovery and Backup plus the benefits it can provide to users and customers. read more

from Learn About Microsoft Azure Site Recovery and Backup Capabilities

News in brief: Ariana Grande hacked; new data laws unveiled; Marcus Hutchins due to be released

Your daily round-up of some of the other stories in the news

from News in brief: Ariana Grande hacked; new data laws unveiled; Marcus Hutchins due to be released

Cyberattacks on GPS leave ships sailing in dangerous waters

A spate of attacks on GPS tracking of ships has focused minds on a radio technology that's been stalled for years

from Cyberattacks on GPS leave ships sailing in dangerous waters

New Awards

I've been away on holiday in sunny Bulgaria for the last couple of weeks and working on a few articles for IBM, delaying my monthly security roundup post this month. While away I was proud to learn the blog and website had been given a couple of awards...

from New Awards

New Awards

I've been away on holiday in sunny Bulgaria for the last couple of weeks and working on a few articles for IBM, delaying my monthly security roundup post this month. While away I was proud to learn the blog and website had been given a couple of awards...

from New Awards

Privacy group accuses Hotspot Shield of snooping on web traffic

The privacy group says the FTC must investigate discrepancies in the company's privacy policy.

from Privacy group accuses Hotspot Shield of snooping on web traffic

Skype for Business 2015 – Invoke-CsComputerFailOver

There are times when rebooting a Skype Enterprise pool that you should know how many servers to reboot at a single time.  The answer is, “It depends…”  Seriously that is another discussion we can have on how many front-en...

from Skype for Business 2015 – Invoke-CsComputerFailOver

[SANS ISC] Increase of phpMyAdmin scans

I published the following diary on isc.sans.org: “Increase of phpMyAdmin scans“. PMA (or “phpMyAdmin”) is a well-known MySQL front-end written in PHP that “brings MySQL to the web” as stated on the web site. The tool is very popular amongst web developers because it helps to maintain databases just by using

[The post [SANS ISC] Increase of phpMyAdmin scans has been first published on /dev/random]



from [SANS ISC] Increase of phpMyAdmin scans

Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story:

The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight that he shares with a legion of field agents who do the organization's grunt work.

These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games' odds will briefly tilt against the house. They then send timing data to a custom app on an agent's phone; this data causes the phones to vibrate a split second before the agent should press the "Spin" button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.

It's an interesting article; I have no idea how much of it is true.

The sad part is that the slot-machine vulnerability is so easy to fix. Although the article says that "writing such algorithms requires tremendous mathematical skill," it's really only true that designing the algorithms requires that skill. Using any of secure encryption algorithm or hash function as a PRNG is trivially easy. And there's no reason why the system can't be designed with a real RNG. There is some randomness in the system somewhere, and it can be added into the mix as well. The programmers can use a well-designed algorithm, like my own Fortuna, but even something less well-thought-out is likely to foil this attack.



from Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Sunday, August 6, 2017

Infosec Reactions’ ‘Investigating 802.1x Port Failed Alerts’

Via the phenomenally satirical noggin' of aloria. Enjoy. Permalink

from Infosec Reactions’ ‘Investigating 802.1x Port Failed Alerts’

Attackers could shut down power grids by abusing solar panel flaws

An attacker could exploit vulnerabilities found in solar panel components to shut down large parts of a power grid, claims a security researcher. David Bisson reports.

from Attackers could shut down power grids by abusing solar panel flaws

‘No More Ransom’ Program Grows: Initiative Helps Global Organizations Deal With Ransomware

An attacker could exploit vulnerabilities found in solar panel components to shut down large parts of a power grid, claims a security researcher. David Bisson reports.

from ‘No More Ransom’ Program Grows: Initiative Helps Global Organizations Deal With Ransomware

Infosec Reactions’ ‘The Docker Security Model’

Via the excoratingly humorous mind of aloria. Enjoy, Permalink

from Infosec Reactions’ ‘The Docker Security Model’

Saturday, August 5, 2017

Infosec Reactions’ ‘The Docker Security Model’

Via the excoratingly humorous mind of aloria. Enjoy, Permalink

from Infosec Reactions’ ‘The Docker Security Model’

WannaCry researcher denies creating banking malware at court hearing

The security researcher rose to fame for curbing the spread of the WannaCry ransomware in May.

from WannaCry researcher denies creating banking malware at court hearing

BSides London 2017, Stefan Hager ‘s ‘Think About The Box’

Permalink

from BSides London 2017, Stefan Hager ‘s ‘Think About The Box’

Friday Squid Blogging: Squid Fake News

I never imagined that there would be fake news about squid. (That website lets you write your own stories.)

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.



from Friday Squid Blogging: Squid Fake News

Friday, August 4, 2017

WannaCry crooks cash out their ransom

Curiouser and curiouser, said Alice

from WannaCry crooks cash out their ransom

WannaCry researcher denies creating banking malware at court hearing

The security researcher rose to fame for curbing the spread of the WannaCry ransomware in May.

from WannaCry researcher denies creating banking malware at court hearing

Does History Need to Repeat Itself? Lessons Learned From WannaCry

Often, at the end of a project, especially a long and complicated one, there will be a ‘lessons learned’ session held. These sessions usually bring together either the internal team or consortia...

Go on to the site to read the full article

from Does History Need to Repeat Itself? Lessons Learned From WannaCry

Friday Squid Blogging: Squid Fake News

I never imagined that there would be fake news about squid. (That website lets you write your own stories.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

from Friday Squid Blogging: Squid Fake News

BSides London 2017, Stefan Hager ‘s ‘Think About The Box’

Permalink

from BSides London 2017, Stefan Hager ‘s ‘Think About The Box’

News in brief: Wikileaks’ Dumbo flies; off-script chatbots; Google down-votes duff apps

Your daily round-up of some of the other stories in the news!

from News in brief: Wikileaks’ Dumbo flies; off-script chatbots; Google down-votes duff apps

4 Overlooked Insider Cybersecurity Threats That Could Lead to a Data Breach

By Jason Scheidemantel, Marketing Intern In an environment where nearly 8.4 billion devices are connected to the internet, it’s not unusual to question the security of your personal identifiable information (PII). Cyber threats from hackers exploit vulnerabilities in security and cost businesses around the world billions of USD every year. If asked to picture a […]

The post 4 Overlooked Insider Cybersecurity Threats That Could Lead to a Data Breach appeared first on Semafone.



from 4 Overlooked Insider Cybersecurity Threats That Could Lead to a Data Breach

Learning PowerShell: basic programs

In this last part of the short series about the basics of PowerShell we assemble a small script from scratch and explain how it works.

Categories:

Tags:

(Read more...)

The post Learning PowerShell: basic programs appeared first on Malwarebytes Labs.



from Learning PowerShell: basic programs

Anatomy of a Security Breach

In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now. It is not often that we get a look at the details of a computer security breach, but in this case at ...

from Anatomy of a Security Breach

Three Different Kinds of Online Scams

There are countless ways and endless criminals online looking to steal your personal information or gain access to your financial accounts. Being able to identify the most common types of online... Go on to the site to read the full article

from Three Different Kinds of Online Scams

Penetrating a Casino's Network through an Internet-Connected Fish Tank

Attackers used a vulnerability in an Internet-connected fish tank to successfully penetrate a casino's network.

BoingBoing post.



from Penetrating a Casino's Network through an Internet-Connected Fish Tank

Thursday, August 3, 2017

How Security Awareness Training Can Protect the Military

Introduction There stills seems to be no true consensus on the need for or importance of security training in the workplace. There are people on both sides of the argument who are making valid points... Go on to the site to read the full article

from How Security Awareness Training Can Protect the Military

FBI arrests WannaCry’s ‘accidental hero’ in connection with Kronos banking trojan

Marcus Hutchins, aka MalwareTech, the British security researcher who was credited with stopping the hard-hitting WannaCry ransomware worm that hit the UK's NHS hard earlier this year, has been arrested in Las Vegas.

from FBI arrests WannaCry’s ‘accidental hero’ in connection with Kronos banking trojan

Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak

The developers of the notorious Carbanak banking trojan have added a new JavaScript backdoor to their tool set, targeting US restaurant chains. David Bisson reports.

from Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak

Why Do Educators Need Security Awareness Training?

The answer to the article title is really simple: There is no shortage of examples where schools or universities have fallen victims to cyberattacks, such as the recent wave of malicious codes (i.e.,... Go on to the site to read the full article

from Why Do Educators Need Security Awareness Training?

Security Awareness for IT Employees

Stating that information security is everyone’s job is not something new; just try asking any person in charge of awareness efforts how many times they have done so. Even if your company has a...

Go on to the site to read the full article

from Security Awareness for IT Employees

Tips for Managing Physical Security

What is Physical Security? Source: GAO According to the security expert S. Harris, “physical security protects people, data, equipment, systems, facilities and company assets.” She also enumerates...

Go on to the site to read the full article

from Tips for Managing Physical Security

As WannaCry Hackers Make Off with Bitcoin, FBI Arrests Man Who Stopped Them

WannaCry hackers are emptying bitcoin wallets as the U.K. man credited with stopping the WannaCry spread is arrested by FBI on charges related to Kronos banking trojan. read more

from As WannaCry Hackers Make Off with Bitcoin, FBI Arrests Man Who Stopped Them

News in brief: WannaCry hero arrested; Firefox file encryption; DDoS fails to persuade

Your daily round-up of some of the other stories in the news!

from News in brief: WannaCry hero arrested; Firefox file encryption; DDoS fails to persuade

Is The CISM Certification Worth It?

Certified Information Security Manager (CISM) is one of the premier advanced information security certifications offered by ISACA. What makes earning CISM certification worth it though? A Quick Overview of the CISM Certification Unless you are brand new to the InfoSec industry, then you may heard of the CISM certification before. If you aren’t familiar with it; […]

The post Is The CISM Certification Worth It? appeared first on Phoenix TS.



from Is The CISM Certification Worth It?

How to Share a File or Folder in OneDrive for Business Office 365

Karim Buzdar Only you can access files or folders stored in your OneDrive for Business until you share them with any user. Here's how to do that. read more

from How to Share a File or Folder in OneDrive for Business Office 365

Splitting the NSA and US Cyber Command

Rumor is that the Trump administration will separate the NSA and US Cyber Command. I have long thought this was a good idea. Here's a good discussion of what it does and doesn't mean.



from Splitting the NSA and US Cyber Command

Voting Machine Security

Last week, DefCon hosted a "Voter Hacker Village" event. Every single voting machine there was easily hackable.

Here are detailed details. There should be a summary report soon; I'll add it to this post when it's published.



from Voting Machine Security

Detecting Stingrays

Researchers are developing technologies that can detect IMSI-catchers: those fake cell phone towers that can be used to surveil people in the area.

This is good work, but it's unclear to me whether these devices can detect all the newer IMSI-catchers that are being sold to governments worldwide.

News article.



from Detecting Stingrays

Wednesday, August 2, 2017

Black Hat USA 2017 Recap

Missed Black Hat USA 2017? Here's a little recap of the event and the Malwarebytes booth.

Categories:

Tags:

(Read more...)

The post Black Hat USA 2017 Recap appeared first on Malwarebytes Labs.



from Black Hat USA 2017 Recap

As U.S.-Russia Tensions Mount, Should IT Pros be Concerned About Kaspersky?

Why one security expert thinks the controversy is overblown A 20-year-old cybersecurity company has again found itself in the cross hairs of heightened tensions between R...

from As U.S.-Russia Tensions Mount, Should IT Pros be Concerned About Kaspersky?

From my Gartner Blog – Our new Vulnerability Assessment Tools Comparison is out!

Vulnerability assessment is usually seen as a boring topic and most people think the scanners are all equal – reaching the “commodity” status. Well, for basic scanning capabilities, that’s certainly true. But vulnerability scanners need to stay current with the evolution of IT environments; think all the changes in corporate networks in the past 20 years due to virtualization, mobility, cloud, containers and others. Those things certainly affect vulnerability management programs and how we scan for vulnerabilities. These IT changes force scanners to adapt, and we end up seeing some interesting differences at the fringes. Our new document, “A Comparison of Vulnerability and Security Configuration Assessment Solutions”, compares the 5 leaders of this space (BeyondTrust, Qualys, Rapid7, Tenable and Tripwire) and show how and where they differ.

Some of the capabilities where we found interesting differences are:

  • Agent based scan
  • Integration with virtualization platforms
  • Integration with IaaS cloud providers
  • Mobile devices vulnerability assessment capabilities
  • VA on containers
  • Delivery models (on-prem, SaaS)

 

As we’ve been doing, please consider providing feedback on the paper; this helps us improve our research :-)

The post Our new Vulnerability Assessment Tools Comparison is out! appeared first on Augusto Barros.



from Augusto Barros http://ift.tt/2f8bFho
via IFTTT


from From my Gartner Blog – Our new Vulnerability Assessment Tools Comparison is out!

Svpeng Mobile Banking Trojan Now Equipped with Keylogger Capabilities

Security researchers have uncovered a new variant of the infamous Android mobile banking Trojan Svpeng, which now comes equipped with a keylogger feature. According to Kaspersky Lab, the latest update allows cybercriminals to steal entered text by exploiting a device’s accessibility services. Designed for users with disabilities or those temporarily unable to interact fully with […]… Read More

The post Svpeng Mobile Banking Trojan Now Equipped with Keylogger Capabilities appeared first on The State of Security.



from Svpeng Mobile Banking Trojan Now Equipped with Keylogger Capabilities

News in brief: Facebook video chat; protecting Earth from aliens; do you want encryption?

Your daily round-up of some of the other stories in the news!

from News in brief: Facebook video chat; protecting Earth from aliens; do you want encryption?

Get Ready For The Holidays With Cloudlets

It's summer, which means it's time for hitting the beach, enjoying outdoor barbeques with friends and family, going for hiking, biking, kayaking and savoring cold craft beers. But for savvy retailers like you, summer is the ideal time to start...

from Get Ready For The Holidays With Cloudlets

Voting Machine Security

Last week, DefCon hosted a "Voter Hacker Village" event. Every single voting machine there was easily hackable. Here are detailed details. There should be a summary report soon; I'll add it to this post when it's published....

from Voting Machine Security

TCG to Talk Industrial IoT Security in Barcelona, IoT Solutions World Congress, October 3

TCG members and security experts are hosting a special session, How to Build Secure, Highly Reliable Critical Systems and Networks for the IoT on October 3, 2017 at the IoT Solutions World Congress (link to https://trustedcomputinggroup.org/press-rooms/events/iot-solutions-world-congress-2/). Convergence of critical systems with those connected to the broader Internet are creating massive security concerns, real and anticipated. Even for … Continue reading "TCG to Talk Industrial IoT Security in Barcelona, IoT Solutions World Congress, October 3"

The post TCG to Talk Industrial IoT Security in Barcelona, IoT Solutions World Congress, October 3 appeared first on Trusted Computing Group.



from TCG to Talk Industrial IoT Security in Barcelona, IoT Solutions World Congress, October 3

Red Hat Acquires Permabit’s Storage Tech

Red Hat's planned open sourcing of Permabit tech should be a boon for all enterprise Linux distributions. read more

from Red Hat Acquires Permabit’s Storage Tech

Android users: beware ‘Invisible Man’ malware disguised as Flash

Once installed it tries to steal banking and credit card details

from Android users: beware ‘Invisible Man’ malware disguised as Flash

NSA Collects MS Windows Error Information

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports:

One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.

When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.

Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant. In one internal graphic, they replaced the text of Microsoft's original error message with one of their own reading, "This information may be intercepted by a foreign sigint system to gather detailed information and better exploit your machine." ("Sigint" stands for "signals intelligence.")

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit? Microsoft won't have the incentive to examine and fix problems until they happen broadly among its user base. The NSA has a completely different incentive structure.

I don't remember this being discussed back in 2013.



from NSA Collects MS Windows Error Information

Vulnerabilities in Car Washes

Articles about serious vulnerabilities in IoT devices and embedded systems are now dime-a-dozen. This one concerns Internet-connected car washes:

A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the systems to physically attack vehicles and their occupants. The vulnerabilities would let an attacker open and close the bay doors on a car wash to trap vehicles inside the chamber, or strike them with the doors, damaging them and possibly injuring occupants.



from Vulnerabilities in Car Washes

Tuesday, August 1, 2017

R⁶ — Reticulating Parquet Files

The reticulate package provides a very clean & concise interface bridge between R and Python which makes it handy to work with modules that have yet to be ported to R (going native is always better when you can do it). This post shows how to use reticulate to create parquet files directly from R... Continue reading

from R⁶ — Reticulating Parquet Files

DerbyCon 7 Live Stream

If you weren't fortunate to get a ticket to DerbyCon this year, the conference will once again be live streaming talks. More information will be available closer to the conference at www.derbycon.com.But did you know every talk (almost) is also availab...

from DerbyCon 7 Live Stream

Monthly Blog Round-Up – July 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this
month:
  1. Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
  2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
  3. Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
  4. Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
  5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).
In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

Current research on SIEM:
Recent research on vulnerability management:
Recent research on cloud security monitoring:
Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

About me: http://www.chuvakin.org


from Monthly Blog Round-Up – July 2017