Friday, October 20, 2017

Friday Squid Blogging: "How the Squid Lost Its Shell"

Interesting essay by Danna Staaf, the author of Squid Empire. (I mentioned the book two weeks ago.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

The post Friday Squid Blogging: "How the Squid Lost Its Shell" appeared first on Security Boulevard.



from Friday Squid Blogging: "How the Squid Lost Its Shell"

Supply-Chain Attack Hits Maker of Popular MacOS Apps

Eltima Software, a maker of popular applications for macOS, had its website compromised by hackers who replaced the installers for two of its applications with trojanized versions. This is the latest in a string of software supply-chain attacks that happened this year and which affected consumers and companies alike. Abusing the trust between users and..

The post Supply-Chain Attack Hits Maker of Popular MacOS Apps appeared first on Security Boulevard.



from Supply-Chain Attack Hits Maker of Popular MacOS Apps

Security+ Domain #6: Cryptography

Cryptography falls into the sixth and last domain of CompTIA’s Security+ exam (SYO-401) and contributes 12% to the exam score. The Security+ exam tests the candidate’s knowledge of cryptography and...

Go on to the site to read the full article

The post Security+ Domain #6: Cryptography appeared first on Security Boulevard.



from Security+ Domain #6: Cryptography

Joy of Tech®, Social Media Guilt

2460.gif

Via the combinatorial comic noggins of Nitrozac and Snaggy at The Joy of Tech®.

The post Joy of Tech®, Social Media Guilt appeared first on Security Boulevard.



from Joy of Tech®, Social Media Guilt

Manage Samba File Server Access from the Cloud

Can you manage on-prem Samba file server access from the cloud? This is a question that many IT admins are asking as they look to shift more of their infrastructure...

The post Manage Samba File Server Access from the Cloud appeared first on JumpCloud.

The post Manage Samba File Server Access from the Cloud appeared first on Security Boulevard.



from Manage Samba File Server Access from the Cloud

Security+ Domain #5: Access control and Identity Management

Introduction The “access control and identity management” domain is aimed at teaching and testing on industry-accepted practices, such as determining and implementing good password policies,...

Go on to the site to read the full article

The post Security+ Domain #5: Access control and Identity Management appeared first on Security Boulevard.



from Security+ Domain #5: Access control and Identity Management

More trouble in Google Play land

After our mobile security experts repeatedly discovered adware on several apps on the Google Play store, our friends at Symantec have unearthed at least eight malicious apps that are found capable of adding affected mobile devices to a botnet.

Categories:

Tags:

(Read more...)

The post More trouble in Google Play land appeared first on Malwarebytes Labs.

The post More trouble in Google Play land appeared first on Security Boulevard.



from More trouble in Google Play land

Security+ Domain #4: Application, Data, and Host Security

Application, data, and host Security falls into the fourth domain of CompTIA’s Security+ exam (SYO-401) and contributes 15% to the exam score. To pass the Security+ exam, candidates must understand...

Go on to the site to read the full article

The post Security+ Domain #4: Application, Data, and Host Security appeared first on Security Boulevard.



from Security+ Domain #4: Application, Data, and Host Security

Security+ Domain #2: Compliance and Operational Security

Compliance and operations security falls into the second domain of CompTIA’s Security+ exam (SYO-401) and contributes 18% to the exam objectives. To pass the Security+ test and learning how to...

Go on to the site to read the full article

The post Security+ Domain #2: Compliance and Operational Security appeared first on Security Boulevard.



from Security+ Domain #2: Compliance and Operational Security

Wondermark on Security

Another comic....

The post Wondermark on Security appeared first on Security Boulevard.



from Wondermark on Security

Denuvo DRM Cracked within a Day of Release

Denuvo is probably the best digital-rights management system, used to protect computer games. It's regularly cracked within a day.

If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that doesn't mean Denuvo will stay effectively useless forever. The company has updated its DRM protection methods with a number of "variants" since its rollout in 2014, and chatter in the cracking community indicates a revamped "version 5" will launch any day now. That might give publishers a little more breathing room where their games can exist uncracked and force the crackers back to the drawing board for another round of the never-ending DRM battle.

BoingBoing post. Slashdot thread.

Related: Vice has a good history of DRM.



from Denuvo DRM Cracked within a Day of Release

Mr. Robot Review: Eps3.1_Undo.Gz

At the end of episode one, Elliot asks Angela for a job at E Corp. Angela, like a true best friend, delivers.

The post Mr. Robot Review: Eps3.1_Undo.Gz appeared first on Security Boulevard.



from Mr. Robot Review: Eps3.1_Undo.Gz

Cyber News Rundown: Edition 10/20/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things...read more

The post Cyber News Rundown: Edition 10/20/17 appeared first on Webroot Threat Blog.

The post Cyber News Rundown: Edition 10/20/17 appeared first on Security Boulevard.



from Cyber News Rundown: Edition 10/20/17

Three-Quarters of Enterprise Applications Have at Least One Vulnerability

Security firm Veracode has released its annual report on the state of software security and it paints a bleak picture: 77 percent of enterprise applications assessed for the first time had at least one vulnerability and 88 percent of Java applications had at least one vulnerability inherited from a third-party open-source component. The report’s findings..

The post Three-Quarters of Enterprise Applications Have at Least One Vulnerability appeared first on Security Boulevard.



from Three-Quarters of Enterprise Applications Have at Least One Vulnerability

Industrial Cybersecurity: Addressing Today’s and Tomorrow’s Challenges

Industrial control system (ICS) cybersecurity has come a long way over the last decade. Today, we have well-established guidance for securing industrial plants and SCADA systems, including IEC-62443, NERC CIP, and the NIST Cybersecurity Framework. Industry and governmental efforts to build awareness of cyber risks have also been successful. Most industrial companies today appreciate the […]… Read More

The post Industrial Cybersecurity: Addressing Today’s and Tomorrow’s Challenges appeared first on The State of Security.

The post Industrial Cybersecurity: Addressing Today’s and Tomorrow’s Challenges appeared first on Security Boulevard.



from Industrial Cybersecurity: Addressing Today’s and Tomorrow’s Challenges

The Need for Increased Investment in Medical Device Security

The FBI in 2014 warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency of […]… Read More

The post The Need for Increased Investment in Medical Device Security appeared first on The State of Security.

The post The Need for Increased Investment in Medical Device Security appeared first on Security Boulevard.



from The Need for Increased Investment in Medical Device Security

Thursday, October 19, 2017

Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children.

Press release. News article.

This is the same group that found all those security and privacy vulnerabilities in smart dolls.



from Security Flaws in Children's Smart Watches

Authentication on PCs: Recommendations from Security Experts

Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.

The post Authentication on PCs: Recommendations from Security Experts appeared first on Security Boulevard.



from Authentication on PCs: Recommendations from Security Experts

Here’s Some Good News: Investment in Cyber Security Technology Continues to Rise

coins.png

It seems as though CISOs and CSOs are constantly battling with challenges, whether it’s newly discovered threats and vulnerabilities, growing demand for cyber security skills and not enough qualified people to deliver them, complaints from business users about disruptive security tools, or some other issue,

The post Here’s Some Good News: Investment in Cyber Security Technology Continues to Rise appeared first on Security Boulevard.



from Here’s Some Good News: Investment in Cyber Security Technology Continues to Rise

Trail of Bits joins the Enterprise Ethereum Alliance

We’re proud to announce that Trail of Bits has joined the Enterprise Ethereum Alliance (EEA), the world’s largest open source blockchain initiative. As the first information security company to join, and currently one of the industry’s top smart contract auditors, we’re excited to contribute our unparalleled expertise to the EEA. As companies begin to re-architect […]

The post Trail of Bits joins the Enterprise Ethereum Alliance appeared first on Security Boulevard.



from Trail of Bits joins the Enterprise Ethereum Alliance

419 Scammers Offer $60M in Exchange for Adopting Their Teenage Son

419 scammers are tempting unsuspecting users with a fake offer of $60 million in exchange for adopting their teenage son. The scam begins when a user receives a Twitter DM from the account of someone who appears to serve in the armed forces. Such unexpected correspondence could (and should) strike the recipient as odd. But […]… Read More

The post 419 Scammers Offer $60M in Exchange for Adopting Their Teenage Son appeared first on The State of Security.

The post 419 Scammers Offer $60M in Exchange for Adopting Their Teenage Son appeared first on Security Boulevard.



from 419 Scammers Offer $60M in Exchange for Adopting Their Teenage Son

Get Employee Logon Data through Webhooks

With the launch of UserLock 9.6, organizations can now add the value of domain logon management to existing IT systems through an innovative use of webhooks. Webhooks — also known as ‘web callbacks’ or ‘HTTP push APIs’ — are a growing trend in the IT world that enable one app to provide information to other … Continued

The post Get Employee Logon Data through Webhooks appeared first on Enterprise Network Security Blog from ISDecisions.

The post Get Employee Logon Data through Webhooks appeared first on Security Boulevard.



from Get Employee Logon Data through Webhooks

Profile of the Month: Derek Tumulak, Global Vice President of Product Management

Since the early days of his career as a software developer, Derek Tumulak has had a fascination with building things...

The post Profile of the Month: Derek Tumulak, Global Vice President of Product Management appeared first on Data Security Blog | Thales e-Security.

The post Profile of the Month: Derek Tumulak, Global Vice President of Product Management appeared first on Security Boulevard.



from Profile of the Month: Derek Tumulak, Global Vice President of Product Management

Continuous Security Testing for Microservices

The post Continuous Security Testing for Microservices appeared first on Checkmarx.

The post Continuous Security Testing for Microservices appeared first on Security Boulevard.



from Continuous Security Testing for Microservices

Why OPSEC Is for Everyone, Not Just for People with Something to Hide

OPSEC (Operational Security) is a term derived from the U.S. military and is an analytical process used to deny an adversary information that could compromise the secrecy and/or the operational security of a mission. The very process of performing OPSEC or protecting your six from an adversary not only plays a very important role in […]… Read More

The post Why OPSEC Is for Everyone, Not Just for People with Something to Hide appeared first on The State of Security.

The post Why OPSEC Is for Everyone, Not Just for People with Something to Hide appeared first on Security Boulevard.



from Why OPSEC Is for Everyone, Not Just for People with Something to Hide

Magniber ransomware: exclusively for South Koreans

A few days ago, Magnitude EK resurfaced, this time with a new payload that targets only the country of South Korea. It's called Magniber ransomware.

Categories:

Tags:

(Read more...)

The post Magniber ransomware: exclusively for South Koreans appeared first on Malwarebytes Labs.

The post Magniber ransomware: exclusively for South Koreans appeared first on Security Boulevard.



from Magniber ransomware: exclusively for South Koreans

Wednesday, October 18, 2017

IoT Cybersecurity: What's Plan B?

In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any companies to do anything. It doesn't even modify the liability laws for embedded software. Companies can continue to sell IoT devices with whatever lousy security they want.

What the bill does do is leverage the government's buying power to nudge the market: any IoT product that the government buys must meet minimum security standards. It requires vendors to ensure that devices can not only be patched, but are patched in an authenticated and timely manner; don't have unchangeable default passwords; and are free from known vulnerabilities. It's about as low a security bar as you can set, and that it will considerably improve security speaks volumes about the current state of IoT security. (Full disclosure: I helped draft some of the bill's security requirements.)

The bill would also modify the Computer Fraud and Abuse and the Digital Millennium Copyright Acts to allow security researchers to study the security of IoT devices purchased by the government. It's a far narrower exemption than our industry needs. But it's a good first step, which is probably the best thing you can say about this legislation.

However, it's unlikely this first step will even be taken. I am writing this column in August, and have no doubt that the bill will have gone nowhere by the time you read it in October or later. If hearings are held, they won't matter. The bill won't have been voted on by any committee, and it won't be on any legislative calendar. The odds of this bill becoming law are zero. And that's not just because of current politics -- I'd be equally pessimistic under the Obama administration.

But the situation is critical. The Internet is dangerous -- and the IoT gives it not just eyes and ears, but also hands and feet. Security vulnerabilities, exploits, and attacks that once affected only bits and bytes now affect flesh and blood.

Markets, as we've repeatedly learned over the past century, are terrible mechanisms for improving the safety of products and services. It was true for automobile, food, restaurant, airplane, fire, and financial-instrument safety. The reasons are complicated, but basically, sellers don't compete on safety features because buyers can't efficiently differentiate products based on safety considerations. The race-to-the-bottom mechanism that markets use to minimize prices also minimizes quality. Without government intervention, the IoT remains dangerously insecure.

The US government has no appetite for intervention, so we won't see serious safety and security regulations, a new federal agency, or better liability laws. We might have a better chance in the EU. Depending on how the General Data Protection Regulation on data privacy pans out, the EU might pass a similar security law in 5 years. No other country has a large enough market share to make a difference.

Sometimes we can opt out of the IoT, but that option is becoming increasingly rare. Last year, I tried and failed to purchase a new car without an Internet connection. In a few years, it's going to be nearly impossible to not be multiply connected to the IoT. And our biggest IoT security risks will stem not from devices we have a market relationship with, but from everyone else's cars, cameras, routers, drones, and so on.

We can try to shop our ideals and demand more security, but companies don't compete on IoT safety -- and we security experts aren't a large enough market force to make a difference.

We need a Plan B, although I'm not sure what that is. Comment if you have any ideas.

This essay previously appeared in the September/October issue of IEEE Security & Privacy.



from IoT Cybersecurity: What's Plan B?

Why is Malwarebytes blocking CoinHive?

Since September 19, the number two most frequently blocked website for our customers has been coinhive.com. This post will describe what CoinHive is, what it is doing, and why we are blocking it.

Categories:

Tags:

(Read more...)

The post Why is Malwarebytes blocking CoinHive? appeared first on Malwarebytes Labs.

The post Why is Malwarebytes blocking CoinHive? appeared first on Security Boulevard.



from Why is Malwarebytes blocking CoinHive?

How Do I Protect Against Ransomware?

Guest column by Joseph Carson, Chief Security Scientist at Thycotic. “Ransomware” is on the rise using “targeted phishing attacks” and is being used for financial blackmail and poison or corrupt data. No one is excluded from these threats and no company or individual is too small to be a target. Ransomware has become such a … Continue reading How Do I Protect Against Ransomware?

The post How Do I Protect Against Ransomware? appeared first on Semperis.

The post How Do I Protect Against Ransomware? appeared first on Security Boulevard.



from How Do I Protect Against Ransomware?

Nets of Badness

Electronic_eye.png

Evil Machine Learning at it's Finest, and it's Detection, thereof. Today's MustRead!

Permalink

The post Nets of Badness appeared first on Security Boulevard.



from Nets of Badness

Email Sender Domain: How to Spot a Phish Video

Email Sender Domain: How to Spot a Phish Video

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In the second video, we take a look at the  sender's email address to help spot a potentially malicious email. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

The post Email Sender Domain: How to Spot a Phish Video appeared first on Security Boulevard.



from Email Sender Domain: How to Spot a Phish Video

Active Directory®as a Service & macOS Authentication

There are two issues that many IT organizations are trying to solve when it comes to identity management. One is that they would like to move all of their IT...

The post Active Directory®as a Service & macOS Authentication appeared first on JumpCloud.

The post Active Directory®as a Service & macOS Authentication appeared first on Security Boulevard.



from Active Directory®as a Service & macOS Authentication

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An … Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

The post SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution appeared first on Security Boulevard.



from SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Old Technologies Enable Future Secure Application Delivery Networking

Many years ago, one of my customers had an internet-facing application. They positioned load balancers in front of the application to support the growing traffic load. Traffic to the website was growing so fast, that parts of the network infrastructure could not support the customer load. One of the first components to fail under the […]

The post Old Technologies Enable Future Secure Application Delivery Networking appeared first on Radware Blog.

The post Old Technologies Enable Future Secure Application Delivery Networking appeared first on Security Boulevard.



from Old Technologies Enable Future Secure Application Delivery Networking

Top Linux Certifications [2017]

Linux is the central OS for most IT infrastructures throughout the world, so chances are your IT career will require you to leverage some Linux skills. If you are trying to step up your Linux game this year, then here are the top Linux certifications you should be adding to your resume. Top Certifications For […]

The post Top Linux Certifications [2017] appeared first on Phoenix TS.

The post Top Linux Certifications [2017] appeared first on Security Boulevard.



from Top Linux Certifications [2017]

Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses

SAN FRANCISCO–(BUSINESS WIRE)–Checkmarx, a global leader in application security testing solutions, today announced it is launching new mobile security courses for […]

The post Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses appeared first on Checkmarx.

The post Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses appeared first on Security Boulevard.



from Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses

Lightboard Lessons: What are Bots?

In this Lightboard Lesson, I light up some #basics about internet bots and botnets. Humans account for less than 50% of internet traffic and the rest is spread between the good bots and bad ones. ps Related: The Facts about Botnets The state of botnets in late 2015 and early 2016 What are bots? Advertisements

The post Lightboard Lessons: What are Bots? appeared first on Security Boulevard.



from Lightboard Lessons: What are Bots?

‘KnockKnock’: New Attack on Office 365 Discovered

Microsoft’s Office 365 suite of cloud applications is now the most popular cloud service in the world by user count. While this has fast tracked Microsoft’s path to becoming a cloud-first enterprise software company, it has also put a bulls-eye on Office 365, making it a target of choice for hackers. Given the fact that […]… Read More

The post ‘KnockKnock’: New Attack on Office 365 Discovered appeared first on The State of Security.

The post ‘KnockKnock’: New Attack on Office 365 Discovered appeared first on Security Boulevard.



from ‘KnockKnock’: New Attack on Office 365 Discovered

The Big Bug in the News: the WPA2 flaw

The big news this week is a protocol flaw in the Wireless Protected Access protocol, version 2 (WPA2). The Ars Technica article covers the details pretty well. This is what every Wi-Fi wireless router on the planet uses these days. The problem does not directly damage your system, but it can uncover data you had intended … Continue reading The Big Bug in the News: the WPA2 flaw

The post The Big Bug in the News: the WPA2 flaw appeared first on Security Boulevard.



from The Big Bug in the News: the WPA2 flaw

Your Security Operations Maturity – and Your MSSP

Contrary to what some people think, using MSSP is not just for losers low-maturity organizations and SMBs. For sure, we do see a lot of MSSP usage by clients who “need some monitoring for compliance” or “have no team and no process, and want ‘security outsourced’” (the latter seems like a good indication for MSSP […]

The post Your Security Operations Maturity – and Your MSSP appeared first on Security Boulevard.



from Your Security Operations Maturity – and Your MSSP

Analyzing Oracle Security – Oracle Critical Patch Update October 2017

Today Oracle has released its quarterly patch update for October 2017. It fixes a total of 252 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2017 in total and the average number of security issues in 2017 is 22% more than in 2016. October’s CPU contains recording 155 vulnerabilities in Business-Critical […]

The post Analyzing Oracle Security – Oracle Critical Patch Update October 2017 appeared first on ERPScan.

The post Analyzing Oracle Security – Oracle Critical Patch Update October 2017 appeared first on Security Boulevard.



from Analyzing Oracle Security – Oracle Critical Patch Update October 2017

XKCD, Bun Trend

bun_trend.png

Via the comic cerebellum of Randall Munroe, creator of XKCD.

Permalink

The post XKCD, Bun Trend appeared first on Security Boulevard.



from XKCD, Bun Trend

Oracle October CPU: Onapsis Contributes to EBS Security by Reporting Almost 60% of the Vulnerabilities, Including Those Most Critical

One of the most important components of securing business-critical applications is to ensure the systems are always up to date with the latest security patches to reduce the risk level. Today Oracle released the last Critical Patch Update (CPU) of the year. In this CPU, Oracle stopped an increasing trend seen in the last three CPUs, where Oracle continually fixed more vulnerabilities during each new CPU. In the latest CPU, Oracle fixed 252 security vulnerabilities.

Oracle, Oracle CPU, EBS, Oracle EBS SecurityResearchMatias Mevied

10/17/2017

The post Oracle October CPU: Onapsis Contributes to EBS Security by Reporting Almost 60% of the Vulnerabilities, Including Those Most Critical appeared first on Security Boulevard.



from Oracle October CPU: Onapsis Contributes to EBS Security by Reporting Almost 60% of the Vulnerabilities, Including Those Most Critical

Regain reliability and control over the cloud with Application Load Balancer

It's no secret that businesses are rapidly adopting Cloud Service Providers such as Amazon Web Services, Microsoft Azure or Google Cloud Platform for cost efficiency, agility, scalability and global distribution to serve their customers more easily. A recent IDG survey...

The post Regain reliability and control over the cloud with Application Load Balancer appeared first on Security Boulevard.



from Regain reliability and control over the cloud with Application Load Balancer

Dropbox Seeks More Paying Customers Ahead of Expected IPO

Bloomberg

Dropbox Professional is a new tier in the company’s list of paid subscription plans and is intended for independent workers.

read more

The post Dropbox Seeks More Paying Customers Ahead of Expected IPO appeared first on Security Boulevard.



from Dropbox Seeks More Paying Customers Ahead of Expected IPO

Semperis Featured Among Leading Startups in Globes

http://www.globes.co.il/en/article-israeli-startups-beginning-to-see-benefits-of-new-york-1001208077

The post Semperis Featured Among Leading Startups in Globes appeared first on Semperis.

The post Semperis Featured Among Leading Startups in Globes appeared first on Security Boulevard.



from Semperis Featured Among Leading Startups in Globes

Skype for Business 2015: Confirmation of Pool Failover and Failback

Lync Server 2013 started the concept of needing a minimum of three Front End (FE) servers to make a pool and routing group quorum.

read more

The post Skype for Business 2015: Confirmation of Pool Failover and Failback appeared first on Security Boulevard.



from Skype for Business 2015: Confirmation of Pool Failover and Failback

Tuesday, October 17, 2017

Security Flaw in Infineon Smart Cards and TPMs

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith's attack:

While all keys generated with the library are much weaker than they should be, it's not currently practical to factorize all of them. For example, 3072-bit and 4096-bit keys aren't practically factorable. But oddly enough, the theoretically stronger, longer 4096-bit key is much weaker than the 3072-bit key and may fall within the reach of a practical (although costly) factorization if the researchers' method improves.

To spare time and cost, attackers can first test a public key to see if it's vulnerable to the attack. The test is inexpensive, requires less than 1 millisecond, and its creators believe it produces practically zero false positives and zero false negatives. The fingerprinting allows attackers to expend effort only on keys that are practically factorizable.

This is the flaw in the Estonian national ID card we learned about last month.

The paper isn't online yet. I'll post it when it is.

Ouch. This is a bad vulnerability, and it's in systems -- like the Estonian national ID card -- that are critical.



from Security Flaw in Infineon Smart Cards and TPMs

Google Home Mini glitch triggers secret recordings

Artem Russakovskii's Google Home Mini recorded and uploaded every nearby sound over a two-day period

The post Google Home Mini glitch triggers secret recordings appeared first on Security Boulevard.



from Google Home Mini glitch triggers secret recordings

Adobe Fixes Critical Flash Player Vulnerability Exploited in the Wild

Adobe Systems released an emergency patch for a critical vulnerability in Flash Player that was being exploited in the wild through Microsoft Word documents to infect computers with a known surveillance tool. The vulnerability, tracked as CVE-2017-11292, can lead to remote code execution and was fixed in Flash Player 27.0.0.170 for all supported platforms. The..

The post Adobe Fixes Critical Flash Player Vulnerability Exploited in the Wild appeared first on Security Boulevard.



from Adobe Fixes Critical Flash Player Vulnerability Exploited in the Wild

Pandora’s Box: Auditing for DDoS Vulnerabilities, Part II

The Rise of the “Availability Vulnerabilities” Availability problems aren’t necessarily unique; however, the testing is certainly different. This “availability security problem” is resulting in an increased risk to enterprises whose business models are tied to time (government elections, financial trading, online promotional retailers, insurance reconciliations, etc.). As a result, many organizations are asking themselves if […]

The post Pandora’s Box: Auditing for DDoS Vulnerabilities, Part II appeared first on Radware Blog.

The post Pandora’s Box: Auditing for DDoS Vulnerabilities, Part II appeared first on Security Boulevard.



from Pandora’s Box: Auditing for DDoS Vulnerabilities, Part II

Tech Support Scams: How To Spot a Phish

Tech Support Scams: How To Spot a Phish

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.

In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.

Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.

The post Tech Support Scams: How To Spot a Phish appeared first on Security Boulevard.



from Tech Support Scams: How To Spot a Phish

What is AWS?

What is AWS (Amazon Web Services)? AWS is a Cloud Infrastructure-as-a-Service (Cloud IaaS) platform offering compute power, data storage, and a wide array of other IT solutions and utilities for modern...

The post What is AWS? appeared first on JumpCloud.

The post What is AWS? appeared first on Security Boulevard.



from What is AWS?

Top RHCE Jobs in California

No matter where you want to work, a Red Hat Certified Engineer RHCE certification will help you land a lucrative position but it seems the opportunities in California are more vast than your average state. According to indeed at the time of this post, most of the opportunities in the Golden State for RHCE jobs are […]

The post Top RHCE Jobs in California appeared first on Phoenix TS.

The post Top RHCE Jobs in California appeared first on Security Boulevard.



from Top RHCE Jobs in California

Post, 17 Oct, 14:04

Introduction My proposal is to build what I call a ‘Liquid View’ for the word processor Author which I have developed (full name of the application is Liquid | Author). This Liquid View is invoked through a gesture which hides all body text and only shows the Headings in the document which are now treated […]

The post Post, 17 Oct, 14:04 appeared first on Security Boulevard.



from Post, 17 Oct, 14:04

Post, 17 Oct, 14:02

Introduction My proposal is to build what I call a ‘Liquid View’ for the word processor Author which I have developed (full name of the application is Liquid | Author). This Liquid View is invoked through a gesture which hides all body text and only shows the Headings in the document which are now treated […]

The post Post, 17 Oct, 14:02 appeared first on Security Boulevard.



from Post, 17 Oct, 14:02

The KRACK attack – an earthquake for Wi-Fi security

A group of security researchers has discovered several serious key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could be exploited by an attacker to hack...

Go on to the site to read the full article

The post The KRACK attack – an earthquake for Wi-Fi security appeared first on Security Boulevard.



from The KRACK attack – an earthquake for Wi-Fi security

Post, 17 Oct, 14:00

sd def pdf 

The post Post, 17 Oct, 14:00 appeared first on Security Boulevard.



from Post, 17 Oct, 14:00

Monday, October 16, 2017

The dark side of IoT devices

Internet of Things (IoT) devices can be anything from coffee machines to fitness watches to thermostats, all of which are designed to make our lives more convenient, but what happens when they turn bad? Hard to imagine, but these innocent devices, which we are welcoming into our lives, can be unwillingly infected or hacked and thus join the dark side.

The post The dark side of IoT devices appeared first on Security Boulevard.



from The dark side of IoT devices

Wi-Fi at risk from KRACK attacks – here’s what to do

KRACK attacks work against networks using WPA and WPA2 encryption

The post Wi-Fi at risk from KRACK attacks – here’s what to do appeared first on Security Boulevard.



from Wi-Fi at risk from KRACK attacks – here’s what to do

How the Waltham cyberstalker’s reign of fear was ended

No one is truly anonymous online, not even criminals.

The post How the Waltham cyberstalker’s reign of fear was ended appeared first on Security Boulevard.



from How the Waltham cyberstalker’s reign of fear was ended

Mobile Menace Monday: despicable adware

Are you wondering how that mysterious icon ended up on your Android phone's start screen? Annoyed at the ads clogging your notification bar? It's adware, and you aren't alone.

Categories:

Tags:

(Read more...)

The post Mobile Menace Monday: despicable adware appeared first on Malwarebytes Labs.

The post Mobile Menace Monday: despicable adware appeared first on Security Boulevard.



from Mobile Menace Monday: despicable adware

A Cybersecurity Proof: The Application is the Endpoint

Vulnerable applications and browsers are the persistent data breach entry points—it’s not about the files Isolation is the only solution that can absolutely eliminate kernel-level exploits and malware escapes It’s time to rethink information security defense around fewer, smarter, yet more effective layers You have many more endpoints than you think. How many endpoints do […]

The post A Cybersecurity Proof: The Application is the Endpoint appeared first on Bromium.

The post A Cybersecurity Proof: The Application is the Endpoint appeared first on Security Boulevard.



from A Cybersecurity Proof: The Application is the Endpoint

Nonce, The Reuse Gambit

TurboTax_HumptyHospitalunderembargountilFeb5at630pm17.jpg

Alas, the WPA assumed 'secure implementation' is no more with the discovery (by Dr. Vanhoef) of forced nonce reuse.

'In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.' - via Mathy Vanhoef, Ph.D. and Frank Piessens, Ph.D.

The post Nonce, The Reuse Gambit appeared first on Security Boulevard.



from Nonce, The Reuse Gambit

Insecurity Podcast: Freaky Clown – When Physical Meets Digital

In this episode of the InSecurity Podcast, host Shaun Walsh is joined by special guest Freaky Clown, a well-known ethical hacker, social engineer, and co-founder of Redacted Firm, who discusses the intersection of physical and digital security.

The post Insecurity Podcast: Freaky Clown – When Physical Meets Digital appeared first on Security Boulevard.



from Insecurity Podcast: Freaky Clown – When Physical Meets Digital

Social Engineering on Facebook

Facebook is a hotbed for social engineering cyberattacks. You can harden yourself and your organization against social engineering attacks with education and by encouraging a healthy sense of skepticism. If something sounds too good to be true, it probably is.

The post Social Engineering on Facebook appeared first on Security Boulevard.



from Social Engineering on Facebook

Open Letter to Congressman Tom Graves on the “Active Cyber Defense Certainty Act”

To the Honorable Tom Graves:
In November of 2015 I was invited to the now retired Congressman Steve Israel’s Cyber Consortium to participate with other security professionals in the community to discuss cyber security related issues affecting both our organizations and communities. During this meeting you were invited to speak about your thoughts on cyber security, the issues you’re dealing with in Congress and your approval for the CISA bill. After listening to you describe your concerns over the OPM breach I noticed how seriously you took the issue of cyber security. I didn’t personally agree with some of the stances taken in the room, but you don’t have to agree on everything to initiate progress. I applaud your dedication and attention to cyber security and will continue to be interested in your thoughts; even if we might have differing opinions. With this being said, I have concerns with your latest bill being proposed to Congress: The “Active Cyber Defense Certainty Act”.
Each time I see someone propose reform to the “Computer Fraud and Abuse Act” it peaks my interest. Evolving our laws with the ever-changing cyber industry is both needed and incredibly difficult to accomplish and I appreciate your effort to modernize them. With that in mind, I’m concerned that the newly proposed ACDC bill crosses some boundaries I’d like to bring to your attention.
As you’re most likely aware many of the cyber incidents occurring are being launched from systems that criminals have already compromised and being using as a guise for their attacks. This essentially could end up being an attacker proxied through multiple systems throughout various countries with the face of the attack showing as an innocent bystander. By getting the approval to perform a “hack back” against this entity puts this unknowing victim in the middle of a complicated and intrusive scenario. Not only are they already compromised by a malicious entity, but they’re now being legally attacked by others that have assumed have done them harm. Congressmen Graves, these devices could end up being systems used to assist with our economies growth, hold personal records that could affect the privacy of our citizen’s data or may even be used with aiding our healthcare industry. The collateral damage that could occur from hack backs is unknown and risky. Essentially, if someone determines they were compromised by a system in the United States and they start the process of hacking back the system owners might notice the attack and start the process of hacking them back. This in turn could create a perpetual hacking battle that wasn’t even started by the actors involved. This method will in theory cause disarray all over the internet with a system being unknowingly used as a front by a criminal to start a hacking war between two innocent organizations.
 
To interrupt these systems without oversight is dangerous for us all. In reading through the bill I noticed that these cyber defense techniques should only be used by “qualified defenders with a high degree of confidence of attribution”. From this statement, what qualifications does a defender have to hold before they attempt to hack-back? Also, what constitutes a high level of attribution? Seeing this bill is only focused towards American jurisdiction I personally feel attackers will bypass this threat by using foreign fronts to launch their attacks to get around being “hacked back”. This somewhat limits the bills effectiveness as it’s currently written. By being able to track, launch code or use beaconing technology to assist with attribution of the attack is dangerous to our privacy. I agree that this is an issue, one that needs to be dealt with, but it should be dealt with via the hands of law enforcement directly, not the citizens themselves. I’ve read the requirements where the FBI’s National Cyber Investigative Joint Task Force will first review the incident before the “hack back” can occur and offers a certain level of oversight to the incident, but I don’t think there’s enough. I understand the resource requirements within the FBI are stretched, but leaving this in hands of those affected by the breach allows emotions to get involved. This is one reason why we call the police if there’s a dispute in our local communities. They’re trained, have a third party perspective and attempt not to make it personal. I feel that there will be carelessness on the part of those hacking back and this emotion could lead towards carelessness and neglect that will bring upon greater damage.
Lastly, the technology is always changing and being able to get confident attribution is incredibly difficult. If an attack was seen from a particular public IP address it’s possible that the NAT’d (Network Address Translation) source is shielding multiple other internal addresses. By attacking this address it will give no attribution as to where the data or attacks might actually be sourced. Also, with the fluid environment of cloud based systems a malicious actor can launch an attack from a public CSP (cloud service provider) that would quickly remove attribution as to where the source was occurring. I noticed the language within the bill referencing “types of tools and techniques that defenders can use” to assist with hacking back. Will there be an approved tool and technique listing that the active defenders be required to use that stay within the boundaries of this law? Or will active defenders be able to use the tools of their choice? Depending on the tools and how they’re used they could cause unexpected damage to these systems being “hacked back”. Lastly, there’s mention about removing the stolen data if found and I’m concerned defenders will not be as efficient with this data deletion and could cause major damage to systems hosting other applications or systems legitimately. Deleting this data at times could become an issue with investigations, forensics and might not solve the issue long term. This stolen data is digital and just because it’s deleted in one place doesn’t mean it’s been removed permanently.
Congressman Graves, I respect what you’re doing for our country, but I’m concerned with the methods in place to protect the privacy of the data and systems being actively hacked by defenders. I’m anxious about the overzealous vigilantism that might be implied by defenders looking to defend themselves, their systems or their stolen data. You’re an outside the box thinker and passionate about the protection of our country, I love that, but the methods in place could essentially cause more harm than good as the bill is currently written. I personally implore you to reconsider the actions of having a nation of defenders actively attempting to restore their data from sources that were most likely being used without their consent. The unintended privacy consequences, destruction of systems and even life are too important not to mention. If I could have advise in any way it would be to have our country start focusing on the fundamentals of cyber security before they start writing licenses to hack.
Thank you for your service and your continued efforts to protect our nation from future cyber events.
Sincerely,
Matthew Pascucci

The post Open Letter to Congressman Tom Graves on the “Active Cyber Defense Certainty Act” appeared first on Security Boulevard.



from Open Letter to Congressman Tom Graves on the “Active Cyber Defense Certainty Act”

Identity Management Function Samba File Server Support

A core part of any identity management strategy is connecting users to the IT resources that they need. This role can include both physical and virtual file storage systems. A...

The post Identity Management Function Samba File Server Support appeared first on JumpCloud.

The post Identity Management Function Samba File Server Support appeared first on Security Boulevard.



from Identity Management Function Samba File Server Support

BruCON 0x09 and Hack.lu 2017 Workshop Slides

BruCON 0x09 (2017): workshop slides and USB content.

Hack.lu 2017: workshop slides and USB content.

Also, the Google Drive folder with all the presentations.

The post BruCON 0x09 and Hack.lu 2017 Workshop Slides appeared first on Security Boulevard.



from BruCON 0x09 and Hack.lu 2017 Workshop Slides

Sunday, October 15, 2017

DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’

Dr. DeMott is the founder of Vulnerability, Discovery & Analysis (VDA) Labs; Dr. Jared DeMott is a former United States National Security Agency and Microsoft Corporation BlueHat Prize winner.

Permalink

The post DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’ appeared first on Security Boulevard.



from DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’

Shell Oil, Treat Your Passwords Like Your Underpants

Password_pants.jpg

Favorite Awareness Campaign Yet

The post Shell Oil, Treat Your Passwords Like Your Underpants appeared first on Security Boulevard.



from Shell Oil, Treat Your Passwords Like Your Underpants

LDAP Authentication for Samba File Servers

Samba file servers are a popular option for cost-effective on-prem storage. These file servers can be created with the open source Samba platform, or purchased as NAS (network attached storage)...

The post LDAP Authentication for Samba File Servers appeared first on JumpCloud.

The post LDAP Authentication for Samba File Servers appeared first on Security Boulevard.



from LDAP Authentication for Samba File Servers

From my Gartner Blog – Speaking at the Gartner Security Summit Dubai

I have a few sessions at the Gartner Security and Risk Management Summit in Dubai, October 16th and 17th. This is the wrap up of the Security Summit season for me; I’ll be presenting some content that I already presented in DC and in São Paulo, earlier this year. I also have a session on SOC that was originally presented by Anton on the other events. It’s my first time in Dubai and I’m excited to see any different perspectives from the audience there on the problems we cover. My sessions there:

Workshop: Developing, Implementing and Optimizing Security Monitoring Use Cases
Mon, 16 Oct 2017 11:00 – 12:30
An extra reason to be excited about the use cases workshop: we’ll be updating our paper from 2016 on that topic! I’m expecting to get the impressions of the attendees on our framework and potential points to improve or expand

Endpoint Detection and Response (EDR) Tool Architecture and Operations Practices

Mon, 16 Oct 2017 14:30 – 15:15

Industry Networking: FSI Sector: Responding to Changes in the Threat Landscape and the Risk Environment

Mon, 16 Oct 2017 16:30 – 17:30
How to Build and Operate a Modern SOC
Tue, 17 Oct 2017 10:30 – 11:15

Magic Quadrant: Security Information and Event Management

Tue, 17 Oct 2017 12:40 – 13:00

The post Speaking at the Gartner Security Summit Dubai appeared first on Augusto Barros.

from Augusto Barros http://ift.tt/2yhUjqh
via IFTTT

The post From my Gartner Blog – Speaking at the Gartner Security Summit Dubai appeared first on Security Boulevard.



from From my Gartner Blog – Speaking at the Gartner Security Summit Dubai

From my Gartner Blog – Our SIEM Assessment paper update is out!

The results of our “summer of SIEM” are starting to come up; our assessment document on SIEM (basically, a “what” and “why” paper, that sits besides our big “how” doc on the same topic) has been updated. It has some quite cool new stuff aligned to some of our most recent research on security analytics, UEBA, SOC and other things that often touch or is directly related to SIEM.

Some cool bits from the doc:

“Organizations considering SIEM should realize that using an SIEM tool is not about procuring an appliance or software, but about tying an SIEM product to an organization’s security operations. Such an operation may be a distinct SOC or simply a team (for smaller organizations, a team of one) involved with using the tool. Purchasing the tool will also be affected by the structure and size of an organization security operation: While some SIEM tools excel in a full enterprise SOC, others enable a smaller team to do security monitoring better.”

“While some question SIEM threat detection value, Gartner views SIEM as the best compromise technology for a broad set of threat detection use cases. Definitely, EDR works better for detecting threats on the endpoints, while NTA promises superior detection performance on network traffic metadata. However, network- and endpoint-heavy approaches (compared to logs) suffer from major weaknesses and are inadequate unless you also do log monitoring. For example, many organizations dislike endpoint agents (hence making EDR unpalatable), and growing use of Secure Sockets Layer and other network encryption generally ruins Layer 7 traffic analysis.”

“UEBA vendors have been frequently mentioned as interesting alternatives due to their different license models. While most SIEM vendors base their price on data volumes (such as by events per second or gigabytes of data indexed), these solutions focus on the number of users being monitored irrespective of the amount of data processed. This model has been seen as a more attractive model for organizations trying to expand their data collection without necessarily changing the number of users currently being monitored. (Note that UEBA vendors offer user-based pricing even for tools addressing traditional SIEM use cases.) UEBA products have also been offered as solutions with lower content development and tuning requirements due to their promised use of analytics instead of expert-written rules. This makes them attractive to organizations looking for an SIEM tool but concerned with the resource requirements associated with its operation. The delivery of that promise will, however, strongly depend on the use cases to be deployed.”

As usual, please don’t forget to provide us feedback about the papers!

 

 

Next wave of research: SOAR, MSS and Security Monitoring use cases! Here we go :-)

 

The post Our SIEM Assessment paper update is out! appeared first on Augusto Barros.

from Augusto Barros http://ift.tt/2ylZAL6
via IFTTT

The post From my Gartner Blog – Our SIEM Assessment paper update is out! appeared first on Security Boulevard.



from From my Gartner Blog – Our SIEM Assessment paper update is out!

“Data Sanitization In The Virtual Realm and Cloud”

  In virtual realm data storage, while there are several solutions for sanitizing entire hard drives there are limited ways to properly sanitize the files for an individual virtual machine. If you take a virtual machine out of service it does not make sense to literally have to wipe the entire storage array to effectively … Continue reading Data Sanitization In The Virtual Realm and Cloud

The post “Data Sanitization In The Virtual Realm and Cloud” appeared first on Security Boulevard.



from “Data Sanitization In The Virtual Realm and Cloud”