We all should be concerned about the privacy settings in Windows 10. And we should be glad that the EU has the regulatory authority to do something about it.
from EU Still Concerned about Windows 10 Privacy Settings
Tuesday, February 28, 2017
EU Still Concerned about Windows 10 Privacy Settings
from EU Still Concerned about Windows 10 Privacy Settings
Judge denies blanket right to compel fingerprint iPhone unlocking
Warrant is using an 'overly broad' clause as a boilerplate - and that doesn't wash, rules Chicago judge
from Judge denies blanket right to compel fingerprint iPhone unlocking
from Judge denies blanket right to compel fingerprint iPhone unlocking
How to Identify and Prevent PUPS and Portable Apps
Image Source: https://www.howtogeek.com/232791/pups-explained-what-is-a-potentially-unwanted-program/ Computer security courses cover malicious software (malware), but the material rarely address Potentially Unwanted Programs (PUPs). What is a PUP? First, PUPs go by many names, including bundleware, junkware, adware and for mobile devices, Potentially Unwanted Applications (PUAs). I would actually characterize PUPs into two distinct categories; nuisance programs and security threats. […]
The post How to Identify and Prevent PUPS and Portable Apps appeared first on Phoenix TS.
from How to Identify and Prevent PUPS and Portable Apps
OpenStack Ocata Improves Container Support
The combination of OpenStack and Kubernetes is becoming an essential standard for private and hybrid cloud deployments. read more
from OpenStack Ocata Improves Container Support
from OpenStack Ocata Improves Container Support
Securing the Digital Transformation
Key Takeaways from Cisco Live Berlin 2017 Digital Transformation is the Core of Every Business 2016-2017 introduced the era of Digital Transformation. Digital transformation is the change associated with the application of digital technology in all aspects of human society. Digital transformation inherently enables new types of innovation and creativity to increase business competency rather […]
The post Securing the Digital Transformation appeared first on Radware Blog.
from Securing the Digital Transformation
Extending Visibility to the Endpoint
Blog Post
Amanda Lemmers
Feb 28, 2017
Today’s workforce requires mobile and responsive technology. Users are connecting to the corporate network from more places and using more devices...
from Extending Visibility to the Endpoint
Extending Visibility to the Endpoint
Blog Post
Amanda Lemmers
Feb 28, 2017
Today’s workforce requires mobile and responsive technology. Users are connecting to the corporate network from more places and using more devices...
from Extending Visibility to the Endpoint
Understanding Tenable Plugins
Are you pluggin’ along looking for vulnerabilities? The heart of Tenable vulnerability detection comes from the individual tests called plugins – simple programs that check for specific flaws. Each plugin contains a vulnerability description, fix recommendations, and algorithms for detection. Tenable products receive new plugins nightly, which keep the tests current and relevant.
Finding plugin information
SecurityCenter® has at least four places to research plugins:
1. Click on your userid (top right) to find the Plugins. This is the quickest source while working on SecurityCenter. You can also use a URL such as: https://<SecurityCenterhostname>/#plugins
2. On the analysis screens and plugin screens, click the i icon next to the Plugin ID This is the most informative source.
3. Click on Analysis / Vulnerabilities and choose the Vulnerability Detail List (VDL) tool to find many explanations related to individual plugins.
4. Log in as administrator. The initial Overview dashboard (bottom right) lists the plugins currently loaded in SecurityCenter.
You can also find plugins in other Tenable products.
Nessus® takes a few clicks to drill down to plugins. Go to Policies / New Policy / Advanced Scan /Plugins. Then select a family on the left and a plugin on the right:
You can also see Nessus plugin information in scan results and by drilling down on individual plugin results. This provides similar information as VDL in SecurityCenter.
Tenable.io™ provides very similar information as Nessus, both in content and location (see Tenable.io Vulnerability Management for information about this new application).
You can use three places on the Internet to research plugins:
- Plugins: This site is very useful. The Tenable Support Portal also links to the Plugins.
- Tenable Community: provides technical discussions on individual plugins. Use this site to see how a plugin is used by others.
- Google: Of course, an organic search for a Nessus Plugin Name or ID is often the easiest to remember.
Explanation of plugin sources
Each plugin source has its advantages and peculiarities. They vary in the information provided. Here are the nine sources, comparing their advantages and unique details.
Plugin
This source provides many fields to search on. I use Plugin Name or Plugin ID most often.
This view has several unique characteristics. First, it shows the plugins currently in SecurityCenter:
Second, this source enables you to search against the audit files that have been activated in your SecurityCenter installation. For example, you can see the compliance password tests:
i icon
Clicking the small i icon results in voluminous information. If you carefully search through the Details tab’s Solution section, you can find the plugin’s source filename:
A second Source tab (top right) displays the plugin’s actual scripting in Tenable’s proprietary Nessus Attack Script Language (NASL):
Not all plugins are provided in NASL. Others plugins are compiled to protect confidential techniques.
VDL
You can find a gold mine of information in the VDL analysis tool. This is usually the best resource for researching plugin results.
- The Plugin output field is one of the most valuable fields, because you can see the actual response from the target during testing. It stands out with green-on-black coloring:
-
- The VDL output is the best for assessing risk and how the CVSS score was tallied. It includes the vector, the version, and more.
- If a publicly-known exploit is available, the VDL will provide details. In this example, the specific Metasploit module is specified:
-
- VDL includes ties to many industry vulnerability sources like BID, IAVM, CVE, and CERT announcements:
-
- VDL also references frameworks like 800-53, CSF, PCI, ISO 27000, Critical Security Controls (formerly SANS top 20) and several others. Tenable provides audit files, which in the individual stanzas correlate the framework modules by tags in the Reference field. The tags enable framework dashboards, reports, and Assurance Report Cards® to automatically populate with appropriate scan results related to the framework. A listing of related audit files can be found by posting a specific question on the Tenable Community.
- The Host field includes items such as the date that the vulnerability was first seen. It also gathers asset identity details like DNS, NetBIOS, and MAC address.
Admin overview dashboard
After logging in as admin, I like to sort by modified date to see when plugins arrived. The date for the newest plugin downloads should be less than 24 hours (except for an offline SecurityCenter). I also like to see what issues the recent plugins address.
Nessus
Finding plugin information takes several steps. Nessus also provides many fields about a plugin.
To identify risk severity, Nessus shows both CVSS versions two and three in the detailed view.
Tenable.io
Similar to Nessus.
www.tenable.com/plugins/
This has been my favorite interface to work with for quick lookups. It also lists plugins by families. The Plugins portal includes several pages:
- Helpful screens on newest plugins and options on obtaining an activation code for plugin updates.
- View all plugins provides the latest count of plugins at the top. The page is organized by research plugin families.
- Search: I often start my research here. I usually search by Plugin Name and Plugin ID.
Example: A customer asked if Tenable had any tests for nginx. I typed in nginx, searched with Plugin Name, and was surprised by how many plugins were listed.
TIP: Though the page suggests using double quotes for an exact search, I have not had success with that search technique.
Be aware that this page is showing Nessus plugins only. To see the PVS™ plugins, go to bottom left of the page, click Product Resources, and then click PVS Plugins.
Tenable Community
This portal provides technical discussions between customers and Tenable support staff. I often search it to see how others use a particular plugin.
This site is especially helpful for late-breaking vulnerabilities. Here is an example with the recent GRIZZLY STEPPE exploit:
Even if you forget the first eight sources, you will probably remember to use Google (or another search tool). It often points to information from sources 7 and 8.
Common questions and tips
Tip #1: What is the best plugin?
I nominate Nessus Scan Information, #19506. I chose this plugin even though it does not do any vulnerability testing. It gathers many scan forensics like how long the scan took, if the credentials worked, what scanner was used, and more.
Details include:
- Policy name (both hash and field)
- Scan options
- Performance settings
- When started and how long scan ran
- Type of Nessus scan (agent or sensor)
- Credentialed scan successful or not
- Credentials used
This plugin is often used as part of a daily discover scan to identify a new host on the network. See my blog about Favorite SecurityCenter Asset Lists for details.
What is your favorite plugin? Let us know at the Tenable Community. Also feel free to request plugins you would find helpful that we currently do not provide.
Tip #2: Can customers code plugins?
Yes. Some sage advice comes from Ron Gula, Tenable co-founder, in a Tenable Community posting:
Tenable does not officially support custom NASLs as part of our support program but if you look in the API section you will see plenty of responses from Tenable staff answering questions about NASLs in general.
Most of the time, what people need to do with a NASL is actually already covered by another NASL or covered more easily by writing an .audit policy.
You can easily add tests to an audit file with PowerShell commands for Windows targets, or with a Linux command or script.
Tip #3: How do I set up a plugin-specific scan?
Identify the plugin IDs and their family that you want to use in the policy. Scan policies that are crafted with only individual plugins do not change their contents after nightly updates.
The Nessus User’s Guide provides excellent directions on setting up the scan.
SecurityCenter provides a helpful search filter for locating the individual plugins to build a new scan policy:
Tip #4: What dates can I find on plugins?
Plugins have four different dates: vulnerability release, patch release, initial plugin release, and latest date for plugin modifications. You can find two additional dates in the plugin results: when the vulnerability was originally discovered on a particular system and when the vulnerability was last observed. The periodicity of the last two dates depends upon the frequency of scans.
Tip #5: Which plugins do not count against the IP license?
The answer is in the SecurityCenter User’s Guide, but know that this list does change:
Summary
Plugins are invaluable tests that Tenable provides for tracking down vulnerabilities. You can find detailed plugin information within the products or on the internet. While Tenable provides lots of good information, sharing tips with other users is often quite helpful. Please share your plugin tips or questions in the Tenable Community!
from Understanding Tenable Plugins
Invincea Receives Independent Validation for HIPAA and HITRUST Compliance
X by Invincea Next-Generation Antivirus protects healthcare organizations from malware and other endpoint attacks while meeting compliance requirements Fairfax, VA – Feb. 28, 2017 – Invincea, the #1 performing next-generation antivirus company, today announced that X by Invincea has been independently validated to meet HIPAA and HITRUST compliance requirements. The validation was completed by Coalfire, a […]
from Invincea Receives Independent Validation for HIPAA and HITRUST Compliance
from Invincea Receives Independent Validation for HIPAA and HITRUST Compliance
Healthcare: Privacy and Security Above All
It’s hard to argue that any industry is more susceptible or more vulnerable to loss of customer data than the healthcare industry. Healthcare organizations are trusted with our personal data and medical records, and the loss of even one patient’s data can profoundly affect an individual, family, or even you. The damage done by a […]
from Healthcare: Privacy and Security Above All
from Healthcare: Privacy and Security Above All
X by Invincea: HIPAA and HITRUST Compliance
X by Invincea achieves 3rd party validation for HIPAA and HITRUST Compliance. Coalfire, a leading assessor for HIPAA, HITRUST, PCI, FedRAMP and other compliance standards, conducted the validation. Download the white paper to learn more. Download White Paper
from X by Invincea: HIPAA and HITRUST Compliance
from X by Invincea: HIPAA and HITRUST Compliance
Monday, February 27, 2017
Introspection on a Recent Downward Spiral
Alrighty... now that my RSA summary post is out of the way, let's get into a deeply personal post about how absolutely horrible of a week I had at RSA. Actually, that's not fair. The first half of the week...
from Introspection on a Recent Downward Spiral
from Introspection on a Recent Downward Spiral
Invincea Technical Analytics Bulletin 022717
ADP Phishing Campaign – Indicators Seen Invincea Technical Bulletins are issued when a new emergent threat or technique is used by an attacker. Identifying and documenting these techniques assist customer analysis in identifying such attacks during regular review of Invincea event data. Invincea has noticed an increase of weaponized document attachments named ADP_Invoice_(emailusername).doc being sent […]
from Invincea Technical Analytics Bulletin 022717
from Invincea Technical Analytics Bulletin 022717
Leaked documents reveal airport’s catalog of security lapses
Exclusive: One document details how a New York airport's security screeners failed to check names against the government's "no-fly" list.
from Leaked documents reveal airport’s catalog of security lapses
from Leaked documents reveal airport’s catalog of security lapses
Leaked documents reveal airport’s catalog of security lapses
Exclusive: One of the documents reveals how a New York airport's security screeners failed to check names against the government's "no-fly" list.
from Leaked documents reveal airport’s catalog of security lapses
from Leaked documents reveal airport’s catalog of security lapses
Cisco Coverage for Smart Install Client Protocol Abuse
Summary
Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious actors may be leveraging detailed knowledge of the Smart Install Protocol to obtain copies of customer configurations from affected devices. The attack leverages a known issue with the Smart Install protocol. Cisco PSIRT has published a security response to this activity. Abuse of the Smart Install protocol can lead to modification of the TFTP server setting, exfiltration of configuration files via TFTP, replacement of IOS image and potentially execution of IOS commands.
We are aware that a tool to scan for affected systems, called the Smart Install Exploitation Tool (SIET), has been publicly released and is available here. This tool may be being used in these attacks.
Protection
To assist customers in understanding their exposure to this issue, we have released our own scanning tool as well as preliminary Snort rules which can be used to identify affected systems and detect SIET activity.
Talos Scanning Utility
Talos has produced a scanning utility which all users can run against their infrastructure to determine if they could be affected by abuse of the Smart Install Client Protocol. This tool can be found here.
Coverage
Snort Rules
Talos has created coverage for this issue in the form of sids 41722-41725. These rules are being provided immediately as part of the community rule set and can be downloaded here:
Cisco FirePOWER and Snort Subscriber Rule Set customers should ensure they are running the latest rule update in order to receive coverage.
Additionally, generic TFTP activity rules sid:518 and sid:1444 are available but these are not issue specific and must be explicitly enabled.
Further Information
Cisco PSIRT has published a blog post related to the issue here:
Further guidance on Smart Install security practices here:
Additional third-party research about Smart Install is available here:
Talos encourages all partners to quickly take steps to protect their systems in accordance with the published security guidelines.
If you have a network security emergency, contact the Cisco Technical Assistance Center (TAC) at the following phone numbers:
Inside the United States or Canada: +1 800 553-2447
Outside the United States: Worldwide Contacts
Cisco responds quickly to attacks in progress and works with your staff to develop an incident response plan that minimizes the effect of current and future attacks.
from Cisco Coverage for Smart Install Client Protocol Abuse
Remembering Frank Molsberry
Trusted Computing Group has recently lost one of its great long-time champions. Frank Molsberry, who capably represented Dell for a number of years on the TCG Board of Directors, passed away on Feb. 16, 2017. Frank was known among TCG members for his sense of humor and quick wit, pragmatism and problem solving, and sense … Continue reading "Remembering Frank Molsberry"
The post Remembering Frank Molsberry appeared first on Trusted Computing Group.
from Remembering Frank Molsberry
Microsoft Exchange 2007 Lifecycle Support Expires on 11 April 2017
If your company is still running Exchange Server 2007 you have less than 60 days to make a change. read more
from Microsoft Exchange 2007 Lifecycle Support Expires on 11 April 2017
from Microsoft Exchange 2007 Lifecycle Support Expires on 11 April 2017
Detection: What you don’t know will hurt you
One of the realities of today’s cybersecurity threatscape is not if you will be breached, but when, and how often. As good as cybersecurity is becoming - i.e. prevention solutions provide a 99.9 percent or higher detection rate for common malware - effective cybersecurity depends upon three pillars - prevention, detection and resolution - with the latter two required to address those situations where prevention isn’t enough.
from Detection: What you don’t know will hurt you
A week in security (Feb 20th – Feb 27th)
 |
|
| A compilation of notable security news and blog posts from the 20th of February to the 27th of February. This week, we look back at tech support scams, tax tips, updating your social media privacy settings, and more.
Categories: Tags: AndroiddronesGooglemalwarepasswordsteamspyweekly round up |
The post A week in security (Feb 20th – Feb 27th) appeared first on Malwarebytes Labs.
from A week in security (Feb 20th – Feb 27th)
Adm. Rogers Talks about Buying Cyberweapons
At a talk last week, the head of US Cyber Command and the NSA Mike Rogers talked about the US buying cyberweapons from arms manufacturers. "In the application of kinetic functionality -- weapons -- we go to the private sector and say, 'Build this thing we call a [joint directed-attack munition], a [Tomahawk land-attack munition].' Fill in the blank," he...
from Adm. Rogers Talks about Buying Cyberweapons
from Adm. Rogers Talks about Buying Cyberweapons
Adm. Rogers Talks about Buying Cyberweapons
At a talk last week, the head of US Cyber Command and the NSA Mike Rogers talked about the US buying cyberweapons from arms manufacturers.
"In the application of kinetic functionality -- weapons -- we go to the private sector and say, 'Build this thing we call a [joint directed-attack munition], a [Tomahawk land-attack munition].' Fill in the blank," he said.
"On the offensive side, to date, we have done almost all of our weapons development internally. And part of me goes -- five to ten years from now is that a long-term sustainable model? Does that enable you to access fully the capabilities resident in the private sector? I'm still trying to work my way through that, intellectually."
Businesses already flog exploits, security vulnerability details, spyware, and similar stuff to US intelligence agencies, and Rogers is clearly considering stepping that trade up a notch.
Already, Third World countries are buying from cyberweapons arms manufacturers. My guess is that he's right and the US will be doing that in the future, too.
from Adm. Rogers Talks about Buying Cyberweapons
IoT weaknesses put webcams at risk for attack [infographic]
Out of all the cybercrimes from malware to social engineering, the creepiest has to be a stranger watching your child through a webcam or baby monitor in their room. As this year’s Mobile World Congress starts in Barcelona, Avast researchers reveal that half a million smart devices in the city, including webcams and baby monitors, are currently vulnerable to cyber attack.
from IoT weaknesses put webcams at risk for attack [infographic]
Shmoocon 2017, Kenny McElroy’s Implantable Logic Analyzers Unlocking Doors
Permalink
from Shmoocon 2017, Kenny McElroy’s Implantable Logic Analyzers Unlocking Doors
from Shmoocon 2017, Kenny McElroy’s Implantable Logic Analyzers Unlocking Doors
Clarity is a Virtue
Another packed RSA Conference has passed, and a crowd of companies spent their days explaining their value to prospects and customers. Small innovators competed for attention with the multi-story booths and thickly carpeted oases of some of the largest technology companies in the world. The competition was certainly noisy. Not just loud, as multiple presenters and speakers strove to be heard over one another, but noisy in terms of the messages that each was trying to deliver. To be successful, younger firms at RSA Conference, and in the market, needed to deliver their message with something…
from Clarity is a Virtue
from Clarity is a Virtue
Google tells world how to crash Microsoft Internet Explorer and Edge browsers
Google's Project Zero vulnerability research team has published details of a flaw in the Microsoft Windows 10 Edge and Internet Explorer 11 browsers that allow them to be remotely crashed - without waiting for a fix to be released.
from Google tells world how to crash Microsoft Internet Explorer and Edge browsers
from Google tells world how to crash Microsoft Internet Explorer and Edge browsers
Cloudbleed’s sliver lining: the response system worked
There are points of contention but overall the researcher-to-vendor collaboration delivered
from Cloudbleed’s sliver lining: the response system worked
from Cloudbleed’s sliver lining: the response system worked
I Spy With My Little EyePyramid: Siblings Phish Italy
In recent news, Italian siblings 45-year-old Giulio Occhionero and his 47-year-old sister Francesca Maria Occhionero were arrested for having installed malware on a major bank president’s system, 2 former prime ministers, a sitting mayor, a former deputy governor of the Bank of Italy and thousands more. While many of the details are still being questioned, Continue Reading >
The post I Spy With My Little EyePyramid: Siblings Phish Italy appeared first on Security Through Education.
from I Spy With My Little EyePyramid: Siblings Phish Italy
Detecting Cloudflare Usage
On February 17, 2017 a Google researcher stumbled onto a situation that some are calling Cloudbleed, where services running on Cloudflare servers were inadvertently causing chunks of uninitialized memory to be mixed with valid data. The Google researcher posted this description on the discovery. The uninitialized memory can contain encryption keys, passwords and other sensitive data. This data leakage is very critical due to the amount of caching found on the internet today. With the widespread caching services, the extent of the leakage may be very hard to determine. Cloudflare reports that the bug has been patched and resolved; you can read more about this bug on the Cloudflare blog.
What does this mean to your company?
As this breach is passive in nature, the cached data has not yet been reported to be exploited. With the risk of passwords, encryption keys and other Personally Identifiable Information (PII) as part of the possible data leak, your company must be able to determine if data has been compromised or not. There are several lists of domain names published on github.com. However, for customers using SecurityCenter Continuous View® (SecurityCenter CV™) with Passive Vulnerability Scanner® (PVS™) and Log Correlation Engine® (LCE®), you can easily track and identify which internal systems are using services running on Cloudflare systems. After identifying the hosts and services used, the security analysts can begin to understand the risk to your organization.
Locating the data
When using PVS and LCE, the best practice is to have the PVS real-time logs sent to LCE for further analysis. As part of the configuration of PVS, there is a section called Realtime Events. In the Realtime Events, there are two settings to enable Log Realtime Events To Realtime Log File and Enable Realtime Event Analysis. These settings enable PVS to log session level events similar to NetFlow. Next, you must set up the syslog settings to send the data to LCE. Once real-time event data is sent to LCE, you will be able to see who is communicating with services using Cloudflare. Additionally, you can install the LCE client on DNS servers, which enables LCE to track DNS queries.
SecurityCenter CV has several types of asset lists that you can use to identify traffic patterns or groups of hosts with similar vulnerabilities or risks. The asset list best suited for detecting Cloudflare is a Watchlist asset. The Watchlist asset is a group of IP addresses that are of interest and need to be monitored, but which may not be local to your environment; for example, Cloudflare IPs. We looked up Cloudflare IP address blocks using American Registry for Internet Numbers (ARIN). To create the asset, you can go to Assets and click Add. Next click on Type Watchlist, and give the asset the name Cloudflare add the following subnets to newly created asset:
- 104.16.0.0/12
- 108.162.192.0/18
- 162.158.0.0/15
- 172.64.0.0/13
- 173.245.48.0/20
- 198.41.128.0/17
- 199.27.128.0/21
Now click on Submit to save the asset. After creating the asset, and before proceeding to Analysis, allow the asset to update.
Locating systems with a possible data leakage
To locate the events that are evidence of hosts using services running Cloudflare, you must first go to Analysis > Events. According to the Cloudflare blog post, the dates of the greatest risk are February 13, 2017 to February 18, 2017. By expanding the filters, you can add in the explicit dates and the Cloudflare Asset. When adding the first date, be sure to set the time to 00:00; this will ensure that the filter starts at the beginning of February 13. Next, for the second date, set the time to 23:59, to ensure that the full day is captured.
The next step is to add the asset as part of the filter; this a two step process. First, click on select filters, and then add the Asset filter. The Asset filter is now available on the left hand side of the screen, and you can click All in the Asset field and enter the name of the Cloudflare asset:
Next click on Apply All to see the events related to Cloudflare. The first view you will see is the List of Event Types; these are the high level summary categories of events. For example, here are several event types that can help determine the risk your network is exposed to:
The web-access shows PVS tracking the type of HTTP calls made, such as web content, JPG files, PDF files, HTTP requests, and several others. Click on web-access, then select Jump to Raw Syslog Events in the upper right hand corner of the screen. Click on the plus sign + next to each log, and you can review the URL related HTTP request parameters. You can then review the details such as the source of the HTTP request and the URL visited. At this point, you must create a list of URLs that are related to your business risk and begin to investigate if your organization is at further risk.
Another great feature of tracking PVS event data with LCE is the ability to historically track vulnerabilities. In the following sample, you can see my lab has a Mac OS X system running a vulnerable browser. In this case, the vulnerability might not increase risk of the Cloudflare breach, but getting a good historic view of vulnerabilities detected by PVS is a great feature when combining PVS and LCE together.
Wrapping up
SecurityCenter CV is a powerful tool when fully implemented, and can aid your investigations when there are large data breaches such as Cloudbleed. By using LCE to track real-time events in PVS, you have a good historic view of vulnerability data and protocol level events. Combining PVS and LCE enables your organization to see the traffic and understand the content of the session. As the context of the Cloudflare traffic is revealed, you can better understand and assess the risk to your organization. Tenable provides our customers with a full-featured threat and vulnerability analysis that far exceeds those of our competition.
from Detecting Cloudflare Usage
You can’t stop your staff from leaking your dirty laundry to the press
According to media reports, the White House is trying to crack down on staff leaking information to the media. But will random phone checks be enough to help weed out the leakers?
from You can’t stop your staff from leaking your dirty laundry to the press
from You can’t stop your staff from leaking your dirty laundry to the press
Attackers using cracked builder to duplicate and spread Betabot
Some attackers love Betabot malware but not all of them like paying for it
from Attackers using cracked builder to duplicate and spread Betabot
from Attackers using cracked builder to duplicate and spread Betabot
Wikipedia’s bot-on-bot battles that can last for years
Sustaining a grudge is a lot easier when you don't have to take breaks. Or breathe.
from Wikipedia’s bot-on-bot battles that can last for years
from Wikipedia’s bot-on-bot battles that can last for years
A Survey of Propaganda
This is an excellent survey article on modern propaganda techniques, how they work, and how we might defend ourselves against them.
Cory Doctorow summarizes the techniques on BoingBoing:
...in Russia, it's about flooding the channel with a mix of lies and truth, crowding out other stories; in China, it's about suffocating arguments with happy-talk distractions, and for trolls like Milo Yiannopoulos, it's weaponizing hate, outraging people so they spread your message to the small, diffused minority of broken people who welcome your message and would otherwise be uneconomical to reach.
As to defense: "Debunking doesn't work: provide an alternative narrative."
from A Survey of Propaganda
The Next Wave for Cybersecurity Awareness
The annual RSA Conference is a lot of things to a lot of people (43,000 this year!). For me, it’s become an annual opportunity to step out of the stream and to look back at what has happened in the last year and peer forward at what’s to come. This year, I think we have […]… Read More
The post The Next Wave for Cybersecurity Awareness appeared first on The State of Security.
from The Next Wave for Cybersecurity Awareness
The New York State Department of Financial Services: The Evolution of a Regulation – Part 1
The New York State Department of Financial Services has proposed a cyber security regulation that is unique in its breadth. The original proposed regulation underwent a 45-day review period, after which it was changed. It is currently under another 45-day review period pending further changes and should be published in the next few weeks. The […]… Read More
The post The New York State Department of Financial Services: The Evolution of a Regulation – Part 1 appeared first on The State of Security.
from The New York State Department of Financial Services: The Evolution of a Regulation – Part 1
TeamSpy Data-Stealing Malware at It Again with New Spam Campaign
Attackers have lots of ways of gaining access to a target’s information. One of their preferred attack vectors is exploiting careless end user behavior. This is especially true when it comes to users who don’t adequately protect their web accounts. For instance, bad actors targeted users of TeamViewer, software which allows IT professionals to gain […]… Read More
The post TeamSpy Data-Stealing Malware at It Again with New Spam Campaign appeared first on The State of Security.
from TeamSpy Data-Stealing Malware at It Again with New Spam Campaign
Subscribe to:
Posts (Atom)