Cyber Security News: March 2017

Friday, March 31, 2017

Best Slot Games To Play At The Casino

It is a ordinary but stunning five-reel, 20 payline slot; it’s a satisfying experience just performing because it so meticulously replicates the truly feel of the motion picture, nevertheless the real exhilaration really shines bonus have fun with playing. There are 2 good bonuses induced by different wilds, but what counts is definitely the advantage [...]

from Best Slot Games To Play At The Casino

Book Review: Bitcoin and Mobile Payments: Constructing a European Union Framework (Palgrave Studies in Financial Services Technology) edited by Gabriella Gimigliano

This book sheds some light on how Bitcoin and mobile payments interact with EU rules and regulations. A key point certainly are the PSD and PSD2 directives on payment services in the internal market.

Let me try to share with you the main learning points I collected from this book. As always, here it goes my personal disclaimer: the reading of this very personal and non-comprehensive summary by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.

The book has been built into 4 parts:

- Institutional strategy and economic background
The institutional strategy can be an enabling factor for a sound growth of new instruments and certainly for the security of payments. The definition of an effective “cyber security strategy” at national and European level is one of the pillars of the creation of the “digital single market”. The financial services and the payment industry are an essential component. Certainly the role of SEPA (Single Euro Payment Area) is considered. Interestingly, Bitcoin is an alternative payment scheme without fiat or banking money. There is an interesting statement, “Bitcoin has a tendency to create an oligopoly in terms of miners”.

- The framework – a European outline and a comparison with other frameworks
There is a lack of specific regulations in terms of virtual currencies. Can they be considered payment instruments? What are they really? What is the role of self-regulation in all this? In Europe we see a technological fragmentation of the payment chain. It is still too early to know which path will be followed. Experts suggest an adaptation of the laws for newcomers such as bitcoin.

- Regulatory challenges (e.g. protection of customers’ funds, data integrity, soundness of payment and financial system, competitiveness of European market)
A basic requirement is to have an adequate security that encourages the usability of the system. What happens when there is no central service provider? The increasingly stronger general rules for data protection in the EU will eventually require equally strong sector-based rules.
Mobile payments’ legal situation regarding Anti Money-Laundering is legally certain. Virtual currencies’ legislation not.
Interesting detail: Bitcoin does not attract too many VAT complications within the EU.
For the time being, there is a lack of a fully implemented and integrated business model in the mobile payments ecosystem in Europe.

- Evolution of payment services
Only two sentences on this topic. Bitcoin is really a conceptual revolution, mobile payments are really an evolution.

Happy constructing!

from Book Review: Bitcoin and Mobile Payments: Constructing a European Union Framework (Palgrave Studies in Financial Services Technology) edited by Gabriella Gimigliano

Cybersecurity Has a Metrics Problem — Here’s What You Can Do About It

Happy constructing!

from Cybersecurity Has a Metrics Problem — Here’s What You Can Do About It

Significant Data Breach Impacts Job Applicants in 10 States

Happy constructing!

from Significant Data Breach Impacts Job Applicants in 10 States

Friday Squid Blogging: 1887 Animal-Combat Print with Giant Squid

Great Victorian animal-combat scene featuring a giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

from Friday Squid Blogging: 1887 Animal-Combat Print with Giant Squid

Threat Round-up for Mar 24 – Mar 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 24 and March 31. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observe...

from Threat Round-up for Mar 24 – Mar 31

Threat Round-up for Mar 24 – Mar 31

SANS CTI 2017, Lincoln Kaffenberger’s ‘Location-Specific Cyber Risk: Where you are Affects how Badly you’ll be Hacked’

Permalink

from SANS CTI 2017, Lincoln Kaffenberger’s ‘Location-Specific Cyber Risk: Where you are Affects how Badly you’ll be Hacked’

SANS CTI 2017, Lincoln Kaffenberger’s ‘Location-Specific Cyber Risk: Where you are Affects how Badly you’ll be Hacked’

Permalink

from SANS CTI 2017, Lincoln Kaffenberger’s ‘Location-Specific Cyber Risk: Where you are Affects how Badly you’ll be Hacked’

Finding FBI Director James Comey’s Twitter Account

An interesting story of uncovering an anonymous Internet social media account....

from Finding FBI Director James Comey’s Twitter Account

Friday Squid Blogging: 1887 Animal-Combat Print with Giant Squid

Great Victorian animal-combat scene featuring a giant squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

from Friday Squid Blogging: 1887 Animal-Combat Print with Giant Squid

Finding FBI Director James Comey's Twitter Account

An interesting story of uncovering an anonymous Internet social media account.

from Finding FBI Director James Comey's Twitter Account

Congress Removes FCC Privacy Protections on Your Internet Usage

Think about all of the websites you visit every day. Now imagine if the likes of Time Warner, AT&T, and Verizon collected all of your browsing history and sold it on to the highest bidder. That's what will probably happen if Congress has its way.

This week, lawmakers voted to allow Internet service providers to violate your privacy for their own profit. Not only have they voted to repeal a rule that protects your privacy, they are also trying to make it illegal for the Federal Communications Commission to enact other rules to protect your privacy online.

That this is not provoking greater outcry illustrates how much we've ceded any willingness to shape our technological future to for-profit companies and are allowing them to do it for us.

There are a lot of reasons to be worried about this. Because your Internet service provider controls your connection to the Internet, it is in a position to see everything you do on the Internet. Unlike a search engine or social networking platform or news site, you can't easily switch to a competitor. And there's not a lot of competition in the market, either. If you have a choice between two high-speed providers in the US, consider yourself lucky.

What can telecom companies do with this newly granted power to spy on everything you're doing? Of course they can sell your data to marketers -- and the inevitable criminals and foreign governments who also line up to buy it. But they can do more creepy things as well.

They can snoop through your traffic and insert their own ads. They can deploy systems that remove encryption so they can better eavesdrop. They can redirect your searches to other sites. They can install surveillance software on your computers and phones. None of these are hypothetical.

They're all things Internet service providers have done before, and they are some of the reasons the FCC tried to protect your privacy in the first place. And now they'll be able to do all of these things in secret, without your knowledge or consent. And, of course, governments worldwide will have access to these powers. And all of that data will be at risk of hacking, either by criminals and other governments.

Telecom companies have argued that other Internet players already have these creepy powers -- although they didn't use the word "creepy" -- so why should they not have them as well? It's a valid point.

Surveillance is already the business model of the Internet, and literally hundreds of companies spy on your Internet activity against your interests and for their own profit.

Your e-mail provider already knows everything you write to your family, friends, and colleagues. Google already knows our hopes, fears, and interests, because that's what we search for.

Your cellular provider already tracks your physical location at all times: it knows where you live, where you work, when you go to sleep at night, when you wake up in the morning, and -- because everyone has a smartphone -- who you spend time with and who you sleep with.

And some of the things these companies do with that power is no less creepy. Facebook has run experiments in manipulating your mood by changing what you see on your news feed. Uber used its ride data to identify one-night stands. Even Sony once installed spyware on customers' computers to try and detect if they copied music files.

Aside from spying for profit, companies can spy for other purposes. Uber has already considered using data it collects to intimidate a journalist. Imagine what an Internet service provider can do with the data it collects: against politicians, against the media, against rivals.

Of course the telecom companies want a piece of the surveillance capitalism pie. Despite dwindling revenues, increasing use of ad blockers, and increases in clickfraud, violating our privacy is still a profitable business -- especially if it's done in secret.

The bigger question is: why do we allow for-profit corporations to create our technological future in ways that are optimized for their profits and anathema to our own interests?

When markets work well, different companies compete on price and features, and society collectively rewards better products by purchasing them. This mechanism fails if there is no competition, or if rival companies choose not to compete on a particular feature. It fails when customers are unable to switch to competitors. And it fails when what companies do remains secret.

Unlike service providers like Google and Facebook, telecom companies are infrastructure that requires government involvement and regulation. The practical impossibility of consumers learning the extent of surveillance by their Internet service providers, combined with the difficulty of switching them, means that the decision about whether to be spied on should be with the consumer and not a telecom giant. That this new bill reverses that is both wrong and harmful.

Today, technology is changing the fabric of our society faster than at any other time in history. We have big questions that we need to tackle: not just privacy, but questions of freedom, fairness, and liberty. Algorithms are making decisions about policing, healthcare.

Driverless vehicles are making decisions about traffic and safety. Warfare is increasingly being fought remotely and autonomously. Censorship is on the rise globally. Propaganda is being promulgated more efficiently than ever. These problems won't go away. If anything, the Internet of things and the computerization of every aspect of our lives will make it worse.

In today's political climate, it seems impossible that Congress would legislate these things to our benefit. Right now, regulatory agencies such as the FTC and FCC are our best hope to protect our privacy and security against rampant corporate power. That Congress has decided to reduce that power leaves us at enormous risk.

It's too late to do anything about this bill -- Trump will certainly sign it -- but we need to be alert to future bills that reduce our privacy and security.

This post previously appeared on the Guardian.

EDITED TO ADD: Former FCC Commissioner Tom Wheeler wrote a good op-ed on the subject. And here's an essay laying out what this all means to the average Internet user.

from Congress Removes FCC Privacy Protections on Your Internet Usage

Introducing Monitor.app for macOS

As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the legendary Sysinternals Suite from Microsoft. Those tools only work on Windows though and we love macOS.

macOS has some fantastic dynamic instrumentation software included with the operating system and Xcode. In the past, we have used dynamic instrumentation tools such as Dtrace, a very powerful tracing subsystem built into the core of macOS. While it is very powerful and efficient, it commonly required us to write D scripts to get the interesting bits. We wanted something simpler.

Today, the Innovation and Custom Engineering (ICE) Applied Research team presents the public release of Monitor.app for macOS, a simple GUI application for monitoring common system events on a macOS host. Monitor.app captures the following event types:

Process execution with command line arguments
File creates (if data is written)
File renames
Network activity
DNS requests and replies
Dynamic library loads
TTY Events

Monitor.app identifies system activities using a kernel extension (kext). Its focus is on capturing data that matters, with context. These events are presented in the UI with a rich search capability allowing users to hunt through event data for areas of interest.

The goal of Monitor is simplicity. When launching Monitor, the user is prompted for root credentials to launch a process and load our kext (don’t worry, the main UI process doesn’t run as root). From there, the user can click on the start button and watch the events roll in!

The UI is sparse with a few key features. There is the start/stop button, filter buttons, and a search bar. The search bar allows us to set simple filters on types of data we may want to filter or search for over all events. The event table is a listing of all the events Monitor is capable of presenting to the user. The filter buttons allow the user to turn off some classes of events. For example, if a TimeMachine backup were to kick off when the user was trying to analyze a piece of malware, the user can click the file system filter button and the file write events won’t clutter the display.

As an example, perhaps we were interested in seeing any processes that communicated with xkcd.com. We can simply use an “Any” filter and enter xkcd into the search bar, as seen in Figure 1.

Figure 1: Monitor.app User Interface

We think you will be surprised how useful Monitor can be when trying to figure out how components of macOS or even malware work under the hood, all without firing up a debugger or D script.

Click here to download Monitor.app. Please send any feature requests/bugs to monitorapp-bugs@fireeye.com.

Apple, Mac and MacOS are registered trademarks or trademarks of Apple Inc.

from Introducing Monitor.app for macOS

Netsparker Will Be Exhibiting at the Software Design & Development Conference 2017

We will be exhibiting the Netsparker Web Application Security Scanner at the SDD Conference, which will be held in London between the 15th and the 19th of May 2017. The Software Design and Development conference is a developer focused technical confere...

from Netsparker Will Be Exhibiting at the Software Design & Development Conference 2017

Mind the security gap with effective endpoint protection.

By Rob Daniels, General Manager of Security Portfolio Strategy, BT. It used to be simple for organisations to protect devices at work. But here’s how mobile working has made endpoint security more critical than ever. Securing a more mobile world. You’re probably reading this on a mobile device or a laptop. That’s the way we […]

from Mind the security gap with effective endpoint protection.

FIVE MINUTES WITH: Judy Piper, Senior Engineering Manager, Akamai’s Enterprise & Carrier Division

No matter what else she does in her day, Judy Piper is, first and foremost, a people manager. Her role as a senior engineering manager in the Enterprise business unit is all about empowering others, and her curiosity and...

from FIVE MINUTES WITH: Judy Piper, Senior Engineering Manager, Akamai’s Enterprise & Carrier Division

Threat Spotlight: Sundown Matures

This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex ChiuThe last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contende...

from Threat Spotlight: Sundown Matures

From APK to Golden Ticket: Owning an Android smartphone, gaining Domain Admin rights and more…

This article describes the potential dangers of using personal smartphones in corporate networks and as a result has been modeled after real events. It has been demonstrated that it is not so... Go on to the site to read the full article

from From APK to Golden Ticket: Owning an Android smartphone, gaining Domain Admin rights and more…

Hackerfest Quaoar CTF Walkthrough

Quaoar is the first and easiest CTF from Hackerfest. We hosted the VM in Virtual box and ran nmap on its target IP. As can be seen above nmap has found a few ports are open. We started investigating... Go on to the site to read the full article

from Hackerfest Quaoar CTF Walkthrough

Not just a load of old COBOLers: systems are still running on old code

Old code still underpins systems from airlines to banking, presenting not just a potential security risk, but also a risk that you might not be able to find developers to fix the issues

from Not just a load of old COBOLers: systems are still running on old code

Microsoft updates their suite of Remote Desktop apps for all platforms

Yesterday Microsoft announced a round of updates to their various remote desktop apps that make several improvements to increase their capabilities. read more

from Microsoft updates their suite of Remote Desktop apps for all platforms

Microsoft updates their suite of Remote Desktop apps for all platforms

Disttrack Malware Distribution Suggests Link between Shamoon 2 and Magic Hound

In November 2016, the security community first learned of a series of attacks known as “Shamoon 2.” The campaign has launched three waves as of this writing. In the first wave, bad actors infected an organization in Saudi Arabia with Disttrack. This trojan used a wiper component to overwrite protected parts of a system, including […]… Read More

The post Disttrack Malware Distribution Suggests Link between Shamoon 2 and Magic Hound appeared first on The State of Security.

from Disttrack Malware Distribution Suggests Link between Shamoon 2 and Magic Hound

Protecting Identities in a hacker’s world

Imagine being in a place where everyone around you is smarter than you and are, in fact, admitted hackers. Welcome to protecting the identities behind Black Hat Asia 2017’s infrastructure. With a large contingency of attendees at this year’s conference there is a constant need to protect the identities of the team maintaining and monitoring…

The post Protecting Identities in a hacker’s world appeared first on Speaking of Security - The RSA Blog.

from Protecting Identities in a hacker’s world

Ransomware Timeline

I’m not really in a position to track and write about every development in the world of ransomware. (Rather, I’ve concentrated on information on specific families and pointers to useful information and advice.) If a regular timeline is of use to you, though, David Balaban contacted me about his Ransomware Chronicle, which tersely flags ‘New ransomware released’, […]

from Ransomware Timeline

Beyond NonStop Encryption

In the world of NonStop, we may take for granted as truth that high availability matters. But so does scalability—and that includes the ability to scale protection of data at-rest beyond NonStop to include the broader enterprise storage ecosystem where data may be in motion and in use. Because if data isn’t protected and trusted, […]

The post Beyond NonStop Encryption appeared first on HPE Security - Data Security.

from Beyond NonStop Encryption

Does Optane SSD deserve your data?

This month, Intel unveiled a revolutionary new type of hard drive that can work as either a storage or RAM unit, while offering faster performance than most hard drives in the market. Its performance and technical capabilities make it appealing for a wide range of applications, but is it worth the investment? Read on to find out.

The post Does Optane SSD deserve your data? appeared first on Health Security Solutions.

from Does Optane SSD deserve your data?

Semafone’s Roundtable Discussion Brings Together Data Security and Regulatory Compliance Experts in Boston

By Mandy Pattenden, Marketing Communications Director Overlooking the sparkling blue Boston Harbor, Semafone hosted an insightful and engaging Lunch and Learn roundtable discussion last Wednesday on “Securing the Contact Center: More than Just a PCI DSS Issue.” The event, held at Legal Harborside, brought together thought leaders and data security experts from in and around […]

The post Semafone’s Roundtable Discussion Brings Together Data Security and Regulatory Compliance Experts in Boston appeared first on Semafone.

from Semafone’s Roundtable Discussion Brings Together Data Security and Regulatory Compliance Experts in Boston

SANS CTI 2017, Matt Bromiley’s ‘Using CTI Against the World’s Most Successful Email Scam’

Permalink

from SANS CTI 2017, Matt Bromiley’s ‘Using CTI Against the World’s Most Successful Email Scam’

Skype users hit by ransomware through in-app malicious ads

Several users have complained about "fake Flash" ads, which if triggered, can lead to a ransomware attack.

from Skype users hit by ransomware through in-app malicious ads

Skype users hit by ransomware through in-app malicious ads

Several users have complained about "fake Flash" ads which if triggered can lead to a ransomware attack.

from Skype users hit by ransomware through in-app malicious ads

A backup plan can save you from ransomware [infographic]

Names like Locky and CryptoLocker are familiar due to numerous news reports, but if you haven’t heard of the growing threat of ransomware, here’s a quick summary: Ransomware is a type of malware that locks you out of your devices by encrypting your files. In return for access with the decryption key, it demands a payment, typically in bitcoin. In many cases, victims of ransomware cannot recover their files, so a backup is essential.

from A backup plan can save you from ransomware [infographic]

Thursday, March 30, 2017

Implementing SAP Vulnerability Management Process. Part 3

We continue to describe the implementation of Vulnerability Management in SAP environment and turn to the very specific topic – vulnerability analysis. Vulnerability Management has two goals: reducing attack vectors and providing assurance in SAP systems. Both of these objectives require assessing of the existing vulnerabilities in terms of risk and remediation effort. This will […]

The post Implementing SAP Vulnerability Management Process. Part 3 appeared first on ERPScan.

from Implementing SAP Vulnerability Management Process. Part 3

Reflection on Working From Home

In a moment of introspection last night, it occurred to me that working from home tends to amplify any perceived slight or sources of negativity. Most of my "human" interactions are online only, which - for this extrovert - means...

from Reflection on Working From Home

Strategies for Managing Large-Scale VPN Deployments

Large organizations today are experiencing a rapid evolution in technology that is challenging traditional security systems and infrastructures. Corporate networks that once only had to support the connectivity of desk-bound workstations and a small nu...

from Strategies for Managing Large-Scale VPN Deployments

Tech support scammers and their banking woes

We all know about tech support scams by this point. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal’s ill-gotten gains. So how does the enterprising criminal cash out with your money? Let’s take a look.

Categories:

Tags: fraud scam tech support tech support scams TSS

(Read more...)

The post Tech support scammers and their banking woes appeared first on Malwarebytes Labs.

from Tech support scammers and their banking woes

Leading Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security

Checkmarx, a global leader in application security testing, today announced that a leading American international banking and financial services holding […]

The post Leading Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security appeared first on Checkmarx.

from Leading Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security

Malware campaign targets open source developers on GitHub

Be on your guard if you’re a developer who uses GitHub – someone could be trying to infect your computer with malware.

Read more in my article on the We Live Security blog.

from Malware campaign targets open source developers on GitHub

You Cannot Do Application Delivery Without Security

Security is an ever-evolving concept in theory and application. It is important to deploy and leverage technologies that can adapt and change with our security models. In the technology world, when the networking and application protocols were initially developed, minimal thought was given to security. Protocols like Telnet, FTP, DNS, SMTP, and even HTTP were […]

The post You Cannot Do Application Delivery Without Security appeared first on Radware Blog.

from You Cannot Do Application Delivery Without Security

LastPass has a secret major vulnerability – and, as yet, there’s no fix

The popular password management firm LastPass is working to fix major vulnerability in its software, responsibly disclosed to it by a security researcher. David Bisson reports.

from LastPass has a secret major vulnerability – and, as yet, there’s no fix

What companies can learn from the alleged Apple hack

According to a report from Motherboard, a group of hackers is attempting to extort one of the most well-known companies in the world — Apple. The blackmailing is over alleged access to a collection of stolen user credentials for iCloud and other Apple email accounts. The ‘Turkish Crime Family’ hackers have demanded $75,000 in either … Continued

The post What companies can learn from the alleged Apple hack appeared first on Enterprise Network Security Blog from ISDecisions.

from What companies can learn from the alleged Apple hack

Windows zero-day affects 600,000 older servers, but likely won’t be patched

The security vulnerability is publicly exploitable, but Microsoft only fixes "currently supported versions."

from Windows zero-day affects 600,000 older servers, but likely won’t be patched

InsomniaHack Trip Report

Insomni'Hack Info:
https://insomnihack.ch/

Favorite talks
Bridging the gap between ICS(IoT?) and corporate IT security
Stefan Lüders

I really enjoyed this talk hearing how an organization defends in a BYOD & academic environment. Defense is difficult when you control the hosts, even more so when you you cant instrument the host and have to rely on network controls only.

My favorite slide was their alerting stack:

Not sure when the slides will be released but here is an older version of the talk I found:
https://www.blackhat.com/docs/us-14/materials/us-14-Luders-Why-Control-System-Cyber-Security-Sucks.pdf

How we hacked Distributed Configuration Management Systems
Francis Alexander & Bharadwaj Machiraj

Awesome talk on breaking into

HashiCorp Consul
Apache Zookeeper
CoreOS etcd

Tool they created:
https://github.com/torque59/Garfield

Modern reconnaissance phase on APT – protection layer
Paul Rascagnères

Fun talk on how APT have been implementing some checks to make sure the targets are valid prior to sending down the final stage of the attack.

CERN
@cktricky and I also were able to give the talk at CERN. Background info on CERN: https://en.wikipedia.org/wiki/CERN

Archive of the talk:

Cool Pix:

Dropping Knowledge

Synchrocyclotron

https://en.wikipedia.org/wiki/Synchrocyclotron

Outside the Antimatter Factory

Thanks Twitter :-)
3>

from InsomniaHack Trip Report

Understanding the Evolution of Network Security

Network security has been around almost as long as we’ve had networks, and it is easy to trace the various elements of network security to the components of networking that they try to mitigate. Over the past 30-35 years or so, the expansion of networking, especially the increased reliance on the Internet both as an […]… Read More

The post Understanding the Evolution of Network Security appeared first on The State of Security.

from Understanding the Evolution of Network Security

The Six Commandments of the GDPR

Otherwise known as the measuring stick by which your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are rarely acknowledged for one simple reason: five of the six have no real application in helping you […]… Read More

The post The Six Commandments of the GDPR appeared first on The State of Security.

from The Six Commandments of the GDPR

The scam that knows your name and home address – here’s what to do

The scam that knows your name and home address - here's what to do

from The scam that knows your name and home address – here’s what to do

‘Can you hear me?’ robocalls put consumers on alert [infographic]

I fell for it the first time I answered a call. A friendly female voice hesitated, then giggled the line, “Can you hear me?” After I answered, “Yes”, it took me a few seconds to realize I had been fooled. It wasn’t a silly girl with a bad connection calling me on behalf of Disney Vacations – I had just been targeted by a robocaller. By then it was too late.

from ‘Can you hear me?’ robocalls put consumers on alert [infographic]

Websites compromised in ‘Decimal IP’ campaign

This URL is quite probably unlike anything you've ever seen before and yet still works and redirects to malware.

Categories:

Tags: 1760468715 EK malware RIG EK RIG exploit kit site hacks

(Read more...)

The post Websites compromised in ‘Decimal IP’ campaign appeared first on Malwarebytes Labs.

from Websites compromised in ‘Decimal IP’ campaign

Configuring DHCP Failover in Windows Server 2016

Karim Buzdar In this guide, Karim Buzdar illustrates how the configuration of DHCP failover in a test environment with two Windows 2016 servers and one Windows 10 client. ...

from Configuring DHCP Failover in Windows Server 2016

Configuring DHCP Failover in Windows Server 2016

SANS CTI 2017, Rick Holland’s ‘Inglorious Threat Intelligence’

Permalink

from SANS CTI 2017, Rick Holland’s ‘Inglorious Threat Intelligence’

Microsoft Word File Spreads Malware Targeting Both Mac OS X and Windows (Part II)

In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the...

from Microsoft Word File Spreads Malware Targeting Both Mac OS X and Windows (Part II)

Wednesday, March 29, 2017

Stop hackers with these 6 simple steps! (Number 3 will shock you).

Hackers are everywhere, but they’re not content with just hacking into banks and stealing the money. They are after you too. Once they get access to your facebook or email account, they can read all your private messages, send out rude messages that claim to be from you, and generally ruin your life. Often they […]

from Stop hackers with these 6 simple steps! (Number 3 will shock you).

Q&A with RSAC 2017 Security Scholar Rachael Skillman

Did you know that we had more than 620 students on-site at RSA Conference 2017 in San Francisco? 60 of those students were hand-selected to participate in the RSAC Security Scholar program. RSA Conference Security Scholar connects the brightest up-and-coming cybersecurity students to leading experts, peers, and conference attendees. Its goal is to share knowledge, experience, and connections to enrich the discourse on how to stay ahead of cyberthreats. Following RSAC 2017, we caught up with one of our Security Scholars, Rachael Skillman. Rachael is a recent graduate from Virginia Tech, with a…

from Q&A with RSAC 2017 Security Scholar Rachael Skillman

Got a drone? Check local regulations before you fly it

Flying a drone in the US means navigating a jumble of state and national rules - and risking fines that can range from $50 to $10,000 if you get it wrong

from Got a drone? Check local regulations before you fly it

Passcode: Opinion: How to counter the Kremlin’s hacking playbook

Flying a drone in the US means navigating a jumble of state and national rules - and risking fines that can range from $50 to $10,000 if you get it wrong

from Passcode: Opinion: How to counter the Kremlin’s hacking playbook

Explained: Sage ransomware

Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing outbreak of version 2.2. of this product.

Categories:

Tags: encryption hasherezade malware phish ransomware Sage ransomware Spora Ransomware

(Read more...)

The post Explained: Sage ransomware appeared first on Malwarebytes Labs.

from Explained: Sage ransomware

Another hole opens up in LastPass that could take weeks to fix

New flaw affects version 4.x across all browsers and platforms - here's our advice on how to use LastPass safely while we wait for the fix

from Another hole opens up in LastPass that could take weeks to fix

What is SAP penetration test?

Pentest, or penetration testing, stands for a range of processes that simulate attacker’s actions to identify security weaknesses. Usually, a company engages third-party security experts in conducting such a work and provides them with address(es) of server(s) they should examine. Pentests are often divided into two types: a pentest, in which experts are provided with […]

The post What is SAP penetration test? appeared first on ERPScan.

from What is SAP penetration test?

What are exploits? (And why you should care)

At one point in the not-so-distant past, exploits were responsible for delivering 80 percent of malware to people’s systems. But exploits seem to be experiencing a lull today. Does this mean they’re gone for good or is this simply the calm before the storm? Let’s break down this stealthy threat so you can not only know your enemy, but also be appropriately prepared should the exploit attacks return.

Categories:

Tags: EKs exploit kits exploits malvertising ransomware vulnerabilities

(Read more...)

The post What are exploits? (And why you should care) appeared first on Malwarebytes Labs.

from What are exploits? (And why you should care)

Trends in Software Defined Data Centers

I recently met with a regional cloud service provider (CSP) that has adopted provisioning on demand as their IT model. They spin up applications on demand, having virtualized most of their infrastructure and have developed tools to automate the provisioning of applications and servers for customers/tenants through a self-service portal. Rather than build-out and manage […]

The post Trends in Software Defined Data Centers appeared first on Radware Blog.

from Trends in Software Defined Data Centers

Vulnerability Spotlight: Exploiting Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability

Vulnerabilities discovered by Matthew Van Gundy from Cisco ASIGOverviewAs a member of the Linux Foundation Core Infrastructure Initiative, Cisco is contributing to the CII effort by evaluating the Network Time Protocol daemon (ntpd) for security defect...

from Vulnerability Spotlight: Exploiting Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability

Security Orchestration and Incident Response

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers -- sometimes with the addition of machine learning or other artificial intelligence techniques -- and to respond to attacks at computer speeds.

While this is a laudable goal, there's a fundamental problem with doing this in the short term. You can only automate what you're certain about, and there is still an enormous amount of uncertainty in cybersecurity. Automation has its place in incident response, but the focus needs to be on making the people effective, not on replacing them security orchestration, not automation.

This isn't just a choice of words -- it's a difference in philosophy. The US military went through this in the 1990s. What was called the Revolution in Military Affairs (RMA) was supposed to change how warfare was fought. Satellites, drones and battlefield sensors were supposed to give commanders unprecedented information about what was going on, while networked soldiers and weaponry would enable troops to coordinate to a degree never before possible. In short, the traditional fog of war would be replaced by perfect information, providing certainty instead of uncertainty. They, too, believed certainty would fuel automation and, in many circumstances, allow technology to replace people.

Of course, it didn't work out that way. The US learned in Afghanistan and Iraq that there are a lot of holes in both its collection and coordination systems. Drones have their place, but they can't replace ground troops. The advances from the RMA brought with them some enormous advantages, especially against militaries that didn't have access to the same technologies, but never resulted in certainty. Uncertainty still rules the battlefield, and soldiers on the ground are still the only effective way to control a region of territory.

But along the way, we learned a lot about how the feeling of certainty affects military thinking. Last month, I attended a lecture on the topic by H.R. McMaster. This was before he became President Trump's national security advisor-designate. Then, he was the director of the Army Capabilities Integration Center. His lecture touched on many topics, but at one point he talked about the failure of the RMA. He confirmed that military strategists mistakenly believed that data would give them certainty. But he took this change in thinking further, outlining the ways this belief in certainty had repercussions in how military strategists thought about modern conflict.

McMaster's observations are directly relevant to Internet security incident response. We too have been led to believe that data will give us certainty, and we are making the same mistakes that the military did in the 1990s. In a world of uncertainty, there's a premium on understanding, because commanders need to figure out what's going on. In a world of certainty, knowing what's going on becomes a simple matter of data collection.

I see this same fallacy in Internet security. Many companies exhibiting at the RSA Conference promised to collect and display more data and that the data will reveal everything. This simply isn't true. Data does not equal information, and information does not equal understanding. We need data, but we also must prioritize understanding the data we have over collecting ever more data. Much like the problems with bulk surveillance, the "collect it all" approach provides minimal value over collecting the specific data that's useful.

In a world of uncertainty, the focus is on execution. In a world of certainty, the focus is on planning. I see this manifesting in Internet security as well. My own Resilient Systems -- now part of IBM Security -- allows incident response teams to manage security incidents and intrusions. While the tool is useful for planning and testing, its real focus is always on execution.

Uncertainty demands initiative, while certainty demands synchronization. Here, again, we are heading too far down the wrong path. The purpose of all incident response tools should be to make the human responders more effective. They need both the ability and the capability to exercise it effectively.

When things are uncertain, you want your systems to be decentralized. When things are certain, centralization is more important. Good incident response teams know that decentralization goes hand in hand with initiative. And finally, a world of uncertainty prioritizes command, while a world of certainty prioritizes control. Again, effective incident response teams know this, and effective managers aren't scared to release and delegate control.

Like the US military, we in the incident response field have shifted too much into the world of certainty. We have prioritized data collection, preplanning, synchronization, centralization and control. You can see it in the way people talk about the future of Internet security, and you can see it in the products and services offered on the show floor of the RSA Conference.

Automation, too, is fixed. Incident response needs to be dynamic and agile, because you are never certain and there is an adaptive, malicious adversary on the other end. You need a response system that has human controls and can modify itself on the fly. Automation just doesn't allow a system to do that to the extent that's needed in today's environment. Just as the military shifted from trying to replace the soldier to making the best soldier possible, we need to do the same.

For some time, I have been talking about incident response in terms of OODA loops. This is a way of thinking about real-time adversarial relationships, originally developed for airplane dogfights, but much more broadly applicable. OODA stands for observe-orient-decide-act, and it's what people responding to a cybersecurity incident do constantly, over and over again. We need tools that augment each of those four steps. These tools need to operate in a world of uncertainty, where there is never enough data to know everything that is going on. We need to prioritize understanding, execution, initiative, decentralization and command.

At the same time, we're going to have to make all of this scale. If anything, the most seductive promise of a world of certainty and automation is that it allows defense to scale. The problem is that we're not there yet. We can automate and scale parts of IT security, such as antivirus, automatic patching and firewall management, but we can't yet scale incident response. We still need people. And we need to understand what can be automated and what can't be.

The word I prefer is orchestration. Security orchestration represents the union of people, process and technology. It's computer automation where it works, and human coordination where that's necessary. It's networked systems giving people understanding and capabilities for execution. It's making those on the front lines of incident response the most effective they can be, instead of trying to replace them. It's the best approach we have for cyberdefense.

Automation has its place. If you think about the product categories where it has worked, they're all areas where we have pretty strong certainty. Automation works in antivirus, firewalls, patch management and authentication systems. None of them is perfect, but all those systems are right almost all the time, and we've developed ancillary systems to deal with it when they're wrong.

Automation fails in incident response because there's too much uncertainty. Actions can be automated once the people understand what's going on, but people are still required. For example, IBM's Watson for Cyber Security provides insights for incident response teams based on its ability to ingest and find patterns in an enormous amount of freeform data. It does not attempt a level of understanding necessary to take people out of the equation.

From within an orchestration model, automation can be incredibly powerful. But it's the human-centric orchestration model -- the dashboards, the reports, the collaboration -- that makes automation work. Otherwise, you're blindly trusting the machine. And when an uncertain process is automated, the results can be dangerous.

Technology continues to advance, and this is all a changing target. Eventually, computers will become intelligent enough to replace people at real-time incident response. My guess, though, is that computers are not going to get there by collecting enough data to be certain. More likely, they'll develop the ability to exhibit understanding and operate in a world of uncertainty. That's a much harder goal.

Yes, today, this is all science fiction. But it's not stupid science fiction, and it might become reality during the lifetimes of our children. Until then, we need people in the loop. Orchestration is a way to achieve that.

This essay previously appeared on the Security Intelligence blog.

from Security Orchestration and Incident Response

Celebrating the Pig: How to Engineer a Durable Security Culture

Dashlane asked this question to over 2,000 people: “Would you give up sex for a year if it meant that you would not have to worry about ever getting hacked or getting your identity stolen?” Over 39 percent of respondents said “yes.” This has got to be a very frustrating response to more security experts […]… Read More

The post Celebrating the Pig: How to Engineer a Durable Security Culture appeared first on The State of Security.

from Celebrating the Pig: How to Engineer a Durable Security Culture

5 Signs Your Cybersecurity Awareness Program Is Paying Off

Not too long ago, a client of ours who had just released a dynamic new cybersecurity awareness course told me how blown away he was with the response they were getting. His inbox was full of compliments, and his colleagues wanted to duplicate his training success in their own departments. He recounted how employees stopped […]… Read More

The post 5 Signs Your Cybersecurity Awareness Program Is Paying Off appeared first on The State of Security.

from 5 Signs Your Cybersecurity Awareness Program Is Paying Off

Scan the Entire RFC 1918 Private IP Space? Are You Crazy? Maybe Not . . .

The private IP space defined by RFC 1918 contains almost 18 million IP addresses. A customer was interested in having me do host discovery on this entire space for their private IP space. This is interesting data for network owners because it: Increases awareness to the size of the network attack surface, such as the […]… Read More

The post Scan the Entire RFC 1918 Private IP Space? Are You Crazy? Maybe Not . . . appeared first on The State of Security.

from Scan the Entire RFC 1918 Private IP Space? Are You Crazy? Maybe Not . . .

Gang of Fifty

Tip of the Hat to Trey Blalock of Firewall Consultants, and via Bruce Sterling's Tumblr. Thanks Bruce. Permalink

from Gang of Fifty

Macs and iPhones patched – including 23 kernel-level holes

Yes, we always say, "Patch early, patch often." But this time, patch even earlier!

from Macs and iPhones patched – including 23 kernel-level holes

A week in security (Mar 20th – Mar 26th)

A compilation of notable security news and blog posts from the 20th to the 26th of March. This week, we look back at phishing campaigns, PUPs, ransomware, and more.

Categories:

Tags: news phishing PUPs ransomware week in security weekly roundup

(Read more...)

The post A week in security (Mar 20th – Mar 26th) appeared first on Malwarebytes Labs.

from A week in security (Mar 20th – Mar 26th)

Congress just obliterated Obama-era rules preventing ISPs from selling your browsing history

The rules, which were set to go into effect but were blocked by a Republican-controlled FCC chairman, were ruled on in Congress, nuking them from ever going into effect.

from Congress just obliterated Obama-era rules preventing ISPs from selling your browsing history

Congress just obliterated Obama-era rules preventing ISPs from selling your browsing history

$100M Email Phishing Case Offers Lessons Learned for IT

Todd R. Weiss The scheme victimized two Internet companies out of $100 million from 2013 to 2015. Here are some tips from IT experts to help fight such incidents inside yo...

from $100M Email Phishing Case Offers Lessons Learned for IT

SANS CTI 2017, Rob Dartnall’s ‘Conventional Intelligence Analysis in Cyber Threat Intelligence’

Permalink

from SANS CTI 2017, Rob Dartnall’s ‘Conventional Intelligence Analysis in Cyber Threat Intelligence’

Tuesday, March 28, 2017

Resource: Reducing Risk with a Cybersecurity Checklist (eBook)

This 16 page eBook from Microsoft is a great resource for not only executives to review and discuss but also IT Managers and System Admins. read more

from Resource: Reducing Risk with a Cybersecurity Checklist (eBook)

Achieving Cyber Resilience with Next-Gen AV and Bromium Artificial Intelligence

Detection-based techniques will always be one step behind the attacker. Extend NGAV using next gen virtualization with application isolation and control. Applications with the sensitive data are completely hardware-isolated from the host. In 2016, organizations spent over $80 billion on cybersecurity, while cybercriminals made $3 trillion in profit. Cybersecurity is a constant arms race. When […]

The post Achieving Cyber Resilience with Next-Gen AV and Bromium Artificial Intelligence appeared first on Bromium.

from Achieving Cyber Resilience with Next-Gen AV and Bromium Artificial Intelligence

An Open Letter to Human Resources Teams

Every few years, it seems, the information security community has a renewed interest in, and debate over, the value of certifications, degrees, experience, etc. in helping information security professionals land jobs. Along with this renewed interest comes a spate of blog posts and articles that aim to help those new to the industry advance, and […]

from An Open Letter to Human Resources Teams

News in brief: Hong Kong voters’ data lost; Rudd faces pushback; Google Home lands in Britain

Your daily round-up of some of the other stories in the news

from News in brief: Hong Kong voters’ data lost; Rudd faces pushback; Google Home lands in Britain

Women in AppSec: Post-Webinar Thoughts and Q&A

We had an amazing turnout and response to our webinar Growing the Ranks of Women in AppSec. I played host and moderator, and really want to thank my colleagues for their enthusiastic participation and input. And I have even bigger thanks to all of the people who dialed in, sent us questions, and offered to […]

The post Women in AppSec: Post-Webinar Thoughts and Q&A appeared first on WhiteHat Security.

from Women in AppSec: Post-Webinar Thoughts and Q&A

Attackers Targeting FTP Servers to Access Patient Health Data, Warns FBI

The FBI issued an alert to the healthcare industry warning of criminal actors actively targeting anonymous File Transfer Protocol (FTP) servers to access protected health information (PHI) and personally identifiable information (PII). According to the FBI’s Cyber Division, attackers are compromising such information from medical and dental entities in order to intimidate, harass and blackmail business […]… Read More

The post Attackers Targeting FTP Servers to Access Patient Health Data, Warns FBI appeared first on The State of Security.

from Attackers Targeting FTP Servers to Access Patient Health Data, Warns FBI

via the sarcastic artistry of Nitrozac and Snaggy at The Joy of Tech©. Please visit the The Joy of Tech©'s Patreon page to support their terrific tech comic!

Permalink

Bots: Bad Now. Worse In The Future.

If you are worried about your smart TV recording your most intimate conversations in its “Fake-Off” mode and sending those over the Internet to a covert CIA server, you are right to be worried. As we saw in the WikiLeaks’ Vault7 dump, the CIA’s malware known as Weeping Angel places the target TV in a […]

The post Bots: Bad Now. Worse In The Future. appeared first on Netswitch Technology Management.

from Bots: Bad Now. Worse In The Future.

Lessons from Managing Your Open Source

By Joshua Bressers During the RSA Conference, I hosted a Peer 2 Peer on how to manage your open source. The purpose of the session was to have a discussion about how the participants were securely managing the open source their organizations were using. It’s no secret these days that nearly every organization is using open source to solve their challenges. Everything from containers running infrastructure to developers leveraging existing code in applications to add complex features quickly. When we look at this from the security perspective though it creates some questions we have to ask. …

from Lessons from Managing Your Open Source

Man loses appeal over Facebook threat to kill Obama

The lesson from this failed appeal is that threats on social media will be taken very seriously by the authorities - so be careful when blowing off steam

from Man loses appeal over Facebook threat to kill Obama

Kalyna Block Cipher

Kalyna is a block cipher that became a Ukrainian national standard in 2015. It supports block and key sizes of 128, 256, and 512 bits. Its structure looks like AES but optimized for 64-bit CPUs, and it has a complicated key schedule. Rounds range from 10-18, depending on block and key sizes.

There is some mention of cryptanalysis on reduced-round versions in the Wikipedia entry. And here are the other submissions to the standard.

from Kalyna Block Cipher

Ultra Secret Chat Using Wi-Fi Covert Channel

“Covert Channel [Wikipedia]: a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy.” Today, in a world where the hacking techniques are getting more and more sophisticated and security measures are […]… Read More

The post Ultra Secret Chat Using Wi-Fi Covert Channel appeared first on The State of Security.

from Ultra Secret Chat Using Wi-Fi Covert Channel

The Sackcloth & Ashes of WordPress Security

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security. “Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls that […]… Read More

The post The Sackcloth & Ashes of WordPress Security appeared first on The State of Security.

from The Sackcloth & Ashes of WordPress Security

Turning Data into Metrics – A Vulnerability Story

One of the main issues I find across the information security industry is that we constantly need to justify our existence. IT has been the traditional cost centre, but businesses have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly […]… Read More

The post Turning Data into Metrics – A Vulnerability Story appeared first on The State of Security.

from Turning Data into Metrics – A Vulnerability Story