Armis’ CTO discusses the top IoT security issues in the marketplace today – and whether device manufacturers will start to prioritize security.
IoT devices are everywhere – from connected smart-home gadgets to industrial IoT systems. And it’s not stopping anytime soon – consumer IoT spending is set to reach $62 billion in 2018, making it the fourth largest industry segment, according to market research firm IDC.
Many of these IoT devices are not secure, opening victims up to threats like DDoS attacks, privacy concerns and, in the worst case, even industrial-level disasters
Rohde & Schwarz today announced that they are now supplying Indigo Software with their DPI engine R&S® PACE 2 to enhance Indigo Software’s web application security solution with their protocol and application classification capabilities. R&S®PACE 2 now serves as the core for their web application firewalls (WAFs), enabling them to obtain granular visibility of network traffic in order to analyze HTTP requests and responses to detect malicious behavior.
Web application firewalls as provided by Indigo Software have become an indispensable component in the application delivery infrastructure as they offer Layer 7 web application security to prevent attacks such as SQL injection, cross-site scripting (XSS) and DDoS attacks. WAFs are able to detect and block malicious activities behind inconspicuous website traffic that may slip through traditional security solutions.
A female RAF airwoman has had her Tinder profile hacked by a secret agent
The spy used the profile to target RAF aircrew involved in the F-35 fighter project
The plot was foiled after the RAF woman reported her Tinder was compromised
RAF chiefs have sent a warning to personnel about ‘online social engineering’
Secrets about Britain’s new £9 billion stealth fighter jets have been leaked in an audacious honeytrap plot, The Mail on Sunday can reveal.
In a sophisticated sting operation, the profile of an RAF airwoman on dating app Tinder was hacked, allowing a spy, posing as the woman, to contact RAF servicemen and sweet-talk at least one into revealing details about the F-35 Lightning II fighter.
RAF sources last night confirmed information about the hugely sensitive and expensive stealth jet had been passed to an as-yet unidentified third party.
It is unclear if a foreign power was involved, but suspicion is likely to centre on the intelligence services of Russia and China. Both countries are desperate for information on the F-35 fleet
The UK is committed to buying 138 of the jets, each costing £92 million.
A memo sent from the RAF’s head of security to top brass on July 9 said: ‘Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35.
‘Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.
The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.
Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release.
According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully.
Google tracks the movement of its users, even if they explicitly say they don’t want to be tracked, new research from AP suggests.
AP says many of Google’s services on Android and iPhone devices track data of their users’ location, even when the user turns the feature off. The claims have been confirmed by researchers from Princeton.
In most cases, Google first asks for permission to know where someone is located.
There’s also the option to turn off “location history”, and this feature comes with a notice that the company will not be allowed to remember where the user was. However, this feature does not work as intended, AP says, claiming that some Google apps still store user location, even when the feature is turned off.
What maximum a remote attacker can do just by having your Fax machine number?
Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it.
Check Point researchers have revealed details of two critical remote code execution (RCE) vulnerabilities they discovered in the communication protocols used in tens of millions of fax machines globally.
You might be thinking who uses Fax these days!
Well, Fax is not a thing of the past. With more than 300 million fax numbers and 45 million fax machines in use globally, Fax is still popular among several business organizations, regulators, lawyers, bankers, and real estate firms.
Since most fax machines are today integrated into all-in-one printers, connected to a WiFi network and PSTN phone line, a remote attacker can simply send a specially-crafted image file via fax to exploit the reported vulnerabilities and seize control of an enterprise or home network.
Dubbed Faxploit, the attack involves two buffer overflow vulnerabilities—one triggers while parsing COM markers (CVE-2018-5925) and another stack-based issue occurs while parsing DHT markers (CVE-2018-5924), which leads to remote code execution.
To demonstrate the attack, Check Point Malware Research Team Lead Yaniv Balmas and security researcher Eyal Itkin used the popular HP Officejet Pro All-in-One fax printers—the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.
U.S. chipmaker Intel Corp (INTC.O) on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory.
Veteran hackers have tried for years to get the world to notice flaws in voting machines. Now that they’ve got it, they have to wrestle with scaring people away from voting.
Election hackers have spent years trying to bring attention to flaws in election equipment. But with the world finally watching at DEFCON, the world’s largest hacker conference, they have a new struggle: pointing out flaws without causing the public to doubt that their vote will count.
RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company released a product called Alkemist that enables customers to install the solution without help from RunSafe.
product began with the DoD research and a simple premise: “If you assume hardware in the supply chain is compromised, can you still build trusted software on top of untrusted hardware. And so we came up with techniques that we have since greatly expanded to protect the software from compromise. We eliminate an entire class of attacks and greatly reduce the attack surface for software across critical infrastructure,”
The way they do this is by hardening the software binary so malware and exploitations can’t find the tools they need to execute across the infrastructure. In the data center example, that means the attacker could find their way in, and attack a single machine, but couldn’t replicate the attack across multiple machines.
“The interception of SMS text messages, using techniques such as SIM-swapping or abusing weaknesses in the SS7 protocol, has been practised by criminals for quite a while.”
A few days ago, Reddit announced that they had been the victim of an elaborate hack attack and data breach. The attackers accessed the email digests from August 2018 and the entire 2007 database backup. The backup included old salted and hashed user passwords, usernames and their email addresses. The attackers also compromised a few Reddit employee accounts by intercepting the SMS used in two-factor authentication (2FA).
An Excellent Example of Proper Logging and Monitoring
Perhaps the most controversial item on the OWASP Top 10 List for 2017 was the Insufficient Logging and Monitoring category. A similar category is listed in the OWASP Proactive Controls List – Implement Logging and Intrusion Detection. While the implementation of the logging mechanism is listed as a recommended measure in the Proactive Controls list, the improper implementation of this mechanism is listed as a vulnerability in the Top 10 list.
Keeping in mind that the average time between a successful attack and its detection is no less than a whopping 191 days, Reddit did a pretty impressive job by uncovering the attack on June 19 – only about 1-4 days after the attack (June 14-18) took place.
Google on Wednesday announced the expansion of its bug bounty program to include techniques that can be used to bypass the company’s abuse detection systems.
The Internet giant claims to have paid out over $12 million as part of its Vulnerability Reward Programs since 2010, including payouts for bug reports describing techniques for bypassing fraud, abuse and spam systems.
These types of reports have now officially been added to Google’s bug bounty program. The company says it’s prepared to pay up to $5,000 for high impact and high probability issues.
“Reports that deal with potential abuse-related vulnerabilities may take longer to assess, because reviewing our current defense mechanisms requires investigating how a real life attack would take place and reviewing the impact and likelihood requires studying the type of motivations and incentives of abusers of the submitted attack scenario against one of our products,” Google said.
For example, a technique that allows an attacker to manipulate the rating score of a Google Maps listing by submitting a large volume of fake reviews without being detected by the company’s systems would qualify for a reward in the new platform abuse category. Researchers can also earn rewards for bypassing account recovery systems at scale, finding systems vulnerable to brute-force attacks, bypassing content use and sharing restrictions, or buying items from Google without paying.
The company’s flagship Twistlock platform provides protection for containers, serverless functions, and container-as-a-service platforms like AWS Fargate into a single full stack security platform.
The latest version of the platform brings cloud native forensics capabilities to help during the incident response process.
Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.
Roughly nine months into his job as special agent in charge of the New Orleans office of the FBI, agent Eric Rommal is keenly aware of the dangers cyber-criminals pose to Mississippi River-related businesses and south Louisiana infrastructure.
“Louisiana is a major cyber vulnerability area,” Rommal told The Associated Press in an interview.
“Every time that we have a vessel that travels up or down the Mississippi River there’s a vulnerability: that that vessel or persons on those vessels may in fact be doing harm to our systems,” said Rommal. “And that affects the national economy and affects the entire United States.”
“When it relates to commerce and the economy throughout the United States, oil and gas — it all starts here,” said Rommal. “And when those systems are compromised, it doesn’t just affect Louisiana. It affects the entire nation.”
A cyber disruption of security systems that protect pipelines and refineries “could essentially cripple the oil and gas industry until we could get that system up and running again,” said Rommal.
Energy isn’t the only concern.
“The ports that are along the Mississippi River — many may think of them as an agricultural or a petroleum depot. But what we need to know more about is that each one of those systems is controlled by sort of computer network that allows barges to be off-loaded, loaded,” he said.
A hacker disrupting those operations could effectively disrupt nationwide and international commerce, he said, until it could be manually restored.
THEFT
Ports and the businesses that use them are susceptible to theft of money or critical information, Ramey said. And the theft can be state-sponsored.
“That would be, say, the Chinese, the Russians, the Iranians, the North Koreans, want to compromise the ports for, say, some sort of economic or secretive information. The maritime and the port industry are susceptible to what we call BEC — business email compromises,” Ramey said.
Microsoft’s Patch Tuesday updates for August 2018 address 60 vulnerabilities, including two zero-day flaws affecting Windows and Internet Explorer.
One of the actively exploited vulnerabilities is CVE-2018-8414, which Microsoft learned of from Matt Nelson of SpecterOps. Nelson disclosed the details of the bug in June after Microsoft told him that “the severity of the issue is below the bar for servicing and that the case will be closed.”
Proofpoint then revealed in July that a financially-motivated threat actor tracked by the company as TA505 had been exploiting the flaw to deliver the FlawedAmmyy RAT.
Tech companies could face fines of up to Aus$10 million (US$7.3 million) if they fail to hand over customer information or data to Australian police under tough cyber laws unveiled Tuesday.
The government is updating its communication laws to compel local and international providers to co-operate with law enforcement agencies, saying criminals were using technology, including encryption, to hide their activities.
The legislation, first canvassed by Canberra last year, will take into account privacy concerns by “expressly” preventing the weakening of encryption or the introduction of so-called backdoors, Cyber Security Minister Angus Taylor said.
On August 1st, US-based social news aggregation, web content, and discussion website, Reddit.com disclosed a data breach whose full impact has yet to be determined. Reddit said the breach was discovered on June 19th ― four days after the hacker(s) compromised several employee accounts at its cloud and source code hosting providers.
Vulnerability Allows a Second Factor for One Account to be Used for All Accounts in an Organization
A simple vulnerability in Microsoft’s Active Directory Federation Services (ADFS) can lead to catastrophic results. The flaw (CVE-2018-8340) was discovered by Okta researcher Andrew Lee; and patched by Microsoft in this month’s Patch Tuesday security updates.
ADFS is used by third party vendors, such as Okta, Gemalto, Duo, Authlogics, RSA, and SecureAuth. It allows companies to add multi-factor authentication to their security controls. Exploiting the vulnerability allows any attacker with a valid second factor to access any other user’s account if they can obtain that user’s credentials. The flaw affects all third-party MFA vendors that use Microsoft’s ADFS.
There is obviously some work to do by the attacker; but it is not that difficult
The UK Metropolitan Police Service — the Met, the UK’s largest police force and one of the largest in the world — has introduced a new portable fingerprint scanner. This is not the first portable scanner used by the Met, but differs from the earlier option by being developed in-house.
Known as INK (identity not known), it combines software produced in-house by Met staff with an Android mobile phone paired with a Cross Match Technologies fingerprint reader. The device communicates securely with the Home Office Biometric Services Gateway (BSG), which then searches the Criminal Records Office (IDENT1) and immigration enforcement (IABS) databases.
If a suspect has a criminal record, the Met says, or is known to immigration enforcement, his or her identity can be confirmed at the roadside. An officer, with relevant access levels, can also use the device to check the Police National Computer to establish if they are currently wanted for any outstanding offences.
A team of researchers has disclosed the details of a new attack method that can be used to crack encrypted communications. The products of several vendors, including Cisco, Huawei, ZyXEL and Clavister, are impacted.
The attack will be presented later this week at the 27th USENIX Security Symposium in Baltimore, Maryland, by researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany. The research paper has already been made public.
The experts have analyzed the impact of key reuse on Internet Protocol Security (IPsec), a protocol that authenticates and encrypts the data packets sent over a network. IPsec is often used for virtual private networks (VPNs).
The cryptographic key for IPsec uses the Internet Key Exchange (IKE) protocol, which has two versions, IKEv1 and IKEv2. Each version of IKE has different modes, configurations and authentication methods.
“[Reusing] a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers,”
The program makes boarding an international flight a breeze: Passengers step up to the gate, get their photo taken and proceed onto the plane. There is no paper ticket or airline app. Thanks to facial recognition technology, their face becomes their boarding pass.
“I would find it superconvenient if I could use my face at the gate,” said Jonathan Frankle, an artificial intelligence researcher at M.I.T. studying facial recognition technology. But “the concern is, what else could that data be used for?”
The problem confronting Mr. Frankle, as well as thousands of travelers, is that few companies participating in the program, called the Traveler Verification Service, give explicit guarantees that passengers’ facial recognition data will be protected.
Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker’s control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user’s account information.
According to research by Radware, the exploit being used by the attackers allows them to perform remote unauthenticated changes to DNS settings on certain DLink DSL modems/routers. This allows them to easily scan for and script the changing of large amounts of vulnerable routers so that their DNS settings point to a DNS server under the attacker’s control.
The command — “.byte 0x0f, 0x3f” in Linux — “isn’t supposed to exist, doesn’t have a name, and gives you root right away,” Domas said, adding that he calls it “God Mode.” The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces (“userland”) run in ring 3, furthest from the kernel and with the least privileges.
According to a newly released State Department cable, the attack was part of a Russian campaign to sow disinformation about NATO. It came as Russia allegedly was stealing Democrats’ emails.
Intriguing news for anyone who believes that FIDO two-factor authentication keys are the obvious way to stop phishing attacks that not enough people use – Google is launching its own authentication token.
Called the Titan Security Key (not to be confused with Google’s Titan security chip), its announcement at Google’s Cloud Next 2018 conference in July may explain why the web giant was keen some days ago to boast that its 85,000 employees have not suffered a single successful account takeover since the company mandated the use of these keys in early 2017.
The U.S. electric industry has responded to a steady stream of cyberthreats with more rigorous red-teaming and by using artificial intelligence, utility executives said.
“We’re penetrating our own system to ensure that we are moving the envelope,” said Brian Harrell, Duke Energy Corp.’s managing director of enterprise protective services. “We’re trying to find the vulnerabilities before anyone else does.”
“Just yesterday I [was] having a six-hour conversation with the FBI about somebody trying to penetrate our system,” Harrell said Friday at an event at George Washington University’s (GWU) Center for Cyber and Homeland Security. “These are the kinds of things that are happening on a day in and day out basis.”
In March, the Department of Homeland Security warned that Russian government hackers had targeted the energy sector, among others, in a two-year campaign that collected information on industrial control systems (ICS) used in the sector.
Outsourcing is an option
Big power companies like Duke Energy and PG&E can run their own in-house intelligence organizations, with analysts picking apart threat data. The smaller electric cooperatives serving rural communities across the country, however, tend to lack the resources to do that.
For example, smaller companies frequently try to “‘dual hat’ their control systems people and tell them – you also need to perform these cybersecurity tasks, but often there is a skills gap,” Marty Edwards, an industrial cybersecurity expert, told CyberScoop.
“The good news is that you no longer need to try and do all this in-house,” added Edwards, who is managing director of the Automation Federation. “There are plenty of boutique cybersecurity consulting companies that specialize in ICS and operational technology – and you should bring them in to see what they can find.”
Three IoT vulnerabilities entered July’s top ten most exploited vulnerabilities list, as threat actors have doubled their attacks on these Mirai and Reaper-related vulnerabilities since May 2018.
During July 2018, three IoT vulnerabilities entered the Top 10 most exploited list: MVPower DVR router Remote Code Execution at #5; D_Link DSL-2750B router Remote Command Execution at #7; and Dasan GPON router Authentication Bypass at #10. Together, 45% of all organizations across the world were impacted by attacks targeting these vulnerabilities, compared with 35% in June 2018 and 21% in May. These vulnerabilities all enable attackers to execute malicious code and gain remote control of the target devices.
Known vulnerabilities offer cyber-criminals an easy and relatively frictionless entry point into corporate networks, enabling them to propagate a wide range of attacks. IoT vulnerabilities, in particular, are often ‘the path of least resistance’, as once one device is compromised, it can be straightforward to infiltrate further connected devices. As such, organizations must apply patches as soon as they’re available in order to secure their networks from known vulnerabilities.
Phishing works no matter how hard a company tries to protect its customers or employees.
Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.
On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain.
But as I said, phishers always find a way to bypass security protections in order to victimize users.
In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.
Microsoft scans the body of an email, including the links provided in it, but since the links in the latest email campaign lead to an actual SharePoint document, the company did not identify it as a threat.
In previous posts, Intrusion Truth showed that the Cloud Hopper / APT10 hackers that attacked thousands of global clients of Managed Service Providers (MSPs) in 2016 were based in Tianjin, China.
We identified Zheng Yanbin, Gao Qiang and Zhang Shilong as three actors responsible. We associated them with the Huaying Haitai Science and Technology Development Co Ltd (天津华盈海泰科技发展有限公司) and Laoying Baichen Instruments Equipment Co Ltd in Tianjin China. But we haven’t yet explained who was masterminding or controlling the attacks.
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hour
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday.
Unlimited operations typically take advantage of weak cybersecurity at smaller banking institutions and allow hackers to make coordinated runs on ATMs.
On Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.
Erin Pearson / The Age:
Unnamed Melbourne-based 16-year-old pleads guilty to repeatedly breaching Apple’s systems and downloading 90GB of sensitive files — A Melbourne private schoolboy who repeatedly broke into Apple’s secure computer systems is facing criminal charges after the technology giant called in the FBI.
A Melbourne private schoolboy who repeatedly broke into Apple’s secure computer systems is facing criminal charges after the technology giant called in the FBI.
The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.
The Children’s Court heard on Thursday that he had downloaded 90gb of secure files and accessed customer accounts.
His offending from the age of 16 saw him develop computerised tunnels and online bypassing systems to hide his identity until a raid on his family home uncovered a litany of hacking files and instructions all saved in a folder titled “hacky hack hack”.
Zach Dorfman / Foreign Policy:
Current and former US officials say CIA’s communication system used for sources in China was compromised, leading to China executing ~30 US spies from 2010-2012 — The number of informants executed in the debacle is higher than initially thought. — It was considered one of the CIA’s worst failures …
It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle.
How were the Chinese able to roll up the network?
Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources
apparently underestimated China’s ability to penetrate it.
“The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information. The former official described the attitude of those in the agency who worked on China at the time as “invincible.”
Other factors played a role as well, including China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time. Federal prosecutors indicted Lee earlier this year in connection with the affair.
But the penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets.
“When things started going bad, they went bad fast.”
Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.
Roughly nine months into his job as special agent in charge of the New Orleans office of the FBI, agent Eric Rommal is keenly aware of the dangers cyber-criminals pose to Mississippi River-related businesses and south Louisiana infrastructure.
“Louisiana is a major cyber vulnerability area,” Rommal told The Associated Press in an interview.
“Every time that we have a vessel that travels up or down the Mississippi River there’s a vulnerability: that that vessel or persons on those vessels may in fact be doing harm to our systems,” said Rommal. “And that affects the national economy and affects the entire United States.”
“When it relates to commerce and the economy throughout the United States, oil and gas — it all starts here,” said Rommal. “And when those systems are compromised, it doesn’t just affect Louisiana. It affects the entire nation.”
The NIST Small Business Cybersecurity Act Aims to Provide Cyberdefense Resources
U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday (August 14, 2018). It requires NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The resources to be provided are informational. They must be generally applicable to a wide range of small businesses; vary with the nature and size of small businesses; promote cybersecurity awareness and workplace cybersecurity culture; and include practical application strategies. The resources must further be technology-neutral and compatible with COTS solutions; and as far as possible consistent with international standards and the Stevenson-Wydler Technology Innovation Act of 1980.
Use of these resources by small businesses is voluntary.
“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Schatz, lead Democrat on the Commerce Subcommittee on Communications Technology, Innovation, and the Internet, in a statement. “This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks.”
The act has been well-received by the security industry.
“Bills focusing on the cybersecurity needs of small businesses are becoming increasingly necessary to protect activity crucial to the U.S. economy,” explains Jessica Ortega, a member of the SiteLock research team. “Small businesses account for 99.7% [SBA figures] of employers in the United States and as many as 50% [CNBC figures] of those have experienced a cyberattack. Not surprising when you consider that websites are attacked as many as 50 times per day on average [Sitelock's own figures].
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
428 Comments
Tomi Engdahl says:
Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises
https://threatpost.com/black-hat-exclusive-video-the-iot-security-threat-looms-for-enterprises/134991/
Armis’ CTO discusses the top IoT security issues in the marketplace today – and whether device manufacturers will start to prioritize security.
IoT devices are everywhere – from connected smart-home gadgets to industrial IoT systems. And it’s not stopping anytime soon – consumer IoT spending is set to reach $62 billion in 2018, making it the fourth largest industry segment, according to market research firm IDC.
Many of these IoT devices are not secure, opening victims up to threats like DDoS attacks, privacy concerns and, in the worst case, even industrial-level disasters
Tomi Engdahl says:
Indigo Software’s Web Application Security Solution Embeds (DPI) Engine R&S®PACE 2
https://www.eeweb.com/profile/eeweb/news/indigo-softwares-web-application-security-solution-embeds-dpi-engine-r-s-pace-2
Rohde & Schwarz today announced that they are now supplying Indigo Software with their DPI engine R&S® PACE 2 to enhance Indigo Software’s web application security solution with their protocol and application classification capabilities. R&S®PACE 2 now serves as the core for their web application firewalls (WAFs), enabling them to obtain granular visibility of network traffic in order to analyze HTTP requests and responses to detect malicious behavior.
Web application firewalls as provided by Indigo Software have become an indispensable component in the application delivery infrastructure as they offer Layer 7 web application security to prevent attacks such as SQL injection, cross-site scripting (XSS) and DDoS attacks. WAFs are able to detect and block malicious activities behind inconspicuous website traffic that may slip through traditional security solutions.
Tomi Engdahl says:
Honeytrap spy stole secrets of new RAF jet: Female agent hacked airwoman’s Tinder profile to target stealth fighter crews involved in the £9bn F-35 project
http://www.dailymail.co.uk/news/article-6027207/Honeytrap-spy-stole-secrets-new-RAF-stealth-jet-hacking-Tinder-profile.html
A female RAF airwoman has had her Tinder profile hacked by a secret agent
The spy used the profile to target RAF aircrew involved in the F-35 fighter project
The plot was foiled after the RAF woman reported her Tinder was compromised
RAF chiefs have sent a warning to personnel about ‘online social engineering’
Secrets about Britain’s new £9 billion stealth fighter jets have been leaked in an audacious honeytrap plot, The Mail on Sunday can reveal.
In a sophisticated sting operation, the profile of an RAF airwoman on dating app Tinder was hacked, allowing a spy, posing as the woman, to contact RAF servicemen and sweet-talk at least one into revealing details about the F-35 Lightning II fighter.
RAF sources last night confirmed information about the hugely sensitive and expensive stealth jet had been passed to an as-yet unidentified third party.
It is unclear if a foreign power was involved, but suspicion is likely to centre on the intelligence services of Russia and China. Both countries are desperate for information on the F-35 fleet
The UK is committed to buying 138 of the jets, each costing £92 million.
A memo sent from the RAF’s head of security to top brass on July 9 said: ‘Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35.
‘Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation.
Tomi Engdahl says:
Microsoft Releases Patches for 60 Flaws—Two Under Active Attack
https://thehackernews.com/2018/08/microsoft-patch-updates.html
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.
The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.
Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release.
According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully.
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573
Tomi Engdahl says:
Google apps could be tracking you at all times
https://www.itproportal.com/news/google-apps-could-be-tracking-you-at-all-times/
Google tracks the movement of its users, even if they explicitly say they don’t want to be tracked, new research from AP suggests.
AP says many of Google’s services on Android and iPhone devices track data of their users’ location, even when the user turns the feature off. The claims have been confirmed by researchers from Princeton.
In most cases, Google first asks for permission to know where someone is located.
There’s also the option to turn off “location history”, and this feature comes with a notice that the company will not be allowed to remember where the user was. However, this feature does not work as intended, AP says, claiming that some Google apps still store user location, even when the feature is turned off.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/verkkohyokkaajat-kuristivat-suomea-ikavasta-paikasta-puolustajalla-on-heikommat-oltavat-6736043
Tomi Engdahl says:
https://www.uusiteknologia.fi/2018/08/15/identiteettivarkauksia-tehdaan-jo-murtoja-enemman/
Tomi Engdahl says:
Hackers can compromise your network just by sending a Fax
https://thehackernews.com/2018/08/hack-printer-fax-machine.html
What maximum a remote attacker can do just by having your Fax machine number?
Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it.
Check Point researchers have revealed details of two critical remote code execution (RCE) vulnerabilities they discovered in the communication protocols used in tens of millions of fax machines globally.
You might be thinking who uses Fax these days!
Well, Fax is not a thing of the past. With more than 300 million fax numbers and 45 million fax machines in use globally, Fax is still popular among several business organizations, regulators, lawyers, bankers, and real estate firms.
Since most fax machines are today integrated into all-in-one printers, connected to a WiFi network and PSTN phone line, a remote attacker can simply send a specially-crafted image file via fax to exploit the reported vulnerabilities and seize control of an enterprise or home network.
Dubbed Faxploit, the attack involves two buffer overflow vulnerabilities—one triggers while parsing COM markers (CVE-2018-5925) and another stack-based issue occurs while parsing DHT markers (CVE-2018-5924), which leads to remote code execution.
To demonstrate the attack, Check Point Malware Research Team Lead Yaniv Balmas and security researcher Eyal Itkin used the popular HP Officejet Pro All-in-One fax printers—the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8301-salasanojen-tallennusohjelmat-vuotavat
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8299-identiteettivarkaus-on-suomessa-jo-yleisempi-kuin-murto
Tomi Engdahl says:
Intel discloses three more chip flaws
https://www.reuters.com/article/us-cyber-intel/intel-discloses-three-more-chip-flaws-idUSKBN1KZ280
U.S. chipmaker Intel Corp (INTC.O) on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory.
Tomi Engdahl says:
An 11-Year-Old Changed The Results Of Florida’s Presidential Vote At A Hacker Convention. Discuss.
https://www.buzzfeednews.com/article/kevincollier/voting-hackers-defcon-failures-manufacturers-ess
Veteran hackers have tried for years to get the world to notice flaws in voting machines. Now that they’ve got it, they have to wrestle with scaring people away from voting.
Election hackers have spent years trying to bring attention to flaws in election equipment. But with the world finally watching at DEFCON, the world’s largest hacker conference, they have a new struggle: pointing out flaws without causing the public to doubt that their vote will count.
Tomi Engdahl says:
Raptor WAF v0.5 – Web Application Firewall using DFA
https://www.kitploit.com/2018/08/raptor-waf-v05-web-application-firewall.html?m=1
Tomi Engdahl says:
RunSafe could eliminate an entire class of infrastructure malware attacks
https://techcrunch.com/2018/08/15/runsafe-could-eliminate-an-entire-class-of-infrastructure-malware-attacks/?sr_share=facebook&utm_source=tcfbpage
RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company released a product called Alkemist that enables customers to install the solution without help from RunSafe.
product began with the DoD research and a simple premise: “If you assume hardware in the supply chain is compromised, can you still build trusted software on top of untrusted hardware. And so we came up with techniques that we have since greatly expanded to protect the software from compromise. We eliminate an entire class of attacks and greatly reduce the attack surface for software across critical infrastructure,”
The way they do this is by hardening the software binary so malware and exploitations can’t find the tools they need to execute across the infrastructure. In the data center example, that means the attacker could find their way in, and attack a single machine, but couldn’t replicate the attack across multiple machines.
Tomi Engdahl says:
Cisco patches router OS against new crypto attack on business VPNs
https://www.zdnet.com/article/cisco-patches-router-os-against-new-crypto-attack-on-business-vpns/
New attack threatens enterprise VPN and could enable target networks to be impersonated or allow a man-in-the-middle attack.
Tomi Engdahl says:
“The interception of SMS text messages, using techniques such as SIM-swapping or abusing weaknesses in the SS7 protocol, has been practised by criminals for quite a while.”
https://www.netsparker.com/blog/web-security/reddit-hack-teaches-web-security/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+netsparker+%28Netsparker%29
Tomi Engdahl says:
What the Reddit Hack Teaches Us About Web Security
https://www.netsparker.com/blog/web-security/reddit-hack-teaches-web-security/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+netsparker+%28Netsparker%29
A few days ago, Reddit announced that they had been the victim of an elaborate hack attack and data breach. The attackers accessed the email digests from August 2018 and the entire 2007 database backup. The backup included old salted and hashed user passwords, usernames and their email addresses. The attackers also compromised a few Reddit employee accounts by intercepting the SMS used in two-factor authentication (2FA).
An Excellent Example of Proper Logging and Monitoring
Perhaps the most controversial item on the OWASP Top 10 List for 2017 was the Insufficient Logging and Monitoring category. A similar category is listed in the OWASP Proactive Controls List – Implement Logging and Intrusion Detection. While the implementation of the logging mechanism is listed as a recommended measure in the Proactive Controls list, the improper implementation of this mechanism is listed as a vulnerability in the Top 10 list.
Keeping in mind that the average time between a successful attack and its detection is no less than a whopping 191 days, Reddit did a pretty impressive job by uncovering the attack on June 19 – only about 1-4 days after the attack (June 14-18) took place.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8308-nyt-hyokataan-reitittimiin
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8305-paalistalle-siirtynyt-nixu-teki-isot-tappiot
Tomi Engdahl says:
Google Bug Bounty Program Now Covers Platform Abuse
https://www.securityweek.com/google-bug-bounty-program-now-covers-platform-abuse
Google on Wednesday announced the expansion of its bug bounty program to include techniques that can be used to bypass the company’s abuse detection systems.
The Internet giant claims to have paid out over $12 million as part of its Vulnerability Reward Programs since 2010, including payouts for bug reports describing techniques for bypassing fraud, abuse and spam systems.
These types of reports have now officially been added to Google’s bug bounty program. The company says it’s prepared to pay up to $5,000 for high impact and high probability issues.
“Reports that deal with potential abuse-related vulnerabilities may take longer to assess, because reviewing our current defense mechanisms requires investigating how a real life attack would take place and reviewing the impact and likelihood requires studying the type of motivations and incentives of abusers of the submitted attack scenario against one of our products,” Google said.
For example, a technique that allows an attacker to manipulate the rating score of a Google Maps listing by submitting a large volume of fake reviews without being detected by the company’s systems would qualify for a reward in the new platform abuse category. Researchers can also earn rewards for bypassing account recovery systems at scale, finding systems vulnerable to brute-force attacks, bypassing content use and sharing restrictions, or buying items from Google without paying.
https://www.google.com/about/appsecurity/reward-program/
Tomi Engdahl says:
Container Security Firm Twistlock Raises $33 Million
https://www.securityweek.com/container-security-firm-twistlock-raises-33-million
The company’s flagship Twistlock platform provides protection for containers, serverless functions, and container-as-a-service platforms like AWS Fargate into a single full stack security platform.
The latest version of the platform brings cloud native forensics capabilities to help during the incident response process.
Tomi Engdahl says:
SAP Releases August 2018 Security Updates
https://www.securityweek.com/sap-releases-august-2018-security-updates
Tomi Engdahl says:
FBI Eyes Plethora of River-Related Threats
https://www.securityweek.com/fbi-eyes-plethora-river-related-threats
Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.
Roughly nine months into his job as special agent in charge of the New Orleans office of the FBI, agent Eric Rommal is keenly aware of the dangers cyber-criminals pose to Mississippi River-related businesses and south Louisiana infrastructure.
“Louisiana is a major cyber vulnerability area,” Rommal told The Associated Press in an interview.
“Every time that we have a vessel that travels up or down the Mississippi River there’s a vulnerability: that that vessel or persons on those vessels may in fact be doing harm to our systems,” said Rommal. “And that affects the national economy and affects the entire United States.”
“When it relates to commerce and the economy throughout the United States, oil and gas — it all starts here,” said Rommal. “And when those systems are compromised, it doesn’t just affect Louisiana. It affects the entire nation.”
A cyber disruption of security systems that protect pipelines and refineries “could essentially cripple the oil and gas industry until we could get that system up and running again,” said Rommal.
Energy isn’t the only concern.
“The ports that are along the Mississippi River — many may think of them as an agricultural or a petroleum depot. But what we need to know more about is that each one of those systems is controlled by sort of computer network that allows barges to be off-loaded, loaded,” he said.
A hacker disrupting those operations could effectively disrupt nationwide and international commerce, he said, until it could be manually restored.
THEFT
Ports and the businesses that use them are susceptible to theft of money or critical information, Ramey said. And the theft can be state-sponsored.
“That would be, say, the Chinese, the Russians, the Iranians, the North Koreans, want to compromise the ports for, say, some sort of economic or secretive information. The maritime and the port industry are susceptible to what we call BEC — business email compromises,” Ramey said.
Tomi Engdahl says:
Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer
https://www.securityweek.com/microsoft-patches-zero-day-flaws-windows-internet-explorer
Microsoft’s Patch Tuesday updates for August 2018 address 60 vulnerabilities, including two zero-day flaws affecting Windows and Internet Explorer.
One of the actively exploited vulnerabilities is CVE-2018-8414, which Microsoft learned of from Matt Nelson of SpecterOps. Nelson disclosed the details of the bug in June after Microsoft told him that “the severity of the issue is below the bar for servicing and that the case will be closed.”
Proofpoint then revealed in July that a financially-motivated threat actor tracked by the company as TA505 had been exploiting the flaw to deliver the FlawedAmmyy RAT.
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39?gi=8448861329b6
Tomi Engdahl says:
Tech Giants Face Hefty Fines Under Australia Cyber Laws
https://www.securityweek.com/tech-giants-face-hefty-fines-under-australia-cyber-laws
Tech companies could face fines of up to Aus$10 million (US$7.3 million) if they fail to hand over customer information or data to Australian police under tough cyber laws unveiled Tuesday.
The government is updating its communication laws to compel local and international providers to co-operate with law enforcement agencies, saying criminals were using technology, including encryption, to hide their activities.
The legislation, first canvassed by Canberra last year, will take into account privacy concerns by “expressly” preventing the weakening of encryption or the introduction of so-called backdoors, Cyber Security Minister Angus Taylor said.
Tomi Engdahl says:
The Real Takeaways From the Reddit Hack
https://www.securityweek.com/real-takeaways-reddit-hack
On August 1st, US-based social news aggregation, web content, and discussion website, Reddit.com disclosed a data breach whose full impact has yet to be determined. Reddit said the breach was discovered on June 19th ― four days after the hacker(s) compromised several employee accounts at its cloud and source code hosting providers.
Tomi Engdahl says:
Vulnerability Could Allow Insider to Bypass CEO’s Multi-Factor Authentication
https://www.securityweek.com/vulnerability-could-allow-insider-bypass-ceos-multi-factor-authentication
Vulnerability Allows a Second Factor for One Account to be Used for All Accounts in an Organization
A simple vulnerability in Microsoft’s Active Directory Federation Services (ADFS) can lead to catastrophic results. The flaw (CVE-2018-8340) was discovered by Okta researcher Andrew Lee; and patched by Microsoft in this month’s Patch Tuesday security updates.
ADFS is used by third party vendors, such as Okta, Gemalto, Duo, Authlogics, RSA, and SecureAuth. It allows companies to add multi-factor authentication to their security controls. Exploiting the vulnerability allows any attacker with a valid second factor to access any other user’s account if they can obtain that user’s credentials. The flaw affects all third-party MFA vendors that use Microsoft’s ADFS.
There is obviously some work to do by the attacker; but it is not that difficult
Tomi Engdahl says:
Adobe Patches 11 Flaws Across Four Products
https://www.securityweek.com/adobe-patches-11-flaws-across-four-products
Tomi Engdahl says:
UK Police Deploy Homemade Mobile Fingerprint Scanners
https://www.securityweek.com/uk-police-deploy-homemade-mobile-fingerprint-scanners
The UK Metropolitan Police Service — the Met, the UK’s largest police force and one of the largest in the world — has introduced a new portable fingerprint scanner. This is not the first portable scanner used by the Met, but differs from the earlier option by being developed in-house.
Known as INK (identity not known), it combines software produced in-house by Met staff with an Android mobile phone paired with a Cross Match Technologies fingerprint reader. The device communicates securely with the Home Office Biometric Services Gateway (BSG), which then searches the Criminal Records Office (IDENT1) and immigration enforcement (IABS) databases.
If a suspect has a criminal record, the Met says, or is known to immigration enforcement, his or her identity can be confirmed at the roadside. An officer, with relevant access levels, can also use the device to check the Police National Computer to establish if they are currently wanted for any outstanding offences.
Tomi Engdahl says:
Crypto Flaw Affects Products From Cisco, Huawei, ZyXEL
https://www.securityweek.com/crypto-flaw-affects-products-cisco-huawei-zyxel
A team of researchers has disclosed the details of a new attack method that can be used to crack encrypted communications. The products of several vendors, including Cisco, Huawei, ZyXEL and Clavister, are impacted.
The attack will be presented later this week at the 27th USENIX Security Symposium in Baltimore, Maryland, by researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany. The research paper has already been made public.
The experts have analyzed the impact of key reuse on Internet Protocol Security (IPsec), a protocol that authenticates and encrypts the data packets sent over a network. IPsec is often used for virtual private networks (VPNs).
The cryptographic key for IPsec uses the Internet Key Exchange (IKE) protocol, which has two versions, IKEv1 and IKEv2. Each version of IKE has different modes, configurations and authentication methods.
“[Reusing] a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers,”
https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
Tomi Engdahl says:
The Real Takeaways From the Reddit Hack
https://www.securityweek.com/real-takeaways-reddit-hack
There Are Significant Differences Between Each 2FA Method, and the Risks it Poses
Tomi Engdahl says:
An Airline Scans Your Face. You Take Off. But Few Rules Govern Where Your Data Goes.
https://www.nytimes.com/2018/08/06/us/politics/facial-recognition-airports-privacy.html
The program makes boarding an international flight a breeze: Passengers step up to the gate, get their photo taken and proceed onto the plane. There is no paper ticket or airline app. Thanks to facial recognition technology, their face becomes their boarding pass.
“I would find it superconvenient if I could use my face at the gate,” said Jonathan Frankle, an artificial intelligence researcher at M.I.T. studying facial recognition technology. But “the concern is, what else could that data be used for?”
The problem confronting Mr. Frankle, as well as thousands of travelers, is that few companies participating in the program, called the Traveler Verification Service, give explicit guarantees that passengers’ facial recognition data will be protected.
Tomi Engdahl says:
Hackers Exploiting DLink Routers to Redirect Users to Fake Brazilian Banks
https://www.bleepingcomputer.com/news/security/hackers-exploiting-dlink-routers-to-redirect-users-to-fake-brazilian-banks/
Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker’s control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user’s account information.
According to research by Radware, the exploit being used by the attackers allows them to perform remote unauthenticated changes to DNS settings on certain DLink DSL modems/routers. This allows them to easily scan for and script the changing of large amounts of vulnerable routers so that their DNS settings point to a DNS server under the attacker’s control.
Tomi Engdahl says:
Researcher Finds A Hidden ‘God Mode’ on Some Old x86 CPUs
https://it.slashdot.org/story/18/08/11/0042203/researcher-finds-a-hidden-god-mode-on-some-old-x86-cpus
The command — “.byte 0x0f, 0x3f” in Linux — “isn’t supposed to exist, doesn’t have a name, and gives you root right away,” Domas said, adding that he calls it “God Mode.” The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces (“userland”) run in ring 3, furthest from the kernel and with the least privileges.
Hacker Finds Hidden ‘God Mode’ on Old x86 CPUs
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
Tomi Engdahl says:
Russian Hackers Targeted Swedish News Sites In 2016, State Department Cable Says
https://www.buzzfeednews.com/article/kevincollier/2016-sweden-ddos-expressen-hack-russia-cables
According to a newly released State Department cable, the attack was part of a Russian campaign to sow disinformation about NATO. It came as Russia allegedly was stealing Democrats’ emails.
Russian Intelligence Hacked Into DNC Data Server Two Months Before Election
https://www.buzzfeednews.com/article/kevincollier/democrats-hacking-trump-russians-mueller-indictment
Tomi Engdahl says:
Cache of the Titans: Let’s take a closer look at Google’s own two-factor security keys
If it’s good enough for me…
https://www.theregister.co.uk/2018/08/02/google_titan_security_key/
Intriguing news for anyone who believes that FIDO two-factor authentication keys are the obvious way to stop phishing attacks that not enough people use – Google is launching its own authentication token.
Called the Titan Security Key (not to be confused with Google’s Titan security chip), its announcement at Google’s Cloud Next 2018 conference in July may explain why the web giant was keen some days ago to boast that its 85,000 employees have not suffered a single successful account takeover since the company mandated the use of these keys in early 2017.
Tomi Engdahl says:
Hack causes pacemakers to deliver life-threatening shocks
Researchers criticize device-maker Medtronic for slow response.
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
Tomi Engdahl says:
[Teema] Viranomaisten kyberyhteistyö on verkostoja, tiedonjakoa ja useita kahvikuppeja
https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2018/08/ttn201808091242.html
“Suomessa kyberturvallisuus pahasti hunningolla” – kenraalin mukaan tilanne näyttää paremmalta kuin on
https://www.tivi.fi/Kaikki_uutiset/suomessa-kyberturvallisuus-pahasti-hunningolla-kenraalin-mukaan-tilanne-nayttaa-paremmalta-kuin-on-6735390
Tomi Engdahl says:
Electric utilities use red-teaming, AI to prepare for advanced threats
https://www.cyberscoop.com/electric-utilities-use-red-teaming-ai-to-prepare-for-advanced-threats/
The U.S. electric industry has responded to a steady stream of cyberthreats with more rigorous red-teaming and by using artificial intelligence, utility executives said.
“We’re penetrating our own system to ensure that we are moving the envelope,” said Brian Harrell, Duke Energy Corp.’s managing director of enterprise protective services. “We’re trying to find the vulnerabilities before anyone else does.”
“Just yesterday I [was] having a six-hour conversation with the FBI about somebody trying to penetrate our system,” Harrell said Friday at an event at George Washington University’s (GWU) Center for Cyber and Homeland Security. “These are the kinds of things that are happening on a day in and day out basis.”
In March, the Department of Homeland Security warned that Russian government hackers had targeted the energy sector, among others, in a two-year campaign that collected information on industrial control systems (ICS) used in the sector.
Outsourcing is an option
Big power companies like Duke Energy and PG&E can run their own in-house intelligence organizations, with analysts picking apart threat data. The smaller electric cooperatives serving rural communities across the country, however, tend to lack the resources to do that.
For example, smaller companies frequently try to “‘dual hat’ their control systems people and tell them – you also need to perform these cybersecurity tasks, but often there is a skills gap,” Marty Edwards, an industrial cybersecurity expert, told CyberScoop.
“The good news is that you no longer need to try and do all this in-house,” added Edwards, who is managing director of the Automation Federation. “There are plenty of boutique cybersecurity consulting companies that specialize in ICS and operational technology – and you should bring them in to see what they can find.”
Tomi Engdahl says:
Vieraskynä: #Helsinki2018 yhdisti tietoturvatekijät yhteistyöhön
https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2018/07/ttn201807181330.html
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/luotatko-salasalasanojesi-olevan-turvassa-ala-luota-liikaa-suomalaiset-loysivat-kriittisia-haavoittuvuuksia-6736407
https://www.tivi.fi/Kaikki_uutiset/palvelunestohyokkays-yllatti-julkishallinnon-verkkopalvelut-t-t-suojauskeinot-oli-hankittu-mutta-ne-eivat-olleet-taysin-kaytossa-6736483
Tomi Engdahl says:
Most Wanted Malware: Attacks Targeting IoT and Networking doubled since May 2018
July’s Most Wanted Malware: Attacks Targeting IoT and Networking doubled since May 2018
https://blog.checkpoint.com/2018/08/15/julys-most-wanted-malware-attacks-targeting-iot-and-networking-doubled-since-may-2018/
Three IoT vulnerabilities entered July’s top ten most exploited vulnerabilities list, as threat actors have doubled their attacks on these Mirai and Reaper-related vulnerabilities since May 2018.
During July 2018, three IoT vulnerabilities entered the Top 10 most exploited list: MVPower DVR router Remote Code Execution at #5; D_Link DSL-2750B router Remote Command Execution at #7; and Dasan GPON router Authentication Bypass at #10. Together, 45% of all organizations across the world were impacted by attacks targeting these vulnerabilities, compared with 35% in June 2018 and 21% in May. These vulnerabilities all enable attackers to execute malicious code and gain remote control of the target devices.
Known vulnerabilities offer cyber-criminals an easy and relatively frictionless entry point into corporate networks, enabling them to propagate a wide range of attacks. IoT vulnerabilities, in particular, are often ‘the path of least resistance’, as once one device is compromised, it can be straightforward to infiltrate further connected devices. As such, organizations must apply patches as soon as they’re available in order to secure their networks from known vulnerabilities.
Tomi Engdahl says:
Email Phishers Using New Way to Bypass Microsoft Office 365 Protections
https://thehackernews.com/2018/08/microsoft-office365-phishing.html
Phishing works no matter how hard a company tries to protect its customers or employees.
Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.
On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain.
But as I said, phishers always find a way to bypass security protections in order to victimize users.
In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.
Microsoft scans the body of an email, including the links provided in it, but since the links in the latest email campaign lead to an actual SharePoint document, the company did not identify it as a threat.
Tomi Engdahl says:
APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
https://intrusiontruth.wordpress.com/2018/08/15/apt10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/
In previous posts, Intrusion Truth showed that the Cloud Hopper / APT10 hackers that attacked thousands of global clients of Managed Service Providers (MSPs) in 2016 were based in Tianjin, China.
We identified Zheng Yanbin, Gao Qiang and Zhang Shilong as three actors responsible. We associated them with the Huaying Haitai Science and Technology Development Co Ltd (天津华盈海泰科技发展有限公司) and Laoying Baichen Instruments Equipment Co Ltd in Tianjin China. But we haven’t yet explained who was masterminding or controlling the attacks.
Tomi Engdahl says:
FBI Warns of ‘Unlimited’ ATM Cashout Blitz
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hour
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday.
FBI Is Reportedly Warning Banks That Hackers Are Planning to Make A Global Run on ATMs
https://motherboard.vice.com/en_us/article/ywke7w/fbi-is-reportedly-warning-banks-that-hackers-are-planning-to-make-a-global-run-on-atms
Unlimited operations typically take advantage of weak cybersecurity at smaller banking institutions and allow hackers to make coordinated runs on ATMs.
Tomi Engdahl says:
Former Microsoft Engineer Gets 18 Months in Prison for Role in Ransomware Scheme
https://www.bleepingcomputer.com/news/security/former-microsoft-engineer-gets-18-months-in-prison-for-role-in-ransomware-scheme/
On Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.
Tomi Engdahl says:
Erin Pearson / The Age:
Unnamed Melbourne-based 16-year-old pleads guilty to repeatedly breaching Apple’s systems and downloading 90GB of sensitive files — A Melbourne private schoolboy who repeatedly broke into Apple’s secure computer systems is facing criminal charges after the technology giant called in the FBI.
Melbourne teen hacked into Apple’s secure computer network, court told
https://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html
A Melbourne private schoolboy who repeatedly broke into Apple’s secure computer systems is facing criminal charges after the technology giant called in the FBI.
The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.
The Children’s Court heard on Thursday that he had downloaded 90gb of secure files and accessed customer accounts.
His offending from the age of 16 saw him develop computerised tunnels and online bypassing systems to hide his identity until a raid on his family home uncovered a litany of hacking files and instructions all saved in a folder titled “hacky hack hack”.
Tomi Engdahl says:
Zach Dorfman / Foreign Policy:
Current and former US officials say CIA’s communication system used for sources in China was compromised, leading to China executing ~30 US spies from 2010-2012 — The number of informants executed in the debacle is higher than initially thought. — It was considered one of the CIA’s worst failures …
Botched CIA Communications System Helped Blow Cover of Chinese Agents
The number of informants executed in the debacle is higher than initially thought.
https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/
It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle.
How were the Chinese able to roll up the network?
Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources
apparently underestimated China’s ability to penetrate it.
“The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information. The former official described the attitude of those in the agency who worked on China at the time as “invincible.”
Other factors played a role as well, including China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time. Federal prosecutors indicted Lee earlier this year in connection with the affair.
But the penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets.
“When things started going bad, they went bad fast.”
Tomi Engdahl says:
FBI Eyes Plethora of River-Related Threats
https://www.securityweek.com/fbi-eyes-plethora-river-related-threats
Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.
Roughly nine months into his job as special agent in charge of the New Orleans office of the FBI, agent Eric Rommal is keenly aware of the dangers cyber-criminals pose to Mississippi River-related businesses and south Louisiana infrastructure.
“Louisiana is a major cyber vulnerability area,” Rommal told The Associated Press in an interview.
“Every time that we have a vessel that travels up or down the Mississippi River there’s a vulnerability: that that vessel or persons on those vessels may in fact be doing harm to our systems,” said Rommal. “And that affects the national economy and affects the entire United States.”
“When it relates to commerce and the economy throughout the United States, oil and gas — it all starts here,” said Rommal. “And when those systems are compromised, it doesn’t just affect Louisiana. It affects the entire nation.”
Tomi Engdahl says:
NIST Small Business Cybersecurity Act Becomes Law
https://www.securityweek.com/nist-small-business-cybersecurity-act-becomes-law
The NIST Small Business Cybersecurity Act Aims to Provide Cyberdefense Resources
U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday (August 14, 2018). It requires NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The resources to be provided are informational. They must be generally applicable to a wide range of small businesses; vary with the nature and size of small businesses; promote cybersecurity awareness and workplace cybersecurity culture; and include practical application strategies. The resources must further be technology-neutral and compatible with COTS solutions; and as far as possible consistent with international standards and the Stevenson-Wydler Technology Innovation Act of 1980.
Use of these resources by small businesses is voluntary.
“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Schatz, lead Democrat on the Commerce Subcommittee on Communications Technology, Innovation, and the Internet, in a statement. “This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks.”
The act has been well-received by the security industry.
“Bills focusing on the cybersecurity needs of small businesses are becoming increasingly necessary to protect activity crucial to the U.S. economy,” explains Jessica Ortega, a member of the SiteLock research team. “Small businesses account for 99.7% [SBA figures] of employers in the United States and as many as 50% [CNBC figures] of those have experienced a cyberattack. Not surprising when you consider that websites are attacked as many as 50 times per day on average [Sitelock's own figures].