BuzzSec

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/77

This thing is a nightmare that escaped into daylight. The Russian GRU—aka Fancy Bear—probably was riveted reading the Wikileaks CIA Vault 7 UEFI Rootkit docs ( PDF ) and built one of these motherboard-killers of their own, apparently weaponizing the existing Lojack commercial code to speed up the job. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-now-in-the-wild-new-super-evil-rootkit-survives-even-nuke-from-orbit-and-hd-swap

Despite the volatility that is characterizing cryptocurrencies, mining is still a lucrative business for cyber criminals. Recent academic research has shown that only the embedded cryptocurrency miner CoinHive is generating $250,000 worth of Monero every month, most of it (80%) going to just 10 individuals. from HACKMAGEDDON https://www.hackmageddon.com/2018/09/30/present-and-future-of-crypto-threats/

It was all over the news, and CNBC interviewed KnowBe4's very own Chief Hacking Officer Kevin Mitnick (note the StreetCred box on the right). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/kevin-mitnick-weighs-in-on-facebooks-big-security-breach

This is really neat . As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2018/09/friday_squid_bl_644.html

To start your National Cyber Security Awareness Month ( NCSAM ) here is a goodie for your users to kick things off. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/infographic-20-ways-to-block-mobile-attacks

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook wrote. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.” Facebook said it was removing the insecure View As feature, and resetting the access tokens of 50 million accounts that the company said it knows were affected, as well as the tokens for another 40 million users that may have been impacted over

JOIN TRUSTEDSEC ON Wednesday, October 17th, 2018 AT 1:00 PM EDT Organizations are facing a dangerous combination of mounting cybersecurity threats and a widening gap in the skills required to identify and combat them. There is continuing pressure to keep our information secure and breach-free, and to create leadership roles in the organization to address this risk. CISO’s on the rise Creating Chief Information Security Officer positions has continued to be on the uptick over the last five years.  However, according to a Ponemon study senior security executives on average leave after 30 months on the job – some studies show the turnover is closer to 18 months! A Virtual CISO can be a less expensive alternative For small- to mid-sized businesses, it may be difficult to justify the expense of a full-time CISO. The normal annual contract rate for virtual CISOs is 35-40% of what it costs to pay the normal industry salary for a full-time position to perform the same services. Outside o

The major tech companies, scared that states like California might impose actual privacy regulations , have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to weaken the California law, but they know they'll do better at the national level. from Schneier on Security https://www.schneier.com/blog/archives/2018/09/major_tech_comp.html

Spam campaigns are all but dead. But lucrative targeted low-risk, high-yield cyber-attacks have risen to take their place, according to the European Union law enforcement agency Europol. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/targeted-attacks-replace-spam-campaigns

The operation run by botnet author Peter Levashov demonstrates how easy it is for would-be criminals to get into the business. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-cybercrime-economy-makes-it-impossible-to-stop

Original release date: September 28, 2018 What is malicious code? Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. Viruses have the ability to damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages. Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding. Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer. How can you protect yourself against

Original release date: September 28, 2018 The Internet Crime Complaint Center (IC3), in collaboration with DHS and the Federal Bureau of Investigation, has released an alert on cyber threat actors maliciously using legitimate remote administration tools, such as Remote Desktop Protocol (RDP). Threat actors identify and exploit vulnerable RDP sessions to facilitate credential theft and ransomware infection. NCCIC encourages users and administrators to review the IC3 Alert and the NCCIC Tips on Securing Network Infrastructure Devices and Choosing and Protecting Passwords . If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov . This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/09/28/IC3-Issues-Alert-RDP-Exploitation

This is common wisdom, but it bears repeating, because common wisdom is easily overlooked. People are often called an organization's greatest asset. They're also its greatest cybersecurity risk, especially while they're on social media. Technology won't completely offset employee mistakes that open the door to cyberattacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-human-element-is-essential-to-safe-social-networking

Original release date: September 27, 2018 On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important part of preventing domain name hijacking. Updating DNSSEC KSK is a crucial security step in ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies , it is not required of the private sector. Organizations that do not use DNSSEC validation will be unaffected by the rollover. NCCIC encourages administrators to update their DNSSEC KSK before October 11, 2018. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information. This product is provided subject to this Notification and this Privacy & Use policy.

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form of skimming that often takes thieves days to implement. This type of attack, sometimes called ATM “wiretapping” or “eavesdropping,” starts when thieves use a drill to make a relatively large hole in the front of a cash machine. The hole is then concealed by a metal faceplate, or perhaps a decal featuring the bank’s logo or boilerplate instructions on how to use the ATM. A thin metal faceplate is often used to conceal the hole drilled into the front of the ATM. The PIN pad shield pictured

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks ." It's still in draft. Remember, there are many others . from Schneier on Security https://www.schneier.com/blog/archives/2018/09/yet_another_iot.html

Sierra and BreAnna// We recently received an email from someone working on their degree who had some questions for whichever tester we could round up. They were great questions and since we get asked similar things quite frequently we decided to create a 2-part blog post answering them with the help of several testers. See […] The post A Career in Information Security: FAQ (Part 1) appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/

As the holiday season approaches, cybercriminals are set to scam your users out of their personal money but also your organizational budget. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/holiday-threat-no.-1-evil-twin-domains-with-a-trusted-ssl/tsl-certificate

I gave you a heads-up a few days ago, and now I'm excited to announce the actual release of a new tool to help protect your organization from the bad guys. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/brand-new-tool-domain-doppelg%C3%A4nger-identifies-risky-look-alike-domains

Original release date: September 27, 2018 NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below: Thursday, September 27 Tuesday, October 2 Thursday, October 4 NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/09/27/NCCIC-Webinar-Series-Protecting-Enterprise-Network-Infrastructure

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver. Using only such received signal power measurements, the receiver estimates how many people are inside the room ­ an estimate that closely matches the actual number. It is noteworthy that the researchers do not do any prior measurements or calibration in the area of interest; their approach has only a very short calibration phase that need not be done in the same area. Academic paper . from Schneier on Security https://www.schneier.com/blog/archives/2018/09/counting_people.html

Curtin Franklin at Darkreading correctly observed: "USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-lowly-usb-drive-remains-a-critical-cyberthreat

The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound to them by regulatory or contractual reasons, but also by those in search of solid guidance for information security topics for general controls. In August, President Trump signed a congressional act that requires NIST to provide guidance and resources for small businesses to “identify, assess, manage, and reduce their cybersecurity risks.” While voluntary, if history is any guide, these resources should prove valuable for these small businesses looking to improve their cybersecurity program and in turn lower the risks to their organizations.   Why Do Resources Directed to Small Businesses Matter? Small businesses face ma

The US Marshals Service has stated that a new phone scam is targeting residents of Marshall, Texas. The scammer claims to be from the local sheriff’s office and tells residents that the federal judge in the city, Rodney Gilstrap, has issued a warrant for their arrest. One victim told the Marshall Courthouse that an unknown caller told her that she had failed to appear for jury selection, and that Judge Gilstrap had issued a warrant for her arrest. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phone-scam-impersonates-sheriffs-office-using-judges-name

Ewww. Something else to watch out for. Will it ever stop?. Ummm, no. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ewww.-password-managers-can-be-tricked-into-believing-that-malicious-android-apps-are-legitimate

Original release date: September 26, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/09/26/Cisco-Releases-Security-Updates-Multiple-Products

  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/highly-targeted-email-attacks-are-on-the-rise

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/76

We’ve noted in other posts that events like natural disasters are inevitably used as phishbait by scammers. The Atlantic hurricane season, which breeds storms like the recent and very destructive hurricane Florence, provides lots of opportunities for this unusually repellent form of fraud. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/as-predicted-hurricane-florence-scams-are-circulating

This is interesting research: " On the Security of the PKCS#1 v1.5 Signature Scheme ": Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA. Despite the huge practical importance of RSA PKCS#1 v1.5 signatures, providing formal evidence for their security based on plausible cryptographic hardness assumptions has turned out to be very difficult. Therefore the most recent version of PKCS#1 (RFC 8017) even recommends a replacement the more complex and less efficient scheme RSA-PSS, as it is provably secure and therefore considered more robust. The main obstacle is that RSA PKCS#1 v1.5 signatures use a deterministic padding scheme, which makes standard proof techniques not applicable. We introduce a new technique that enables the first security proof

Charlie Osborne reported at ZDNet that Adwind, a Remote Access Trojan (RAT) previously connected to attacks against industries worldwide, is back with a new toolkit designed to trick antivirus programs into allowing the malware to exploit systems. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/adwind-trojan-uses-phishing-to-circumvent-antivirus-and-infect-workstations

Written by Guest Blogger Nick Cavalancia, Microsoft MVP Hear one cybersecurity expert’s experience of missing the signs and getting duped over the phone. If it can happen to him, it can happen to your users. “Vishing” is the art of “voice phishing” – a social engineering technique used to trick people over the phone to divulge information that a scammer can use. This is my story of how I got vished, what they did “right”, what they did wrong, and what you can do to ensure your users never fall for this kind of scam. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/i-got-vished-and-so-can-your-users

John Strand shares some of his own journey into information security and also his ideas and tips for those wanting to get into the industry from the start, or those looking to change career paths mid stream. He’s joined by special guests Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT […] The post PODCAST: John Strand’s 5 Year Plan into InfoSec Part 2 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/podcast-john-strands-5-year-plan-into-infosec-part-2/

John Strand talks about his own journey into information security and shares his suggestions for those wanting to get started from scratch or who are looking to change career tracks. Special Guests: Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT Security Lab, and Ed Capizzi, SANS instructor   Show Notes […] The post WEBCAST: John Strand’s 5 Year Plan into InfoSec Part 2 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-john-strands-5-year-plan-into-infosec-part-2/

Original release date: September 24, 2018 Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/09/24/Apple-Releases-Security-Update-macOS-Mojave

In the latest episode of The Wall Street Journal’s podcast, The Future of Everything, the show tracks hackers compromising voting machines and hear from technologists hoping to safeguard democracy with help from blockchain and mobile voting, to understand if it’s possible for tech to protect our democratic process from foreign interference? Listen to Hack the Vote: How Safe Are Elections? below.   The post TrustedSec CEO David Kennedy on WSJ podcast, ‘The Future of Everything’ appeared first on TrustedSec . from TrustedSec https://www.trustedsec.com/2018/09/trustedsec-ceo-david-kennedy-on-wsj-podcast-the-future-of-everything/

Original release date: September 24, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium sev