BuzzSec

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/94

It's a problem : But now, fluctuations in ocean temperatures, years of overfishing and lax regulatory oversight have drastically depleted populations of the translucent squid in waters around Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2018/11/friday_squid_bl_653.html

My latest book is doing well. And I've been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available. The Audible version was delayed for reasons that were never adequately explained to me, but it's finally out. I still have signed copies available. Be aware that this is both slower and more expensive than online bookstores. from Schneier on Security https://www.schneier.com/blog/archives/2018/11/click_here_to_k_1.html

Darin Roberts// In previous blogs I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what is ICMP? ICMP is Internet Control Message Protocol. It allows internet connected devices to send error messages back to the source IP address when problems in […] The post How To: C2 Over ICMP appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-c2-over-icmp/

With the new year quickly approaching, it's time to start looking forward to what will be coming our way in the world of cybersecurity. Join SBS as we countdown the top cybersecurity trends to watch in 2019. from SBS CyberSecurity https://sbscyber.com/resources/hacker-hour-top-cybersecurity-trends-to-watch-in-2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Rocky Brockway   Title : Amazon exposed customer names and emails in a ‘technical error’ URL https://ift.tt/2R2TuI8 Author: Jack Gillum   Title: Tiny Twitter thumbnail tweaked to transport different file types URL: https://ift.tt/2Js4KLj Author: Thomas Claburn   Title : Who’s In Your Online Shopping Cart? URL : https://ift.tt/2D1oDHJ Author: Brian Krebs   [Tool Time]   URL:  https://ift.tt/2wmW6JX The post TrustedSec Podcast Episode 3.5 – What’s Hidden In Your Cart? appeared first on TrustedSec . from TrustedSec https://www.trustedsec.com/2018/11/trustedsec-podcast-episode-3-5-whats-hidden-in-your-cart/

So I guess we have just reached the tipping point, it's "privacy game over" for business travelers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-bad-guys-love-marriott-500-million-data-breach-is-phishing-heaven

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years. Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the company’s networks since 2014. Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the company’s network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property. “For approximately 327 mi

Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's without the rotors. from Schneier on Security https://www.schneier.com/blog/archives/2018/11/three-rotor_eni_1.html

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC ). Bloomberg has stood by its story -- and is still standing by it. I don't think it's real. Yes, it's plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment. from Schneier on Security https://www.schneier.com/blog/archives/2018/11/that_bloomberg_.html

We've got a few content updates in the KnowBe4 Modstore to share with you for the month of November! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-fresh-content-update-new-features-november-2018

A recent ruling from the Pennsylvania Supreme Court on an employee lawsuit against the University of Pittsburgh Medical Center stemming from a data breach should put all employers on notice. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/employers-are-liable-if-they-dont-protect-employees-sensitive-personal-information-from-attack

SBS CyberSecurity, along with SBS President and CEO Aaron Gamewell and his wife René, have created a new endowed scholarship for Dakota State University female cyber majors. from SBS CyberSecurity https://sbscyber.com/resources/press-release-sbs-cybersecurity-and-ceo-to-sponsor-women-in-cyber-security

Has your personal data been compromised? Well, if you’re an Android mobile phone user and have downloaded an application infected with the KevDroid malware, it very well may have been. from SBS CyberSecurity https://sbscyber.com/resources/is-your-android-spying-on-you

Join TrustedSec on December 12 th  at 1:00 EST   Companies Are Still Foggy With Security in the Cloud. One of the questions we get most often is about cloud security. In fact, it’s one of the least understood areas for both penetration testing and security program building as cloud services such as Azure and AWS continue to grow. TrustedSec Will Answer Questions Such As: If I Move Everything to the Cloud, Isn’t Security the Vendor’s Problem? There’s a reason that privacy and security terms are some of the most heavily negotiated parts of cloud contracts. Unfortunately, it’s not just the cloud service vendors’ issue. ‘Who is responsible for what?’ is a critical aspect and one you need to make sure you get right. What Are the Trickiest Regulatory Issues I Should be Concerned About ? We’ll discuss how you get on top of compliance requirements, policies and procedures, and the governance to ensure that all of the appropriate controls are met for the largest regulatory headaches.

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud. The charges include wire fraud, computer intrusion, aggravated identity theft and money laundering. Ovsyannikov was arrested last month in Malaysia; Zhukov was arrested earlier this month in Bulgaria; and Timchenko was arrested earlier this month in Estonia, all pursuant to provisional arrest warrants issued at the request of the United States. They await extradition. The remaining defendants are at large. It looks like an impressive piece of police work. Details of the forensics that led to the arrests. from Schneier on Security https://www.schneier.com/b

Two Iranian men were indicted in connection with the deployment of the sophisticated and sinister SamSam ransomware that crippled the operations of critical facilities in the U.S. and Canada. from Cyber Crimes Stories https://www.fbi.gov/news/stories/iranian-ransomware-suspects-indicted-112818

A new threat actor is targeting Lebanon and United Arab Emirates (UAE) government domains, as well as a Lebanese airline company, according to Warren Mercer and Paul Rascagneres at Cisco Talos. This group is using two fake job posting websites to deliver malicious Microsoft Office documents. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/dnspionage-malware-targets-domains-in-lebanon-and-united-arab-emirates

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/93

During the lunch hour, we had a plane buzzing our offices downtown Clearwater, check it out... from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-reached-a-major-2018-sales-milestone

The bad guys can’t do anything on your network without access. That’s why they focus their efforts on gathering as many sets of credentials as possible. You should focus there too. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/reduce-the-risk-of-data-breach-by-focusing-on-compromised-credentials

The module "event-steam" was infected with malware by an anonymous someone who became an admin on the project. Cory Doctorow points out that this is a clever new attack vector: Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive. Ironically, these are often projects with millions of users, who trust them specifically because of their stolid, unexciting maturity. This presents a scary social-engineering vector for malware: A malicious person volunteers to help maintain the project, makes some small, positive contributions, gets commit access to the project, and releases a malicious patch, infecting millions of users and

Original release date: November 27, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have released a joint Technical Alert (TA) on a major online ad fraud operation—referred to by the U.S. Government as "3ve." NCCIC encourages users and administrators to review Alert TA18-331A: 3ve – Major Online Ad Fraud Operation for more information. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/11/27/3ve-Fraudulent-Online-Advertising

Original release date: November 27, 2018 Systems Affected Microsoft Windows Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window. Description Online advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Patrol-hijacked IP addresses.  Boaxxe/Miuref Malware Boaxxe ma

Employees see IT as an “inconvenience” and look for ways to get around security measures, putting the organization at risk, according to SailPoint’s 2018 Market Pulse Survey . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/shadow-it-is-alive-and-well-one-third-of-employees-deploy-their-own-software

Original release date: November 27, 2018 The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-14629 , CVE-2018-16841 , CVE-2018-16851 , CVE-2018-16852 , CVE-2018-16853 , and CVE-2018-16857 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/11/27/Samba-Releases-Security-Updates

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial elections in Florida and Arizona. Without any evidence whatsoever, he said that Democrats were trying to steal the election through "FRAUD." Cybersecurity experts would say that posts like Guccifer 2.0's are intended to undermine public confidence in voting: a cyber-attack against the US democratic system. Yet Donald Trump's actions are doing far more damage to democracy. So far, his tweets on the topic have been retweeted over 270,000 times, eroding confidence far more effectively than any foreign influence campaign. We need new ideas to explain how public statements on the Internet can weaken American democracy. Cybersecurity today is not only about computer syst

We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that begins with https. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/reminder-that-padlock-doesnt-mean-its-secure

Shoppers around the world face an unprecedented number of phishing attacks this holiday season, according to Andrey Kostin at Kaspersky Lab. With Single’s Day in China on November 11th, Black Friday on the 23rd, and Christmas and the New Year coming up within weeks, November and December are prime phishing season for attackers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/attackers-rev-up-financial-phishing-campaigns-in-preparation-for-the-holidays

With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-phishing-is-way-up-and-65-of-employees-plan-to-do-holiday-shopping-online-from-work

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”. A live Paypal phishing site that uses https:// (has the green padlock). Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018. This alarming shift is notable because a majority of Internet users have taken the age-old “look for the lock” advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of re

Original release date: November 26, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium seve