BuzzSec

Engage your team and test your emergency preparedness with eight testing scenarios. Scenarios cover a variety of situations, including malware attack, unknown media,  physical security, power outage, ransomware attack, and website hack.  Each scenario includes:   - Ground Rules  - Documentation  - Scenario   - Discussion Questions   - Injects (additional information pertaining to the situation)  - Lessons Learned Follow Up Discussion Questions   Download your scenarios. from SBS CyberSecurity https://sbscyber.com/resources/download-eight-emergency-preparedness-testing-scenarios

Carrie Roberts//* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for future reference. I hope it proves useful to you as well. I do “adversary simulation” for work and so I present this information using terms like […] The post The RDP Through SSH Encyclopedia appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/the-rdp-through-ssh-encyclopedia/

According to the latest data in the 2019 HIMSS Cybersecurity Survey , the healthcare industry is keenly aware they are a target, and are taking steps to reduce the risk of successful attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/healthcare-continues-to-prepare-in-the-face-of-growing-cyber-attacks

With the massive rise in phishing attacks , 2019 is the year for organizations to realize the concept of becoming a victim is an issue of when and no longer if . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/organizations-need-an-anti-phishing-plan-to-stop-cyberattacks

Robocall spam has surged to 85 billion calls globally with bank account, credit card and extortion being common scams, according to Hiya, a company that makes apps to fend off unwanted calls. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/scam-of-the-week-robocall-scams-surge-to-85-billion-globally

What if social engineers, instead of calling victims with voice phishing attacks, intercepted phone calls their victims make to legitimate phone numbers? Malicious apps let cybercriminals do just that – a new strain of vishing... from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/discovered-a-whole-new-strain-of-voice-phishing-attacks

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son’s online activities. Sergiy P. Usatyuk of Orland Park, Ill. pleaded guilty this week to one count of conspiracy to cause damage to Internet-connected computers and for his role in owning, administering and supporting illegal “booter” or “stresser” services designed to knock Web sites offline, including exostress[.]in , quezstresser[.]com , betabooter[.]com , databooter[.]com , instabooter[.]com , polystress[.]com and zstress[.]net . Some of Rasbora’s posts on hackforums[.]net prior to our phone call in 2014. Most of these have since been deleted. A U.S. Justice Department press release on the guilty plea says Usatyuk — operating under the hacker aliases “ An

Law firm employees appear to be getting better at avoiding real estate scams, says Toni Ryder-McMullin at Today’s Conveyancer. Conveyance is the act of transferring an ownership interest in property from one party to another, and the term is used mainly in the UK and Ireland. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/friday-afternoon-monday-morning-and-law-firm-risk

A phishing campaign is using a phony Google reCAPTCHA system to deliver banking malware, according to researchers at Sucuri. The attackers are sending emails, supposedly from a Polish bank, telling users to confirm an unknown transaction. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/recaptcha-phishbait-targets-google-users

According to the latest data from Deloitte, the cost of committing a cybercrime is so surprisingly low that anyone and everyone can afford to be a bad guy. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/its-cheaper-than-you-think-to-launch-a-cyber-attack

After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it "with more than 1,400 private entities, including hospitals and universities...." Critics say that the watchlist is wildly overbroad and mismanaged, and that large numbers of people wrongly included on the list suffer routine difficulties and indignities because of their inclusion. The government's admission comes in a class-action lawsuit filed in federal court in Alexandria by Muslims who say they regularly experience difficulties in travel, financial transactions and interactions with law enforcement because they have been wrongly added to the list. Of course that is the effect. We need more transparency into this process. People need a way to challenge their inclusion on the list, and a redress process if they are being falsely accused. from Schneier on Security https://www.schneier.com/blog/archives/2019/02/can_every

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month. A message posted to the Coinhive blog on Tuesday, Feb. 26, 2019. In March 2018, Coinhive was listed by many security firms as the top malicious threat to Internet users, thanks to the tendency for Coinhive’s computer code to be surreptitiously deployed on hacked Web sites to steal the computer processing power of its visitors’ devices. Coinhive took a whopping 30 percent of the cut of all Monero currency mined by its code, and this presented something of a conflict of interest when it came to stopping the rampant abuse of its platform. At the time, Coinhive was only responding to abuse reports when contacted by a hacked site’s owner. Moreover, when it would respond, i

As the healthcare industry continues to be a target in cyberattacks focused on data breaches of patient health records, the latest data shows that cybercriminals are taking more than ever. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/healthcare-data-breaches-involve-triple-the-records-in-2018

Take a good look at Bitcoin right now…these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely undermine all blockchain technologies? Since Bitcoin is crashing and burning we figured it would be a good time to have a webcast on blockchain security issues and […] The post BHIS Podcast: Blockchain and You! InfoSec Edition appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/bhis-podcast-blockchain-and-you-infosec-edition/

I’m proud to announce that KnowBe4’s blog has been selected by 4D Data Centres as one of the top cybersecurity blogs of the year. These awards acknowledge outstanding content within the IT industry. Our blog was picked by 4D’s team of technical engineers and directors as one of the best in the UK. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-named-one-of-the-best-cybersecurity-blogs-in-the-uk

Original release date: February 27, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates: Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability cisco-sa-20190227-rmi-cmd-ex Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability cisco-sa-20190227-wmda-cmdinj This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/02/27/Cisco-Releases-Security-Updates

Original release date: February 27, 2019 National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft. The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review FTC’s NCPW resource page , participate in the NCPW Twitter chats and Facebook Live event , and review the following CISA tips: Protecting Your Privacy Avoiding Social Engineering and Phishing Attacks Preventing and Responding to Identity Theft This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/02/27/National-Consumer-Protection-Week

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." The program identified suspicious computer activity tied to Hasson, prompting the agency's investigative service to launch an investigation last fall, said Lt. Cmdr. Scott McBride, a service spokesman. Any detection system of this kind is going to have to balance false positives with false negatives. Could it be something as simple as visiting right-wing extremist websites or watching their videos? It just has to be something more sophisticated than researching pressure cookers . I'm glad that Hasson was arrested before he killed anyone rather than after, but I worry that these systems are basically creating thoughtcrime . from Schneier on Security https://www.schneier.

A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men — a former Russian cyber intelligence official and an executive at Russian security firm Kaspersky Lab — were reportedly prosecuted for their part in an investigation into Pavel Vrublevsky , a convicted cybercriminal who ran one of the world’s biggest spam networks and was a major focus of my 2014 book, Spam Nation . Sergei Mikhailov , formerly deputy chief of Russia’s top anti-cybercrime unit, was sentenced today to 22 years in prison. The court also levied a 14-year sentence against Ruslan Stoyanov , a senior employee at Kaspersky Lab. Both men maintained their innocence throughout the trial. Following their dramatic arrests in 2016, many news media outlets reported that the men were suspected of having tipped off American intelligence officials about those responsible for Russian h

Original release date: February 26, 2019 OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/02/26/OpenSSL-Releases-Security-Update

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/16

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected. This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (cryptojacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said. The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the  Puppetnets research paper  12 years ago, in 2007. The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code. This is possible because modern web browsers now support a new API called  Service Worker

Three Days of Security! March  29  - March  31  2019, Madison South Dakota Join us for three full days of talks and training from the finest peeps in the security world! Come enjoy the benefits of a small conference where you won't get lost in the crowd and you get time to interact directly with the speakers and your security peers. Attending the talks on Friday is FREE, so you have no excuse! Bring your friends and co-workers for an epic weekend of security fun at Dakota State University! https://dakotacon.org/

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-9-9-wendys-to-pay-50m-in-data-breach-settlement

Scammers have stolen large amounts of personal and financial information from thousands of Canadians via fraudulent phone calls offering lower interest rates on credit cards, an investigation by CBC’s Marketplace has found. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/identity-theft-by-low-interest-credit-card-offer

America's Internal Revenue Service is warning taxpayers about a surge in phishing emails, links, and phone calls during tax season, according to Toni Birdsong at McAfee. The scammers pose as the IRS and threaten to seize the victim’s tax refund or have them sent to jail unless the victim makes a payment. The same is likely going on in other countries.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/its-the-season-for-tax-scams...-again

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated with the military exercise, as well as profiles impersonating service members both real and imagined. To recruit soldiers to the pages, they used targeted Facebook advertising. Those pages then promoted the closed groups the researchers had created. Inside the groups, the researchers used their phony accounts to ask the real service members questions about their battalions and their work. They also used these accounts to "friend" service members. According to the report, Facebook's Suggested Friends feature proved helpful in surfacing additional targets. The researchers also tracked down service members' Inst

A series of phishing campaigns are targeting companies in various industries with phony job offers using direct messages on LinkedIn, according to researchers at Proofpoint. The attacker initially makes contact by sending an invitation to the target on LinkedIn with a short message regarding a job opportunity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bogus-job-offers-as-phishbait

Check out all the activities KnowBe4 will be doing at RSA: from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/going-to-rsa-in-san-francisco-next-week-get-your-free-book-signed-by-kevin-mitnick-at-knowbe4s-booth-4624-north

In a webinar last week Kevin Mitnick, KnowBe4's Chief Hacking Officer, shared a shocking demonstration of a recent Outlook Exchange exploit in which delegated access is allowed from any mailbox user in the organization to an account hackers already have under their control. So if a hacker has access to the mailroom mailbox, they can instantly send and receive email from anyone... even the CEO! This takes CEO fraud to the next level and attacks dangerously easy. Get a sneak peek of the demo here:   from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/kevin-mitnick-demos-outlook-exchange-exploit

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter).  Turns out, by harnessing the powah of C# and the .NET framework you […] The post BHIS Webcast: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/bhis-webcast-endpoint-security-got-you-down-no-powershell-no-problem/

Original release date: February 25, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium seve