BuzzSec

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive , a now-defunct cryptocurrency mining service that was massively abused by cybercriminals. Krebs is translated as “cancer” in German. Images posted to the decidedly not-safe-for-work German-language image forum pr0gramm[.]com. Members have posted thousands of thank you receipts from cancer research organizations that benefited from their fight cancer/krebs campaign. On March 26, 2018, KrebsOnSecurity published  Who and What is Coinhive , which showed the founder of Coinhive was the co-creator of the German image hosting and discussion forum  pr0gramm[dot]com  (not safe for work).  I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespre

Tyler Barriss , a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie. Barriss has admitted to his role in the Kansas man’s death, as well as to dozens of other non-fatal “swatting” attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompting a heavily-armed police response to the location of the claimed incident. On Dec. 28, 2017, Barriss placed a call from California to police in Wichita, Kan., claiming that he was a local resident who’d just shot his father and was holding other family members hostage. When Wichita officers responded to the address given by the caller — 1033 W. McCormick — they  shot and killed  28-year-old  Andrew Finch , a father of two who had done nothing wrong. Barri

It is traveling to Paris. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2019/03/friday_squid_bl_670.html

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood . Some 2.1 million+ credit and debit card accounts stolen from dozens of Earl Enterprises restaurant locations went up for sale on a popular carding forum on Feb. 20, 2019. In a statement posted to its Web site today, Orlando, Fla. based hospitality firm Earl Enterprises said a data breach involving malware installed on its point-of-sale systems allowed cyber thieves to steal card details from customers between May 23, 2018 and March 18, 2019. Earl Enterprises did not respond to requests for specifics about how many customers

Original release date: March 29, 2019 VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/29/VMware-Releases-Security-Updates

Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/90-of-large-tech-companies-vulnerable-to-email-spoofing

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that technique. What is less clear is whether the vulnerability -- which has been fixed -- was put into the Huwei driver accidentally or on purpose. from Schneier on Security https://www.schneier.com/blog/archives/2019/03/nsa-inspired_vu.html

Original release date: March 28, 2019 Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/28/Cisco-Releases-Security-Update-Cisco-IOS-XE

Lower-level employees are the workers most likely to face highly-targeted attacks, according to the online marketing firm Reboot. Citing information from Proofpoint’s most recent quarterly analysis of highly-targeted cyberattacks, Reboot says that 67% of these attacks are launched against low-ranking employees. Contributors come in second, experiencing 40% of targeted attacks. Management and upper management both face 27% of these attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/which-employees-are-the-criminals-after

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer." In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [...] The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters' MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. Of course, there might be other samples out there with different MAC addresses in their list. We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in c

The domains had been used as part of spear- phishing campaigns aimed at users in the US and across the world. Court documents  unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/microsoft-takes-control-of-99-domains-operated-by-iranian-state-hackers

Original release date: March 27, 2019 Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/27/Cisco-Releases-Security-Advisories-Multiple-Products

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/24

There are a variety of different types of SOC reports, including SOC 1, SOC 2, and SOC 3, as well as the newest member of the team – the SOC for Cybersecurity. While each report has its own purpose, we’re going to dive into the difference between the SOC 2 and SOC for Cybersecurity reports. from SBS CyberSecurity https://sbscyber.com/resources/soc-2-vs-soc-for-cybersecurity-reports

Mike Felch// How to Purge Google and Start Over – Part 1 Brief Recap In part 1, we discussed a red team engagement that went south when the Google SOC joined forces with the SOC of a customer leading to the dismantling of all our compromised accounts, throw-away accounts, and even my work account. My […] The post How to Purge Google and Start Over – Part 2 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-purge-google-and-start-over-part-2/

Mike Felch// A Tale of Blue Destroying Red Let me start by sharing a story about a fairly recent red team engagement against a highly-secured technical customer that didn’t end so well for me. Their SOC was well-equipped with sophisticated in-house anomaly detection tools, incredible visibility across the organization, and a tenacious incident response team. […] The post How to Purge Google and Start Over – Part 1 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-purge-google-and-start-over-part-1/

A second insurer has refused to pay out over the NotPetya cyberattack based on an act of war exclusion, prompting growing concerns for businesses relying on cybersecurity insurance to shield them from damage. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/notpetya-act-of-war-exclusion-spreads-to-second-insurer

Using a combination of old and new tactics and distribution channels, cybercriminals continue to seek to compromise endpoints and obtain online credentials.    The targets haven’t changed. And, in some cases, the tactics haven’t either. But, one thing’s for sure – according to the latest data from Kaspersky , phishing enjoyed a massive uptick in 2018. Counts of Kaspersky detections of phishing emails nearly doubled from 263M in 2017 to 482M in 2018 . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cybercriminals-double-down-on-what-works-nearly-doubling-the-number-of-phishing-attacks-in-2018

We’re excited to announce the release of this new security awareness video series for our customers called ‘Standups 4 Security’ from our team at Popcorn Training. In this new 8-episode comedy video series , you can learn how to protect your users and organization from falling victim to social engineering attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-comedy-series-knowbe4-popcorn-training-releases-8-episode-security-awareness-videos-standups-4-security

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner. For their study, the German academics asked a group of 260 Java programmers to write a user registration system for a fake social network. Of the 260 developers, only 43 took up the job, which involved using technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component. Of the 43, academics paid half of the group with €100, and the other half with €200, to determine if higher pay made a difference in the implementation of password security features. Further, they divided the developer group a second time, prompting

The WSJ reported on news that a Collaborative effort led by Marsh & McLennan would score the best cyber security products for reducing hacking risk, and provide potential discounts on cyberinsurance policies if these products are used.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/insurers-creating-a-consumer-ratings-service-for-cybersecurity-industry

Do you know how big your email attack surface really is? Open Source Intelligence (OSINT) is the collection of information from public sources on the Internet that both red teams and bad guys can use for phishing attacks.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/find-out-which-of-your-users-emails-are-exposed-before-the-bad-guys-do

Reuters reported that a "computer virus" infected the Spanish Defense Ministry’s intranet this month with the aim of stealing high tech military secrets, El País newspaper said on Tuesday, citing sources leading the investigation as suspecting a foreign power behind the cyberattack. A Defence Ministry spokesman said the ministry would not comment. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attack-compromises-spanish-defense-intranet-by-foreign-state

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/norsk-hydro-may-have-lost-40m-in-first-week-after-ransomware-infection

Original release date: March 26, 2019 ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. The article includes a security diagnostic tool that users can run on their device to determine whether it is affected. CISA also encourages users and administrators to review the ASUS FAQ page to confirm that their device has received the upgrade to version 3.6.8 of Live Update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Security-Update-Live-Update-Software

Join us to review the proposed changes to the safeguard controls, scope of covered entities, how you can make comments on the proposed changes, and insight into the impacts on our banks, critical vendors, and business in our communities. from SBS CyberSecurity https://sbscyber.com/resources/gsb-webinar-glba-safeguards-rule-proposed-changes

If you read the latest Canadian Threat Report from Carbon Black, the Canadians have it bad… really bad . With increases across the board, Canadian organizations are needing to step up their security game. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/canadian-companies-see-increases-in-attacks-breaches-and-sophistication-in-the-last-12-months

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-9-13-heads-up-this-evil-new-child-porn-phishing-attack-could-absolutely-ruin-your-life

You asked, we listened! To simplify how you roll out and manage different training programs for your users, you can now use the KnowBe4 security awareness training platform for your in-house training content or other licensed corporate training. You now have the option to upload your own SCORM-compliant training content  in any language you choose, directly into your KnowBe4 account - at no extra cost! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-feature-upload-your-own-training-content

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results. from Schneier on Security https://www.schneier.com/blog/archives/2019/03/personal_data_l.html

Technically, LockerGoga is just another ransomware strain and not even a very good one. It's got bugs and it's slow. However, the gang behind it represents a dangerous combination of aggressive disruption and high-stakes targets. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/how-lockergoga-the-ransomware-crippling-industrial-firms-operates

A long-term phishing study involving 6 healthcare institutions shows employees are vulnerable to phishing attacks, and that they can become more vigilant through exposure. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/u.s.-healthcare-employee-engagement-with-simulated-phishing-emails-drop-by-67-with-repeated-exposure

Two decades ago, computer viruses were still relatively new notions to most Americans, but the fast-moving and destructive Melissa virus changed that in a significant way and showed many the darker side of the web. from Cyber Crimes Stories https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519

Original release date: March 25, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iCloud for Windows 7.11 iTunes 12.9.4 for Windows Safari 12.1 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra tvOS 12.2 Xcode 10.2 iOS 12.2 This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/25/Apple-Releases-Multiple-Security-Updates

Original release date: March 25, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/03/25/Mozilla-Releases-Security-Update-Thunderbird

Original release date: March 25, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severit