Posts

Showing posts from June, 2019

Schneier - Friday Squid Blogging: Fantastic Video of a Juvenile Giant Squid

It's amazing : Then, about 20 hours into the recording from the Medusa's fifth deployment, Dr. Robinson saw the sharp points of tentacles sneaking into the camera's view. "My heart felt like exploding," he said on Thursday, over a shaky phone connection from the ship's bridge. At first, the animal stayed on the edge of the screen, suggesting that a squid was stalking the LED bait, pacing alongside it. And then, through the drifting marine snow, the entire creature emerged from the center of the dark screen: a long, undulating animal that suddenly opened into a mass of twisting arms and tentacles. Two reached out and made a grab for the lure. For a long moment, the squid seemed to explore the strange non-jellyfish in puzzlement. And then it was gone, shooting back into the dark. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on

SANS - Issue #51 - Volume XXI - SANS Newsbites - June 28th, 2019

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/51

SANS - Issue #50 - Volume XXI - SANS Newsbites - June 25th, 2019

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/50

Schneier - I'm Leaving IBM

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016 . Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job. I will continue to teach at the Harvard Kennedy School. I will continue to serve on boards for organizations I believe in: EFF , Access Now , Tor , EPIC , Verified Voting . And I will increasingly be an advocate for public-interest technology . from Schneier on Security https://www.schneier.com/blog/archives/2019/06/im_leaving_ibm.html

Krebs - Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Image
It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their  Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. When an organization buys Office365 licenses from a reseller partner, the partner is granted administrative privileges in order to help the organization set up the tenant and establish the initial administrator account. Microsoft says customers can remove that administrative access if they don’t want or need the partner to have access after the initial setup. But many companies partner with a CSP simply to gain more favorable pricing on software licenses — not necessarily to have someone help manage their Azure/O365 systems. And those entities are more likely to be unaware that just by virtue of that partnership they are giving someone at

US-CERT - NCSC Releases Advisory on Ryuk Ransomware

Original release date: June 28, 2019 The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory, Ryuk Ransomware Targeting Organisations Globally , on their ongoing investigation into global Ryuk ransomware campaigns and associated Emotet and TrickBot malware. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC advisory and the following for more information: Alert TA18-201A: Emotet Malware Multi-State Information Sharing and Analysis Center (MS-ISAC) White Paper: Security Primer – TrickBot Protecting Against Ransomware This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/06/28/ncsc-releases-advisory-ryuk-ransomware

Black Hills InfoSec - Webcast: Introducing Backdoors & Breaches Incident Response Card Game

This webcast was original given live on June 5th, 2019 by John Strand and the BHIS (card) Testers. Download slides: https://ift.tt/2LqWZbA a deck of B&B cards (Coming in Sept): https://ift.tt/2xgm8Nx check out Cubicles & Compromises: https://ift.tt/2LssIc3 So we have been working on a card game for Incident Response over the past few months and it […] The post Webcast: Introducing Backdoors & Breaches Incident Response Card Game appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-introducing-backdoors-breaches-incident-response-card-game/

KnowBe4 - KnowBe4 Fresh Content and Feature Updates - June 2019

Image
Check out the content and feature updates in the KnowBe4 platform for the month of June! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-fresh-content-and-feature-updates-june-2019

Schneier - Cellebrite Claims It Can Unlock Any iPhone

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know. from Schneier on Security https://www.schneier.com/blog/archives/2019/06/cellebrite_clai.html

US-CERT - Google Releases Security Updates for Chrome OS

Original release date: June 27, 2019 Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/06/27/google-releases-security-updates-chrome-os

Krebs - Breach at Cloud Solution Provider PCM Inc.

Image
A digital intrusion at  PCM Inc. , a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif. based PCM  [ NASDAQ:PCMI ] is a provider of technology products, services and solutions to businesses as well as state and federal governments. PCM has nearly 4,000 employees, more than 2,000 customers, and generated approximately $2.2 billion in revenue in 2018. Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365 , a cloud-based file and email sharing service run by Microsoft Corp . One security expert at a PCM customer who was recently notified about the incident said the intruders appeared primarily interested in stealing information that could be used to conduct gift card fraud at various retailers and financial institutions. In that r

KnowBe4 - Which Of The Four Types of Social Engineering Is The Most Damaging?

Image
Cybercriminals know that targeted social engineering attacks lead to the highest payoffs, so the frequency and sophistication of these attacks is guaranteed to increase, writes Jasmine Henry at IBM Security Intelligence. Henry lays out four rising social engineering attacks that organizations need to be aware of. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/four-types-of-social-engineering

KnowBe4 - See Ridiculously Easy Security Awareness Training and Phishing in Action! July 2019 KMSAT Live Demo

Image
Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, July 10, 2019 at 2pm EST for a live demonstration of how KnowBe4 introduces a new-school approach to Security Awareness Training and Simulated Phishing. See the latest product features and how easy it is to train and phish your users. Train your users with access to the   world's largest library   of awareness training content and automated training campaigns with scheduled reminder emails. Send fully automated   simulated phishing attacks , using thousands of customizable templates with unlimited usage. Virtual Risk Officer   shows you the Risk Score by user, group, and your whole organization. Advanced Reporting   on 60+ key awareness training indicators. Active Directory Integration   to easily upload user data, eliminating the need to manually manage user changes.   Identify a

KnowBe4 - See Ridiculously Easy Security Awareness Training and Phishing in Action! June 2019 KMSAT Live Demo

Image
Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, July 10, 2019 at 2pm EST for a live demonstration of how KnowBe4 introduces a new-school approach to Security Awareness Training and Simulated Phishing. See the latest product features and how easy it is to train and phish your users. Train your users with access to the   world's largest library   of awareness training content and automated training campaigns with scheduled reminder emails. Send fully automated   simulated phishing attacks , using thousands of customizable templates with unlimited usage. Virtual Risk Officer   shows you the Risk Score by user, group, and your whole organization. Advanced Reporting   on 60+ key awareness training indicators. Active Directory Integration   to easily upload user data, eliminating the need to manually manage user changes.   Identify a

Schneier - Spanish Soccer League App Spies on Fans

The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to stop doing this. Not because it's creepy spying, but because the terms of service -- which no one reads anyway -- weren't clear. from Schneier on Security https://www.schneier.com/blog/archives/2019/06/spanish_soccer_.html

US-CERT - NIST Releases Report on Managing IoT Risks

Original release date: June 26, 2019 The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. The Cybersecurity and Infrastructure Security Agency (CISA) encourages information security and privacy practitioners to review NISTIR 8228 for more information and CISA’s Tip on Securing IoT for best practices. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/06/26/nist-releases-report-managing-iot-risks

KnowBe4 - 1.5 Billion Gmail Calendar Users are the Target of a Crafty New Phishing Scam

Image
Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/1.5-billion-gmail-calendar-users-are-the-target-of-a-crafty-new-phishing-scam

US-CERT - Cisco Releases Security Updates for Data Center Network Manager

Original release date: June 26, 2019 Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates: DCNM Arbitrary File Upload and Remote Code Execution Vulnerability cisco-sa-20190626-dcnm-codex DCNM Authentication Bypass Vulnerability cisco-sa-20190626-dcnm-bypass DCNM Arbitrary File Download Vulnerability cisco-sa-20190626-dcnm-file-dwnld DCNM Information Disclosure Vulnerability cisco-sa-20190626-dcnm-infodiscl This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager

Schneier - MongoDB Offers Field Level Encryption

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side" encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user's device as needed. That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either. For regular users, not much will be visibly different. If their credentials are stolen and they aren't using multifactor authentication, an attacker will still be able to access everything the victim could. But the new feature is meant to eliminate single points

Schneier - Person in Latex Mask Impersonated French Minister

Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens. from Schneier on Security https://www.schneier.com/blog/archives/2019/06/person_in_latex.html

Black Hills InfoSec - Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail – eavesarp (Tool Overview)

Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate to this webcast and how “eavesarp” basically works. 14:15 Demo of “eavesarp” against a Stale Network Address Configuration (SNAC) attack. 28:45 Q&A This webcast was […] The post Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail – eavesarp (Tool Overview) appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-how-to-attack-when-llmnr-mdns-and-wpad-attacks-fail-eavesarp-tool-overview/

Schneier - Florida City Pays Ransomware

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up . The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative. from Schneier on Security https://www.schneier.com/blog/archives/2019/06/florida_city_pa.html

Krebs - Tracing the Supply Chain Attack on Android

Image
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire .” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. “Yehuo” ( 野 火 ) is Mandarin for “ wildfire ,” so one might be forgiven for concluding that Google was perhaps using another dictionary than most Mandarin speakers. But Google was probably just being coy: The vendor in question appears to have used both “blazefire” and “wildfire” in two of many corporate names adopted for the same entity. An online search for the term “yehuo” reveals an account on the Chinese Software Developer Network  which uses that same nickname and references the domain blazefire[.]com . More

Schneier - iPhone Apps Surreptitiously Communicated with Unknown Servers

Long news article ( alternate source ) on iPhone privacy, specifically the enormous amount of data your apps are collecting without your knowledge. A lot of this happens in the middle of the night, when you're probably not otherwise using your phone: IPhone apps I discovered tracking me by passing information to third parties ­ just while I was asleep ­ include Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post and IBM's the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy. And your iPhone doesn't only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. from Schneier on Security https://www.schneier.com/blog/archives/2019/06/iphone_apps_sur.html

KnowBe4 - New KnowBe4 Benchmarking Report Unveils That Untrained Users Pose The Greatest Risk To Your Organization

Image
KnowBe4, has released the new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely to fall for a phishing or social engineering scam. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-knowbe4-benchmarking-report-unveils-that-untrained-users-pose-the-greatest-risk-to-your-organization

KnowBe4 - No, Mr. McAfee is Not Giving Away Money

Image
Cryptocurrency giveaway scams are making a comeback, with fraudsters posing as John McAfee, Elon Musk, and the Tesla company, BleepingComputer reports. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/mr.-mcafee-is-not-giving-away-money

KnowBe4 - Chinese Hackers Infiltrate Global Telecom Networks With Spear Phishing

Image
The WSJ revealed a brazen hack by Chinese state-sponsored bad actors who totally owned more than 10 global telecom networks, and had full admin access to their networks. They were able to swipe users’ whereabouts, text-messaging records and call logs. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/chinese-hackers-infiltrate-global-telecom-networks-with-spear-phishing

KnowBe4 - "Elaborate" Identity Takeover Fraud Hits Australian Businesses

Image
A new procurement scam has netted at least $1.5 million from Australian companies in New South Wales over the past few weeks, according to 10 daily. The scammers are posing as representatives of Australian universities looking to buy expensive products, such as electrical and medical equipment. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/elaborate-identity-takeover-fraud-hits-australian-businesses

US-CERT - SB19-175: Vulnerability Summary for the Week of June 17, 2019

Original release date: June 24, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity