BuzzSec

A group of scientists conclude that it's shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2019/08/friday_squid_bl_692.html

Join SBS as we dive into conducting vendor risk assessment and classification, and discuss how these activities drive the overall effectiveness of your third party vendor program. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3655/hacker-hour-vendor-risk-assessment-and-classification

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/68

Aubrey Wieber at the DemocratHerald reported: "A phishing scheme succeeded in breaking into the email accounts of five Oregon Judicial Department employees, exposing personal information of more than 6,000 people. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-scheme-gains-entry-to-oregon-judicial-department-emails

Catherine Stupp at the Wall Street Journal reported on something we have predicted would happen in this blog. The article started out with: from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ai-used-for-social-engineering.-fraudsters-mimic-ceos-voice-in-unusual-cybercrime-case-wsj

Last year California passed a new law, similar to GDPR, called the California Consumer Privacy Act (CCPA) of 2018 . This law is to be implemented on January 1, 2020. Any company doing business in California will have to comply with these new regulations related to the processing of personal data of California residents, no matter where in the world they are located. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-course-available-california-consumer-privacy-act-ccpa

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://ift.tt/2z7XAHD 5:03 Introduction, problem statement, and executive problem statement 8:19 What Sysmon is with a demo of how it works 24:54 Implementing Sysmon and how to have your computers automatically update and utilize Sysmon 29:05 Applocker, its uses, and […] The post Webcast: Implementing Sysmon and Applocker appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-implementing-sysmon-and-applocker/

Recording available. This discussion demonstrates a practical approach to business continuity and disaster recovery that builds upon your IT risk assessment. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3654/gsb-webinar-business-continuity-plan-development

Recording Available. The FFIEC Cybersecurity Assessment guidance has introduced a new term for our risk management practice: External Dependency Management. We will explore this new term in our guidance and better understand the requirements provided. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3653/gsb-webinar-vendor-management-process-improvements

Recording available. We will explore the different aspects of the internet, including the surface web, deep web, and dark web, as well as the types of cybercrime affecting financial intuitions and how to counter these risks. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3652/tts-webinar-cybercrime-and-the-dark-web

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals . Stamford, Ct.-based United Rentals [ NYSE:URI ] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. On August 21, multiple United Rental customers reported receiving invoice emails with booby-trapped links that led to a malware download for anyone who clicked. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com). A screen shot of the malicious email that spoofed United Rentals. In a notice to customers, the company sai

Nov 19 (Springfield): By attending this program, you will gain valuable insight that will assist your bank to develop and maintain an effective security program. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3651/workshop-iba-security-management-workshop

Sept 23-24 (Columbus): With the increase in workplace violence, cyber invasion and other potential threats to banks and their customers, the OBL has met bankers requests by upgrading this program, formerly known as the OBL Bank Security Workshop, to the OBL Bank Security Management Conference. Bankers will receive even more in-depth prevention and pro-active response tools to help keep employees and customers safe given the environment in which we face daily.  from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3650/conference-obl-bank-security-management-conference

Date: November 6, 2019 Time: 10:00 AM - 12:00 PM CT Price: $265 SBS Instructor: Jeff Dice Register Today! Recording Available This webinar is presented in partnership with TTS-Bank. Description: According to the Verizon Data Breach Report, 4% of our people will click on a phishing email every time they receive one. How can we patch our people, as we patch outdated operating systems, vulnerable software programs, and firmware on hardware devices? Hardware and software programs generally do as they are instructed, but people do not and can easily fall victim to social engineering attacks. Education and training can be our process to patch our people. During our session, we will explore traditional ways education has been deployed and look to improve those processes with more advanced and effective methods of patching our people. We will also look at best practices for addressing similar issues with business customers and highlight common educational practices. One major objective of this

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable. The paper: " Practical Enclave Malware with Intel SGX ." Abstract: Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves. For instance, Intel's threat model for SGX assumes fully trusted enclaves, yet there is an ongoing debate on whether this threat model is realistic. In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. Together with poorly-deployed application isolation on personal

McAfee Labs saw an average of 504 new threats per minute in Q1 2019, and a resurgence of ransomware along with changes in campaign execution and code. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-ransomware-grows-118-as-cybercriminals-adopt-fresh-tactics-and-code-innovations

Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-criminals-hack-dental-software-company-and-take-hundreds-of-customers-systems-hostage

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. The ransomware attack hit PerCSoft on the morning of Monday, Aug. 26, and encrypted dental records for some — but not all — of the practices that rely on DDS Safe. PercSoft did not respond to requests for comment. But Brenna Sadler , director of  communications for the Wisconsin Dental Association , said the ransomware encrypted files for approximate 400 dental practices, and that somewhere between 80-100 of those clients have now had their files restor

This week, ProPublica published a report describing how insurance companies now prefer to fork over hundreds of thousands of dollars / pounds / Euros in ransom to minimize the detriment to their insured parties. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/why-are-insurance-companies-insisting-to-pay-ransom-for-ransomware-attacks

Original release date: August 29, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates: REST API Container for IOS XE Software Authentication Bypass Vulnerability cisco-sa-20190828-iosxe-rest-auth-bypass Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability cisco-sa-20190828-ucs-privescalation NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability cisco-sa-20190828-nxos-memleak-dos NX-OS Software IPv6 Denial of Service Vulnerability cisco-sa-20190828-nxos-ipv6-dos NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability cisco-sa-20190828-nxos-fsip-dos FXOS and NX-OS Software Authenticated Simple Ne

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them. Finally, a voice synthesizer re-generates the normalized speech using the AIs outputs, which gets sent to the cloud. The researchers say that this method reduced emotional identification by 96 percent in an experiment, although speech recognition accuracy decreased, with a word error rate of 35 percent. Academic paper . from Schneier on Security https://www.schneier.com/blog/archives/2019/08/ai_emotion-dete.html

More than 1900 new potential bank phishing sites were registered in the first half of 2019, according to researchers at NormShield. Based on the increase in new suspicious domains compared to the same period last year, the researchers predict there will be over 3,500 more active bank phishing domains by the end of 2019. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/financial-phishing-campaigns-on-the-rise

The latest data from Malwarebyte’s report Cybercrime Tactics and Techniques: Ransomware Retrospective shows businesses are at risk of ransomware attack now more than ever. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/business-detections-of-ransomware-attacks-have-grown-by-365

A new version of MegaCortex has been spotted, upgrading it from a manual, targeted form of ransomware, to one that can be spread and do damage enterprise-wide. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/megacortex-ransomware-goes-fully-automated-putting-enterprises-at-risk-of-ransoms-in-the-millions

Original release date: August 28, 2019 National Preparedness Month (NPM) promotes family and community disaster and emergency planning. This year’s theme is “Prepared, Not Scared.” Although most people understand that being prepared is essential to getting through an emergency such as a natural disaster, there is less awareness about the necessity of cybersecurity preparedness. Cybersecurity preparedness is often a deciding factor on how much an impact a cyber-related event—such as a ransomware infection, identify theft, or data breach—has on an individual or an organization. The Cybersecurity and Infrastructure Security Agency (CISA) encourages individuals and organizations to develop their own cyber emergency response plans that include guidance on protections and controls such as keeping software and operating systems updated, regularly backing up files, keeping encrypted copies of important documents offline, and routinely running anti-virus scans. Learn more about National Pre

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement. In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consume

Back in June, we discussed Vade Secure’s “ Phisher’s Favorite ” report for Q1 2019, which found that Microsoft had been the most impersonated brand used in phishing attacks for four quarters in a row. Vade’s report for Q2 2019, just out, reveals that Microsoft has now held the lead for the fifth quarter straight. PayPal came in second, and Facebook rose to take #3. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/microsoft-paypal-and-facebook-are-the-top-three-impersonated-brands

A lowlife Colorado bail bondsman named Matthew Marre repeatedly posed as a law enforcement officer to trick T-Mobile, Sprint, and Verizon into giving him GPS data for his targets’ phones, the Daily Beast reports. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bogus-suicide-prevention-as-a-scam

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/67

Raymond Felch // Being an embedded firmware engineer for most of my career, I quickly became fascinated when I learned about reverse engineering firmware using JTAG.   I decided to take on this project as an opportunity to learn more about this somewhat obscure and often overlooked attack vector. excerpt from: https://ift.tt/2aCnRiA JTAG (named after […] The post JTAG – Micro-Controller Debugging appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/jtag-micro-controller-debugging/

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of Web-based software applications. Image: Imperva Earlier today, Imperva told customers that it learned on Aug. 20 about a security incident that exposed sensitive information for some users of Incapsula , the company’s cloud-based  Web Application Firewall (WAF) product. “On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” wrote Heli Erickson , director of analyst rela

Original release date: August 27, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: watchOS 5.3.1 iOS 12.4.1 macOS Mojave 10.14.6 tvOS 12.4.1 This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/08/27/apple-releases-multiple-security-updates

Original release date: August 27, 2019 The Federal Trade Commission (FTC) has released a short video to help users spot and defend against romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. The video includes stories that romance scammers tell to online daters to get them to send money and offers tips for avoiding these scams. Use caution when online dating, and never send money or gifts to someone you have not met in person. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites . If you think you have been a target of a romance scam, file a report with The online dating site, The Federal Trade Commission , and The Federal Bureau of Investigation's Internet Crime Complaint Center . This product is provided subject to this Notification and this Privacy & Use policy. f

Original release date: August 27, 2019 Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/08/27/google-releases-security-updates-chrome

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-9-35-a-state-of-the-art-spoof-or-why-turning-your-users-into-grammar-nazis-wont-keep-the-bad-guys-out

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about . from Schneier on Security https://www.schneier.com/blog/archives/2019/08/the_threat_of_f.html

Original release date: August 26, 2019   The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD . In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- acrobat_dc Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-08-20 7.5 CVE-2019-7965 CONFIRM adobe -- acrobat_dc Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier,