Posts

Showing posts from October, 2019

SBS CyberSecurity - {Webinar} Move Cybersecurity Training from Your "Should Do" to "Must Do" List

Before you know it, the calendar will turn to 2020.  There's still time to get your cybersecurity training in this year or put it on the books for 2020. from SBS CyberSecurity https://sbscyber.com/resources/webinar-move-cybersecurity-training-from-your-should-do-to-must-do-list

SBS CyberSecurity - Cyber Hygiene: Improving Health and Online Security

Cyber hygiene is a necessary component for your organization’s security and the overall health of your digital environment. Failing to fully consider the risks will open any organization to financial and reputational damage. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3669/cyber-hygiene-improving-health-and-online-security

KnowBe4 - SAVE THE DATE!! KnowBe4 User Conference - April 15-17, 2020

Image
KnowBe4’s third annual KB4-Con user conference will be held at the Gaylord Palms Resort & Convention Center in Orlando, FL. The event is open to all KnowBe4 customers at no charge. You only pay for your flight and the hotel. Conference and hotel registration will open later this quarter. Stay Tuned! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/save-the-date-knowbe4-user-conference-april-15-17-2020

KnowBe4 - KnowBe4 Achieves FedRAMP Authorization from the US Federal Government

Image
On October 25, 2019, KnowBe4 became the first and only security awareness training and simulated phishing provider to receive FedRAMP authorized status . We are very proud of this accomplishment. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-achieves-fedramp-authorization-from-the-us-federal-government

KnowBe4 - Captain Awareness Has A Halloween Message For You

Image
Think Before You Click!  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/captain-awareness-has-a-halloween-message-for-you

KnowBe4 - It's Benefits Enrollment Season Again...And That Means Prime Phishing Season!

Image
By Eric Howes,  KnowBe4 Principal Lab Researcher.  Not content just to make tax season even more miserable than it already is, malicious actors are increasingly maneuvering to capitalize on benefits election/enrollment season as well. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/its-benefits-enrollment-season-again

Schneier - A Broken Random Number Generator in AMD Microcode

Interesting story . I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer. from Schneier on Security https://www.schneier.com/blog/archives/2019/10/a_broken_random.html

KnowBe4 - [Heads-Up] North Korean Malware Found On Indian Nuclear Plant's Network

Image
I am not a happy camper. This is exactly why I have been insisting on security awareness training for employees at critical infrastructure organizations. This could have been a Real Life Halloween Horror Story. The malware infected only their admin network, which is air-gapped from the power plant network—and could even be accidental—but.... Natanz/STUXnet anyone? from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-north-korean-malware-found-on-indian-nuclear-plants-network

KnowBe4 - Lessons Learned From Vishing Robocall Attacks In Mandarin

Image
Among the specialized forms of vishing are those that target specific language communities. Chinese-speaking people in the US and around the world are increasingly being targeted with phone scams, according to Scott Tong at Marketplace. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/lessons-learned-from-vishing-robocall-attacks-in-mandarin

Krebs - Breaches at NetworkSolutions, Register.com, and Web.com

Image
Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said in a written statement. “No credit card data was compromised as a result of this incident.” The Jacksonville, Fla.-based Web.com said the information exposed includes “contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.” The “such as” wording made me ask whether the company has any reason to believe passwords — scrambled or otherwise — were accessed. A spokesperson for Web.com later clarified that the company...

Schneier - WhatsApp Sues NSO Group

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and "wrongfully trespassed" on Facebook's property. This could be interesting. from Schneier on Security https://www.schneier.com/blog/archives/2019/10/whatsapp_sues_n.html

TrustedSec - A Message of Support: Coalfire Consultants Charged

If you haven’t been following recent news, two Coalfire employees, Gary DeMercurio and Justin Wynn, were performing a Physical Penetration Test against a Judicial Branch Building, the Dallas County Courthouse in the state of Iowa. The two employees were engaged by the Iowa State Judicial Branch to conduct the Physical Penetration Test, which is an authorized attempt to identify weaknesses and exposures through physical security controls to gain access to a facility. These types of tests are conducted regularly by organizations and are focused on enhancing physical security for buildings all around the globe. During the physical break-in, the two consultants intentionally triggered the alarm to test the response time for law enforcement. They intentionally waited for law enforcement to arrive and were subsequently arrested and charged with felonies. The argument that the state of Iowa is making is that the buildings are public and that the Iowa State Judicial Branch didn’t have the aut...

TrustedSec - Incident Response Ransomware Series – Part 2

Image
Opening In part one of this blog post series, we provided an introduction into what ransomware is and how it works. We also provided examples of different types of ransomware, variation of ransomware tactics, and identified that ransomware delivery is traditionally accompanied by other malware to assist in lateral movement and deployment. If you haven’t had a chance to read the first part of this series, take a few minutes to get caught up and then jump back into part two where I will cover ransomware attack vectors, ransomware threat reduction, and ransomware detection and protection. Ransomware Attack Vectors, Don’t Click! This year, we have seen an increase in ransomware attack activity, including new strains and evolving tactics. Some of the noteworthy ransomware tactic changes we have investigated are: the utilization of remotely exposed vulnerabilities as the initial attack vector, the dwell time (can be days, months, or even years) before detonating its destructive pay...

Recorded Future - Your Organization’s Network Access Is King: Here’s What to Do About It

Image
Click here to download the complete analysis as a PDF. Insikt Group used the Recorded FutureⓇ Platform to provide deeper insight into the monetization mechanisms for unauthorized access, and lay out extensive risk mitigation strategies for combating unauthorized access by using security intelligence. This report will be of interest to enterprises concerned with unauthorized access and corresponding methodologies for reducing risk. Executive Summary Historically, pay-per-install (PPI) services were the primary monetization route in the underground economy (UE) for commodity botnet operators. While botnets continue to feed PPI services, Recorded Future’s data reveals that offerings of unauthorized access are increasing, driven by larger monetization opportunities via direct sales or auctions in underground forums. Insikt Group assesses with medium confidence, based on Recorded Future analysis, that the demand in the UE for direct unauthorized access will continue to increase, lea...

KnowBe4 - Ransomware Attack Causes School 'District-Wide Shutdown'

Image
A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-attack-causes-school-district-wide-shutdown

KnowBe4 - Vishing, from (not) the Bank

Image
We saw yesterday how phishing affects the financial sector. Here we see another, related trend: impersonation attacks that purport to be from the victim’s bank. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/vishing-from-not-the-bank

SANS - Issue #85 - Volume XXI - SANS Newsbites - October 29th, 2019

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/85

Krebs - Takeaways from the $566M BriansClub Breach

Image
Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people. In September, an anonymous source sent KrebsOnSecurity a link to a nearly 10 gb set of files that included data for approximately 26 million credit and debit cards stolen from hundreds — if not thousands — of hacked online and brick-and-mortar businesses over the past four years. The data was taken from BriansClub, an underground “carding” store that has (ab)used this author’s name, likeness and reputation in its advertising since 2015. The card accounts were stolen by hackers or “resellers” who make a livi...

KnowBe4 - CyberheistNews Vol 9 #44 [INFOGRAPHIC] The 2019 Third Quarter Top-Clicked Phishing Email Subjects From KnowBe4

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-9-44-infographic-the-2019-third-quarter-top-clicked-phishing-email-subjects-from-knowbe4

Black Hills InfoSec - Intro to Software Defined Radio and GSM/LTE

Raymond Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic.  Preface: I held an Advanced Amateur Radio Operator […] The post Intro to Software Defined Radio and GSM/LTE appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/intro-to-software-defined-radio-and-gsm-lte/

Recorded Future - Intelligence Where You Need It: What’s New in Recorded Future This Fall

Every single day, we’re bombarded with headlines about major data breaches affecting millions of people, whole municipalities having their networks held hostage by ransomware attacks , and nation-state actors influencing public opinion. Cyber threats are constantly evolving as adversaries continuously hone their skills, change tactics to cover up their tracks, and launch increasingly sophisticated attacks. Just as in life, the only constant in cybersecurity is change. For the past decade, Recorded Future has focused on delivering intelligence that empowers organizations to embrace a proactive cybersecurity approach. As the dynamic threat landscape continues to change, standing still is simply not an option — and we too have continued our organizational evolution. The term threat intelligence no longer encompasses all that we do — such as brand protection and third-party risk reduction — which is why we’re introducing a new concept: security intelligence . This term, and overall ph...

Recorded Future - Moving Toward a Security Intelligence Program

For the past 10 years, Recorded Future has focused on empowering organizations to take a proactive approach to cybersecurity. We’ve done this by collecting and analyzing threat data from the broadest range of sources and producing threat intelligence to help organizations gain insight into the intentions and techniques of cyber adversaries. This enables them to work smarter and stop threats faster. Since the beginning, our work has been grounded in three fundamental ideas: 1. Threat intelligence must provide the context to enable informed decisions and take action. Threat intelligence is knowledge that allows you to prevent or mitigate cyberattacks. To be effective, threat intelligence needs to be timely, clear, and action­able. It has to come at the right time, in a form that is understandable. It should enrich your knowledge, not complicate the decision-making process. It should help put everybody in your organization on the same page. 2. People and machines work better together...

KnowBe4 - [NEW FEATURE] KnowBe4 Assessments Help Gauge Proficiency of Your Users in Security Awareness and Sentiment Towards Security Culture

Image
Social engineering attacks continue to be the leading cause of compromised networks and data breaches.  Today, organizations of all sizes are susceptible to these attacks and are vulnerable to social engineering schemes such as phishing, spear phishing, CEO Fraud and ransomware attacks. Why? In large part because their employees continue to be the weakest link in their network security and are untrained and unaware of the security risks they may fall victim to by the bad guys.    from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-feature-knowbe4-assessments-help-gauge-proficiency-of-your-users-in-security-awareness-and-sentiment-towards-security-culture

Schneier - ICT Supply-Chain Security

The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know. from Schneier on Security https://www.schneier.com/blog/archives/2019/10/ict_supply-chai.html

KnowBe4 - A Recent Spate Of Spear Phishing Attacks Is Targeting The Financial Industry

Image
Phishing attacks are getting harder to spot, especially as more attackers realize the value of targeted, well-crafted phishing attacks, according to Johannes Ullrich, the dean of research at the SANS Technology Institute. Ullrich recently joined the CyberWire to discuss a recent spate of spearphishing attacks targeting the financial industry. He explained that scammers try to slip malicious emails into normal business processes, so employees don’t even suspect that they’re dealing with a potential attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/a-recent-spate-of-spear-phishing-attacks-is-targeting-the-financial-industry

Recorded Future - Never Underestimate Threat Actors’ Persistence

Our guest this week is Jöerg Schauff. He’s a principal consultant at Symantec , focusing on cyber and threat intelligence . He shares his insights on the challenges he sees his clients facing in Germany and how their experiences inform proper defenses internationally. We’ll discuss the differences between run-of-the-mill thieves and nation-state threat groups, as well as how organizations can best make use of threat intelligence and set themselves up for success. This podcast was produced in partnership with the CyberWire . The post Never Underestimate Threat Actors’ Persistence appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-131/

SBS CyberSecurity - In The Wild 142

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 142 nd  issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [Blog] Safe Social Media Usage SBS Educational Resources We, as a society, use the internet, and especially social media, more with each day. We share everything, including travel itineraries, political views, and, sometimes, even what we had for lunch. However, we don’t oft...