BuzzSec

Cool photo . As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2020/02/friday_squid_bl_718.html

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data. The FCC proposed fining T-Mobile $91 million; AT&T faces more than $57 million in fines; Verizon is looking at more than $48 million in penalties; and the FCC said Sprint should pay more than $12 million. An FCC statement (PDF) said “the size of the proposed fines for the four wireless carriers differs based on the length of time each carrier apparently continued to sell access to its customer location information without reasonable safeguards and the number of entities to which each carrier continued to

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/17

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/16

For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt. (The default is 15%, and you can change that.) Ss an EFF board member, I know that we've received a substantial amount from this program in previous years. from Schneier on Security https://www.schneier.com/blog/archives/2020/02/humble_bundles_.html

Microsoft recently released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an attacker to send a specially crafted payload to the server and have it execute an embedded command. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020. The POC exploit tested by TrustedSec was obtained from https://github.com/Yt1g3r/CVE-2020-0688_EXP . TrustedSec’s Research Team has verified that these POCs are valid and have gained code execution on internal test systems. An Overview of the Vulnerability The CVE-20200688 vulnerability affects the Exchange Control Panel (ECP) component. The vulnerability affects all installations of Exchange Server because until the most recent patch, all Exchange Servers had the same validation key and validation algorithm in the web.config file. The POC exploits take advantage of same validation key and validation algorithm to craft a serialized __VIEWSTATE

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week. It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous. Google says that 63 percent of the malicious documents it blocks each day are different than the ones its systems flagged the day before. But this is exactly the type of pattern-recognition problem where deep learning can be helpful. [...] The document analyzer looks for common red flags, probes files if they have components that may have been purposefully obfuscated, and does other checks like examining macros­ -- the tool in

A new timeline is here! Today we have the list of the main cyber attacks occurred in the second half of January 2020. In this timeline I have collected a total of 83 events, if we consider that 7 of them occurred in the first half of the same month, we are in line with the previous timeline. from HACKMAGEDDON https://www.hackmageddon.com/2020/02/27/16-31-january-2020-cyber-attacks-timeline/

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death. It's a lot to read, but it's an interesting take on how to secure this otherwise disastrously insecure world. And it was inspired by my book, Click Here to Kill Everybody . from Schneier on Security https://www.schneier.com/blog/archives/2020/02/securing_the_in.html

Cybercriminals continue to utilize remote code execution attacks that target edge devices as a way to breach network perimeters. To prevent these types of breaches, network security teams need to evolve their approach toward bolstering security postures at the edge. Recorded Future’s security intelligence philosophy introduces three principles that work in harmony to help network security teams strengthen the policies and controls that govern and protect their network perimeters. By proactively planning and incorporating the principles of security intelligence , organizations can minimize the impact of cyber threats and improve the resilience of their IT networks. The State of Perimeter Security The use of IoT networks, personal devices, and the public cloud has exploded in recent years. While these activities take place outside of network perimeters, they also greatly increase the amount of activity that takes place on premises and in private clouds — inside of network perimeters.

Hello and welcome, my name is John Strand and in this video, we’re going to be getting started with Wireshark. Now, Wireshark is very similar to TCPDump, in fact, a lot of people actually prefer Wireshark to TCPDump, but I look at them as two completely different utilities. TCPDump is fantastic for creating scripts, going […] The post Getting Started With Wireshark appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/getting-started-with-wireshark/

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. Alex Holden , the security expert who first spotted the code for sale, said at the time the vulnerability was so “stupid” and easy to exploit that he wouldn’t be surprised to find other Zyxel products were similarly affected. Now it appears Holden’s hunch was dead-on. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and th

THIS POST WAS WRITTEN BY  @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20 , Winter2020 . But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February 25, 2020, the oldest passwords in such an organization would land in the end of November. It’s possible that a user has a November19 or Fall2019 password set. To make the task of creating weak password lists a little easier, I’ve created weakpasswords.net (and south.weakpasswords.net for our friends in the Southern Hemisphere). This site displays a list of candidate passwords for brute-force attacks based on the current date and is updated daily via a cronjob. The code is available on GitHub ( https://github.com/nyxgeek/weakpass_generator ) and is easily modified. Each month has an array of base words defined. For example, November has the follo

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday. [...] The privacy board, working with the intelligence community, got several additional salient facts declassified as part of the rollout of its report. Among them, it officially disclosed that the system has gained access to Americans' cellphone records, not just logs of landline phone calls. It also disclosed that in the four years the Freedom Act system was operational, the

SBS CyberSecurity is aware of a new style of phishing email that uses an initial link in an email to a legitimate website, pointing to user-editable content which contains the malicious link. Most of these emails are getting by filters because the initial link is to a reputable site. from SBS CyberSecurity https://sbscyber.com/resources/threat-advisory-new-phishing-technique

Fiction envisions a world taken over by autonomous machines — self-building, self-aware robots that are near perfect as they fight humankind. We marvel at their ability to operate and replicate. In reality, automation saves time, money, and even lives. As an example, WannaCry, a ransomware variant, was responsible for a cyberattack costing an estimated $4-8 billion. However, it was preventable with a software update that was released eight months prior. Yet, 66% of businesses can’t or won’t rely on automated patching . The adoption of automation has its challenges — but intelligence-led security can be challenging, too. The term “intelligence,” on one hand, brings images of James Bond and a powerful capability that delivers a crystal ball-like understanding. On the other hand, intelligence more abstractly reports Google’s DNS (8.8.8.8) as a malicious indicator of compromise (IOC). Intelligence, like automation, is not a capability that can be picked off the shelf, plugged in, and in

This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [...] But the move is not without controversy. Last year, an internet industry group branded Mozilla an "internet villain" for pressing ahead the security feature. The trade group claimed it would make it harder to spot terrorist materials and child abuse imagery. But even some in the security community are split, amid warnings that it could make incident response and malware detection more difficult. The move to enable DoH by default will no doubt face resistance, but browser makers have argued it's not a technology that browser makers have shied away from. Firefox became the first browser to implement DoH -- with others, like Chrome, E

Patch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel  today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp.  (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale. KrebsOnSecurity first learned about the flaw on Feb. 12 from Alex Hol

There’s that old saying, “The more things change, the more things stay the same.” In cybersecurity and incident response , even with all of the new tools, increased speed, and mounting threats, a large part of keeping any organization safe comes down to taking care of the basics — the tried and true techniques that have served us well for decades. Our guest this week is Gavin Reid , chief information security officer at Recorded Future. He’s a firm believer in taking care of the basics, empowering employees to collaborate and take healthy risks, and making sure that your communication style is concise and actionable — all good advice, tried and true. This podcast was produced in partnership with the CyberWire . The post Security That Fits the Needs of the Organization appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-147/

Hello and welcome, my name is John Strand and in this video, we’re going to be talking about getting started with TCPDump.   Now, TCPDump is a fantastic tool, it’s one of the core essential tools that every single IT professional should have, especially Infosec professionals. The reason why is TCPDump gives us the ability to […] The post Getting Started With TCPDump appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/getting-started-with-tcpdump/

    In The Wild - CyberSecurity Newsletter Welcome to the 159 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [Blog]: How to Make the Most of Your Annual IT Audit SBS Educational Resources When you hear the term “bank robber,” a leather-clad outlaw with