Posts

Showing posts from April, 2020

Krebs - How Cybercriminals are Weathering COVID-19

Image
In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals. Here’s a look at how they’re adjusting to these new realities. FUELED BY MULES One of the more common and perennial cybercriminal schemes is “reshipping fraud,” wherein crooks buy pricey consumer goods online using stolen credit card data and then enlist others to help them collect or resell the merchandise. Most online retailers years ago stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Rus...

SBS CyberSecurity - Iowa Cybersecurity Bill Introduces Affirmative Defense

Iowa SF 2252 A new Iowa law could quickly dictate the level of responsibility your organization has following a data breach. Introduced in January 2020 as Senate File (SF) 2073 and recommended for approval as SF 2252, this new bill states “It is an affirmative defense to any claim or action alleging that a person’s failure to implement reasonable security measures resulted in a breach of security, that the person established, maintained, and complied with a written cyber security program.”   What is Affirmative Defense? Affirmative defense is a set of facts that defeat or mitigate the legal consequences of the defendant’s otherwise unlawful act. An organization can admit to guilt, but they can use an explanation or justification to mitigate the legal penalty stemming from a cyber incident. In this case, the defense will be a formal (written) cybersecurity program that “conforms to current and accepted industry standards regarding cyber security and personal information security pro...

SBS CyberSecurity - Hacker Hour: Innovation Through a Pandemic Round Table

Collaborate with SBS and your peers for an interactive round table discussion focused on sharing innovative ideas and ways of leveraging technology that has kept our businesses running in a mostly virtual world. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3722/hacker-hour-innovation-through-a-pandemic-round-table

Schneier - Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla . Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns . It still has a bit to go on end-to-end encryption. Matthew Green looked at this . Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. That's pretty good, but the real worry is where the encryption keys are generated and stored. According to Citizen Lab , the company generates them. The Zoom transport protocol adds Zoom's own encryption scheme to RTP in an unusual way. By default, all participants' audio and video in a Zoom meeting appears to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting's participants by Zoom servers. Zoom's encryption a...

TrustedSec - Vendor Enablement: Rethinking Third-Party Risk

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network, facility, or data, there is risk to your organization—and it is essential to manage that risk. But what happens when the vendor has deficiencies in their own security program? Generally, there are a few ways companies manage these situations: You can choose to use a different vendor, you can put compensating controls in place, or you can hold off on using them until they improve their controls. From Vendor Compliance to Vendor Enablement We encourage a fourth option whenever possible. We refer to it as ‘vendor enablement,’ and it focuses on treating vendors as partners (and we are not just saying that because we are vendors ourselves). Vendor enablement is all...

Recorded Future - Security Intelligence Definition: What It Means For Your Organization

Image
In many organizations today, intelligence and security are out of sync. Teams are focused on differing objectives, data analysis is performed in silos and lacks relevance, and when threats are uncovered, response times are often too slow. This reactive approach to security results in lost time and wasted resources — and puts the business in harm’s way. To drive down risk while achieving meaningful operational outcomes, intelligence must be embedded into the core of every security workflow, function, and decision. This requires a unified approach for collecting, analyzing, and automating data and insights . Security Intelligence Definition Security Intelligence is defined as an outcomes-centric approach to reducing risk that fuses external and internal threat, security, and business insights across an entire organization. Security Intelligence: The Single Source of Truth Across Your Organization Enter security intelligence . For us at Recorded Future, security intelligence is so m...

HACKMAGEDDON - 1-15 April 2020 Cyber Attacks Timeline

It's time to publish the first timeline of April, covering the main cyber attacks occurred in the first fortnight of this month. The COVID-19 emergency continues to characterize the threat landscape, and in this timeline I have collected... from HACKMAGEDDON https://www.hackmageddon.com/2020/04/30/1-15-april-2020-cyber-attacks-timeline/

Schneier - How Did Facebook Beat a Federal Wiretap Demand?

This is interesting : Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and the Washington Post on Tuesday asked a San Francisco-based federal court of appeals to unseal the judge's decision, arguing the public has a right to know how the law is being applied, particularly in the area of privacy. [...] The Facebook case stems from a federal investigation of members of the violent MS-13 criminal gang. Prosecutors tried to hold Facebook in contempt after the company refused to help investigators wiretap its Messenger app, but the judge ruled against them. If the decision is unsealed, other tech companies will likely try to use its reasoning to ward off similar government requests in the future. Here's the 2018 story . Slashdot thread . from Schneier on ...

Recorded Future - Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests

Image
Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Recorded Future analyzed data from the Recorded Future® Platform, social media sites, local and regional news sites, academic studies, information security reporting, and other open sources (OSINT) for updates on Chinese state-sponsored influence operations targeting the 2020 Taiwanese presidential elections and Hong Kong protests. This report covers topics and information from September 21, 2019 through March 20, 2020 and will be of most value to government departments, geopolitical scholars and researchers, and all users of social media. Executive Summary As outlined by previous Insikt Group research , Chinese influence operations often aim to present a positive, benign, and cooperative image of China to foreign audiences. However, we have discovered that there is a more aggressive and coercive side of Chinese influence operations when it c...

Black Hills InfoSec - Getting Started With Base64 Encoding and Decoding

Hello and welcome. My name is John Strand and in this video, we’re going to be talking about Base64 encoding and decoding. Now the reason why we’re talking about it is once again we have the BHIS Cyber Range for our customers and friends and this is just basically a video to walk people through […] The post Getting Started With Base64 Encoding and Decoding appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/getting-started-with-base64-encoding-and-decoding/

SANS - Issue #34 - Volume XXII - SANS Newsbites - April 28th, 2020

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/34

Krebs - Would You Have Fallen for This Phone Scam?

Image
You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft. Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors  and failed spectacularly . In that episode, the people impersonating his bank not only spoofed the bank’s real phone number, but they were also pretending to be him in a separate call at the same time with his bank. This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call wit...

Schneier - Fooling NLP Systems Through Word Swapping

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural. For example, changing the sentence "The characters, cast in impossibly contrived situations, are totally estranged from reality" to "The characters, cast in impossibly engineered circumstances, are fully estranged from reality" makes no real difference to how we read it. But the tweaks made an AI interpret the sentences completely differently. The results of this adversarial machine learning attack are impressive: For example, Google's powerful BERT neural net was worse by a factor of five to seven at identifying whether reviews on Yelp were positive or negative. The paper : Abstract : Machine learning algorithms are often vulnerable to adversarial examp...

Recorded Future - 10 Years of Building the Security Intelligence Graph: A Tech Retrospective

Image
Recorded Future recently passed a big milestone, having reached an annual recurring revenue (ARR) level of $100 million — something very few SaaS companies ever do ! Now, 10 years into the life of Recorded Future (or 12, if you count a couple of years of prototyping in the virtual garage startup phase), we’ve decided that it would be a good time to do a brief technology-oriented retrospective regarding how we have built and continue to evolve our amazing product. We’d like to address questions related to what we have done well and not so well, which good, early design decisions we made, what we could have done differently (had we known where we would be going), and what has surprised us the most over the years. We’ll start off with a brief introduction of what Recorded Future does, followed by a description of our high-level architecture, followed by deep dives into some technical areas of special interest. What We Do at Recorded Future To use a buzzword of the 2020s, Recorded Fut...