Posts

Showing posts from May, 2020

Schneier - Friday Squid Blogging: Humboldt Squid Communication

Humboldt Squid communicate by changing their skin patterns and glowing . As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2020/05/friday_squid_bl_731.html

Krebs - Career Choice Tip: Cybercrime is Mostly Boring

Image
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path. Yes, I realize hooded hacker stock photos have become a meme , but that’s the point. The findings come in a new paper released by researchers at Cambridge University’s Cybercrime Centre , which examined the quality and types of work needed to build, maintain and defend illicit enterprises that make up a large portion of the cybercrime-as-a-service market. In particular, the academics focused on botnets and DDoS-for-hire or “booter” services, the maintenance of underg

Schneier - Bogus Security Technology: An Anti-5G USB Stick

The 5GBioShield sells for £339.60, and the description sounds like snake oil : ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device". "Through a process of quantum oscillation, the 5GBioShield USB key balances and re-harmonises the disturbing frequencies arising from the electric fog induced by devices, such as laptops, cordless phones, wi-fi, tablets, et cetera," it adds. Turns out that it's just a regular USB stick . from Schneier on Security https://www.schneier.com/blog/archives/2020/05/bogus_security_.html

Schneier - Facebook Announces Messenger Security Features that Don't Compromise Privacy

Note that this is " announced ," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Facebook Messenger's billion-plus users to identify shady behaviors. But crucially, Facebook says that the detection will occur only based on metadata­ -- not analysis of the content of messages­ -- so that it doesn't undermine the end-to-end encryption that Messenger offers in its Secret Conversations feature. Facebook has said it will eventually roll out that end-to-end encryption to all Messenger chats by default. That default Messenger encryption will take years to i

Krebs - UK Ad Campaign Seeks to Deter Cybercrime

Image
The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K. Internet address, and there’s a good chance you’ll see a paid ad show up on the first page of results warning that using such services to attack others online is illegal. The ads are being paid for by the U.K.’s National Crime Agency , which saw success with a related campaign for six months starting in December 2017. A Google ad campaign paid for by the U.K.’s National Crime Agency. NCA Senior Manager David Cox said the agency is targeting its ads to U.K. males age 13 t

Recorded Future - How Security Intelligence Helps Leaders Make Risk-Based Decisions

Editor’s Note : Over the next several weeks, we’ll be sharing excerpts from the second edition of our popular book, “ The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program .” Here, we’re looking at chapter six, “Threat Intelligence for Security Leaders.” To read the entire chapter, download your free copy of the handbook . Security intelligence — spanning across your entire security strategy — isn’t just for security operations and vulnerability management teams. It empowers security functions throughout the organization to make better, faster decisions and amplify their impact — all the way up to the CISO. Senior security leaders can leverage actionable intelligence to identify real risks and guide critical planning and investment decisions. While it was once relegated to the IT department, cybersecurity has now become a key business issue. It’s easy to see why: the cost of a data breach has increased by 12% over the past five years and now costs $3.92

TrustedSec - Automating a RedELK Deployment Using Ansible

Image
As the red team infrastructure needs continue to expand (and grow more complicated), so does the need for infrastructure automation. Red teams are adopting DevOps to improve the speed at which their infrastructure is deployed, hence the rise in usage of tools such as Terraform and Ansible for red teams. In this post, we will use Ansible to deploy the RedELK infrastructure visibility tool across a red team infrastructure. If you are new to RedELK, the high-level view is that it is an ELK stack specifically designed for red team usage. It shows things like Cobalt Strike beacon logs and Apache/HAProxy logs, all in a friendly Kibana user interface. I strongly encourage you to read the three-part series from the Outflank team on the development, configuration, and usage of their tool ( Part 1 , Part 2 , Part 3 ), then check out their GitHub Wiki . Henceforth, this post assumes you are familiar with RedELK installation and basic usage. Ideally, you would have at least stood up RedELK in a

Schneier - Thermal Imaging as Security Theater

Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen patients. Despite their prevalence, thermal cameras have many fatal limitations when used to screen for the coronavirus. They are not intended for distance from the people being inspected. They are " an imprecise method for scanning crowds " now put into a context where precision is critical. They will create false positives, leaving people stigmatized, harassed, unfairly quarantined, and denied rightful opportunities to work, travel, shop, or seek medical help. They will create false negatives, which, perhaps most significantly for public health purposes, "could miss

SBS CyberSecurity - Six Controls to Dramatically Reduce Cyber Risk of Incidents

Get the answer to one of our most asked questions: "What is your single biggest suggestion for everyone to better prepare for a cybersecurity issue/incident?" from SBS CyberSecurity https://sbscyber.com/resources/six-controls-to-dramatically-reduce-cyber-risk-of-incidents

Recorded Future - Accurately Calculate Cyber Risk With the Threat Category Risk Framework

Image
Risk is a fundamental concept in cybersecurity. Unfortunately, the most commonly used cybersecurity frameworks — the Diamond Model, MITRE ATT&CK , and the Lockheed Martin Cyber Kill Chain — aren’t based on risk. They’re designed to help you identify and remediate threats. However, there is a tool that any organization can use to accurately calculate the risk associated with different threat vectors — and even assign a dollar value to them. The Threat Category Risk Framework The threat category risk (TCR) framework — which builds on work by Douglas Hubbard and Richard Seiersen — is a practical, quantitative cyber risk framework. It’s designed to help security teams identify the likelihood and scale of annual financial loss posed by different cyber threats. The TCR framework is an ideal tool to build a risk-based security program around. It starts with a set of general threat categories. For each category, a security team estimates: The likelihood that an event will occur wi

Black Hills InfoSec - Promiscuous Wireless Packet Sniffer Project

Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of the tools and scripts I used (created by various authors and security research professionals). In particular, I was interested in creating my own software/hardware implementation […] The post Promiscuous Wireless Packet Sniffer Project appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/promiscuous-wireless-packet-sniffer-project/

Schneier - Websites Conducting Port Scans

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with): 5900: VNC 5901: VNC port 2 5902: VNC port 3 5903: VNC port 4 5279: 3389: Windows remote desktop / RDP 5931: Ammy Admin remote desktop 5939: 5944: 5950: WinVNC 6039: X window system 6040: X window system 63333: TrippLite power alert UPS 7070: RealAudio No one seems to know why : I could not believe my eyes, but it was quickly reproduced by me (see below for my observation). I surfed around to several sites, and found one more that does this (the citibank site, see below for my observation) I further see, at least across ebay.com and citibank.com the same ports, in the same

Krebs - Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office

Image
A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division. As detailed this week by the Mexican daily Reforma , several Mexican federal, state and municipal officers filed a complaint saying the attorney general office responsible for combating corruption had initiated formal proceedings against them for investigating Romanians living in Mexico who are thought to be part of the ATM skimming operation. Florian Tudor (right) and his business associates at a press conference earlier this year. Image: Reforma. Reforma said the complaint centers on Camilo Constantino Rivera , who heads the unit in the Mexican Special Prosecutor’s office responsib

SANS - Issue #42 - Volume XXII - SANS Newsbites - May 26th, 2020

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/42

TrustedSec - Introducing Proxy Helper – A New WiFi Pineapple Module

Image
I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application to go through a proxy, but sometimes that might not be the most convenient way. What if the application implements root or jailbreak detection? While it might be easily defeated, it can sometimes take several days to bypass, or you may be testing on a device that cannot be rooted or jailbroken. What if you wanted to proxy the traffic of that Wi-Fi connected IoT lightbulb that has no ability to set any proxy settings? After running into this issue a few times, I realized that this would be a great use of my WiFi Pineapple! However, some quick digging around in the settings and available modules did not reveal any options to get my web traffic flowing to Burp Suite.