Posts

Showing posts from July, 2020

Krebs - Three Charged in July 15 Twitter Compromise

Image
Three individuals have been charged for their alleged roles in the July 15 hack on Twitter , an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15. Nima “Rolex” Fazeli , a 22-year-old from Orlando, Fla., was charged in a criminal complaint in Northern California with aiding and abetting intentional access to a protected computer. Mason “Chaewon” Sheppard , a 19-year-old from Bognor Regis, U.K., also was charged in California with conspiracy to commit wire fraud, money laundering and unauthorized access to a computer. A U.S. Justice Department statement on the matter does not name the third defendant charged in the case, saying juvenile proceedings in federal court are sealed to protect the identity of the youth. But an NBC News affiliate in Tampa reported today that authorities had arrest...

SANS - Issue #60 - Volume XXII - SANS Newsbites - July 31st, 2020

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/60

Schneier - Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack . News articles . Boing Boing post . Florida state attorney press release . This is a developing story. Post any additional news in the comments. from Schneier on Security https://www.schneier.com/blog/archives/2020/07/twitter_hacker_.html

Schneier - Friday Squid Blogging: Squid Proteins for a Better Face Mask

Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. (And you thought there was no connection between squid and COVID-19.) The military thinks this might have applications for self-healing robots . As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2020/07/friday_squid_bl_739.html

Schneier - Data and Goliath Book Placement

Image
Notice the copy of Data and Goliath just behind the head of Maine Senator Angus King. This demonstrates the importance of a vibrant color and a large font. from Schneier on Security https://www.schneier.com/blog/archives/2020/07/data_and_goliat_9.html

SBS CyberSecurity - The Board of Directors Proactive Cybersecurity Mindset

The Board of Directors' responsibility for oversight of the ISP is better managed proactively. A proactive mindset will reduce financial losses, have more efficient processes, gain control of the challenges to the Institution, and gain a competitive advantage over the competition. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3739/the-board-of-directors-proactive-cybersecurity-mindset

Schneier - Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story : The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more. from S...

Krebs - Is Your Chip Card Secure? Much Depends on Where You Bank

Image
Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. A chip-based credit card. Image: Wikipedia. Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can be read and recorded by skimming devices or malicious software surreptitiously installed in payment terminals. That data can then be encoded onto anything else with a magnetic stripe and used to place fraudulent transactions. Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip. The technology causes a unique encryption key ...

Recorded Future - How DuPont Drives Faster Decisions With Automated Intelligence

Key Takeaways DuPont, a global Fortune 500 company delivering technology-based materials, ingredients, and solutions that help transform industries and everyday life, relies on elite intelligence from Recorded Future to: Accelerate triage and reduce mean time to respond by a factor of 10 Balance personnel capabilities with automation to drive faster, more confident decisions and amplify efforts Streamline and justify vulnerability management efforts Ensure complete, consistent risk reduction in real-time across a massive restructured enterprise A Massive Enterprise Means Massive Challenges For more than 200 years, DuPont has been synonymous with life-changing discoveries and technological breakthroughs. Over the years, the enterprise has undergone numerous mergers and acquisitions. Most recently, they completed a sweeping restructuring to future-proof the business and continue delivering essential innovations that help people live safer, healthier lives. Such periods of tr...

Black Hills InfoSec - Webcast: Atomic Purple Team Framework and Life Cycle

Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble […] The post Webcast: Atomic Purple Team Framework and Life Cycle appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-atomic-purple-team-framework-and-life-cycle/

TrustedSec - The Updated Security Pro’s Guide to MDM, MAM, and BYOD

Bring your own device (BYOD) is an accepted convention, most commonly for mobile devices, in corporate environments. Even company-owned devices are treated by employees as personal devices and are often incorporated into the environment in the same way that employee-owned devices are. Our job in information security is to ensure that the business initiatives like BYOD can continue while ensuring a low-risk scenario. The strategies around how a foreign device is implemented have to be carefully planned and thought out in order to reduce the risk for the organization and be an incubator for innovation and creativity. It is important to establish what all of these terms mean. Mobile Device Management (MDM), sometimes referred to as Enterprise Mobility Management (EMM), typically gives the ability to manage a mobile device and ensure certain policies can be managed and maintained. For security professionals, this is often a desirable approach because the entire device can be managed, and ...

Krebs - Here’s Why Credit Card Fraud is Still a Thing

Image
Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year. In October 2019, someone hacked BriansClub , a popular stolen card bazaar that uses this author’s likeness and name in its marketing. Whoever compromised the shop siphoned data on millions of card accounts that were acquired over four years through various illicit means from legitimate, hacked businesses around the globe — but mostly from U.S. merchants. That database was leaked to KrebsOnSecurity , which in turn shared it with multiple sources that help fight payment card fraud. An ad for BriansClub has been using my name and likeness for years to pedd...

Recorded Future - Chinese State-Sponsored Group ‘RedDelta’ Targets the Vatican and Catholic Organizations

Image
Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Insikt Group® researchers used proprietary Recorded Future Network Traffic Analysis and RAT controller detections, along with common analytical techniques, to identify and profile a cyberespionage campaign attributed to a suspected Chinese state-sponsored threat activity group, which we are tracking as RedDelta. Data sources include the Recorded Future® Platform, Farsight Security’s DNSDB, SecurityTrails, VirusTotal, Shodan, BinaryEdge, and common OSINT techniques. This report will be of greatest interest to network defenders of private sector, public sector, and non-governmental organizations with a presence in Asia, as well as those interested in Chinese geopolitics. Executive Summary From early May 2020, The Vatican and the Catholic Diocese of Hong Kong were among several Catholic Church-related organizations that were targeted by RedDelt...

SANS - Issue #59 - Volume XXII - SANS Newsbites - July 28th, 2020

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxii/59

TrustedSec - Thycotic Secret Server: Offline Decryption Methodology

Image
On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that had access, then logging in with their domain credentials. It is now commonplace to see these systems instrumented with multi-factor authentication, making it much more difficult to compromise via the standard user interface. One such system is Thycotic Secret Server (TSS), a comprehensive solution for internal password management that does what it does really well. To be clear, this article does not drop any exploits against the app itself. It is simply a walkthrough for exposing the protected, encrypted secrets offline and decrypting into a plaintext, readable format. If you are on an internal test, h...

Recorded Future - How Elite Intelligence Makes MISP More Powerful

Security analysts are under more pressure than ever. As businesses adapt to new realities, the attack surface grows, and cyber defenders are charged with gaining and maintaining situational awareness of their ever-expanding landscapes. Unfortunately, cyber threats don’t stay still while analysts manually piece together data, feed it into disparate technologies, and then processes and share it across the organization. Critical gaps emerge when security teams don’t collaborate effectively and tools don’t communicate efficiently . As a result, true situational awareness remains elusive for many organizations, and finding and analyzing actual risk takes far too much time. What Is MISP? To get a better handle on the external threats targeting their business and industry, more than 6,000 companies have turned to MISP , an open source, community-driven threat intelligence platform (TIP). MISP collects, stores, and promotes information sharing of intelligence, financial fraud information,...

Schneier - Survey of Supply Chain Attacks

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary : Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.States have targeted software supply chains with great effect as the majority of cases surveyed here did, or could have, resulted in remote code execution. Examples: CCleaner , NotPetya , Kingslayer , SimDisk , and ShadowPad . Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code. Overcoming these protections is a critical step to enabling everything from simple alterations of open-source code to complex nation-state espionage campaigns. Examples: ShadowHammer , Naid/McRAT , and BlackEnergy 3 . Hijacking Software Updates: 27% of these attacks ta...

Krebs - Business ID Theft Soars Amid COVID Closures

Image
Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits. Most consumers are likely aware of the threat from identity theft, which occurs when crooks apply for new lines of credit in your name. But the same crime can be far more costly and damaging when thieves target small businesses. Unfortunately, far too many entrepreneurs are simply unaware of the threat or don’t know how to be watchful for it. What’s more, with so many small enterprises going out of business or sitting dormant during the COVID-19 pandemic, organized fraud rings have an unusually ri...