Posts

Showing posts from January, 2021

Schneier - Friday Squid Blogging: Squids Don’t Like Pile-Driving Noises

New research : Pile driving occurs during construction of marine platforms, including offshore windfarms, producing intense sounds that can adversely affect marine animals. We quantified how a commercially and economically important squid ( Doryteuthis pealeii : Lesueur 1821) responded to pile driving sounds recorded from a windfarm installation within this species’ habitat. Fifteen-minute portions of these sounds were played to 16 individual squid. A subset of animals (n = 11) received a second exposure after a 24-h rest period. Body pattern changes, inking, jetting, and startle responses were observed and nearly all squid exhibited at least one response. These responses occurred primarily during the first 8 impulses and diminished quickly, indicating potential rapid, short-term habituation. Similar response rates were seen 24-h later, suggesting squid re-sensitized to the noise. Increased tolerance of anti-predatory alarm responses may alter squids’ ability to deter and evade preda...

Threat Post - WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites. from Threatpost https://threatpost.com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/

Threat Post - Microsoft 365 Becomes Haven for BEC Innovation

Two new phishing tactics use the platform's automated responses to evade email filters. from Threatpost https://threatpost.com/microsoft-365-bec-innovation/163508/

Dark Reading - Cloud Security Startup Armo Emerges from Stealth with $4.5M

Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control. from Dark Reading: https://www.darkreading.com/cloud/cloud-security-startup-armo-emerges-from-stealth-with-$45m/d/d-id/1340018?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Rapid 7 - Metasploit Wrap-Up

Image
MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileiron_mdm_hessian_rce , which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. ( CVE-2020-15505 ). MDM helps organizations manage and control all employees' devices, requiring it to be publicly reachable to synchronize devices, making this an appealing target. This exploit has been included on the U.S. National Security Agency's list of vulnerabilities known to be exploited by Chinese state-sponsored threat actors. More information about this exploit can be found here . PEAR Archive_Tar < 1.4.11 Arbitrary File Write exploits/multi/fileformat/archive_tar_arb_file_write has been added by gwillcox-r7 , which adds support for CVE-2020-28949 . CVE-2020-28949 is a vulnerability which affects the Archive_Tar plugin of the PEAR PHP development framework and is caused by Arc...

Dark Reading - FBI Encounters: Reporting an Insider Security Incident to the Feds

Most insider incidents don't get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality? from Dark Reading: https://www.darkreading.com/edge/theedge/fbi-encounters-reporting-an-insider-security-incident-to-the-feds-/b/d-id/1340016?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - Ransomware Payoffs Surge by 311% to Nearly $350 Million

Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/ransomware-payoffs-surge-by-311--to-nearly-$350-million/d/d-id/1340017?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

SANS - Issue #8 - Volume XXIII - SANS Newsbites - January 29th, 2021

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxiii/8

KnowBe4 - KnowBe4 graduates to become one of Okta's most popular apps by number of customers

Image
OKTA released their seventh "Business at Work" report, an in-depth look into how organizations and people work today — exploring workforces and customers, and the applications and services they use to be productive.  It’s from the unprecedented 2020 COVID lens that they view the data from their more than 9,400 customers and the Okta Integration Network (OIN), which includes over 6,500 integrations with cloud, mobile and web apps, as well as IT infrastructure providers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-graduates-to-become-one-of-oktas-most-popular-apps-by-number-of-customers

Krebs - The Taxman Cometh for ID Theft Victims

Image
The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year. One state’s experience offers a window into the potential scope of the problem. Hackers, identity thieves and overseas criminal rings stole over $11 billion in unemployment benefits from California last year, or roughly 10 percent of all such claims the state paid out in 2020, the state’s labor secretary told reporters this week . Another 17 percent of claims — nearly $20 billion more – are suspected fraud. California’s experience is tracked at a somewhat smaller scale in dozens of other states, where chronically underfunded and technologically outdated unemployment insurance system...

Schneier - Including Hackers in NATO Wargames

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks. Hackers and cyberwar experts would demonstrate how industrial control systems such as power supply for refrigeration and temperature monitoring in vaccine production facilities are critical infrastructure; they’re easy targets and should be among NATO’s priorities at the moment. Diversity of thought leads to better solutions. We in the information security community strongly support the involvement of acknowledged nonmilitary experts in the development and testing of future cyberwar scenarios. We are confident that independent experts, many of whom see sharing th...

Threat Post - Industrial Gear at Risk from Fuji Code-Execution Bugs

Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. from Threatpost https://threatpost.com/industrial-gear-fuji-code-execution-bugs/163490/

Threat Post - Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System

Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits. from Threatpost https://threatpost.com/apple-ios-imessage-blastdoor/163479/

Schneier - New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks. Groß notes that memory corruption based zero-click exploits typically require exploitation of multiple vulnerabilities to create exploit chains. In most observed attacks, these could include a memory corruption vulnerability, reachable without user interaction and ideally without triggering any user notifications; a way to break ASLR remotely; a way to turn the vulnerability into remote code execution;; and a way to break out of any sandbox, typically by exploiting a separate vulnerability in another operating system component (e.g. a userspace service or the kernel). from Schneier on Security https://www.schneier.com/blog/arch...

Dark Reading - Is the Web Supply Chain Next in Line for State-Sponsored Attacks?

Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/is-the-web-supply-chain-next-in-line-for-state-sponsored-attacks/a/d-id/1339936?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Rapid 7 - NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS

Image
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thing or two about the nature of internet exposure, so we figured, why not break up all the protocol studies into their own reports? So, here we are! What follows is taken directly from our National / Industry / Cloud Exposure Report (NICER), so if you don't want to wait around for the next installment, you can cheat and read ahead! [Research] Read the full NICER report today Get Started HTTP (TCP/80) & HTTPS (TCP/443) One protocol to bring them all, and in the darkness, bind them. TLDR WHAT IT IS: HTTP: Pristine, plaintext Hypertext Transfer Protocol communications. HTTPS: Encrypted HTTP. HOW MANY: 51,519,309 discovered HTTP nodes. 36,141,137 discovered HTTPS nodes. We’r...

Threat Post - Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher

New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with ‘Comebacker’ malware. from Threatpost https://threatpost.com/lazarus-affiliate-zinc-blamed-for-campaign-against-security-researcher/163474/

KnowBe4 - KnowBe4 Fresh Content Updates from January: Including 'The Inside Man' Season 3 Official Trailer

Image
Here are important fresh content updates and new features to share with you that happened in the month of January. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-fresh-content-updates-from-january-including-the-inside-man-season-3-official-trailer

Dark Reading - 2020 Marked a Renaissance in DDoS Attacks

Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around. from Dark Reading: https://www.darkreading.com/cloud/2020-marked-a-renaissance-in-ddos-attacks-/d/d-id/1340013?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - Law Enforcement Aims to Take Down Netwalker Ransomware

The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware. from Dark Reading: https://www.darkreading.com/endpoint/law-enforcement-aims-to-take-down-netwalker-ransomware/d/d-id/1340009?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat Post - Rocke Group’s Malware Now Has Worm Capabilities

The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. from Threatpost https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/

Threat Post - Utah Ponders Making Online ‘Catfishing’ a Crime

Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow. from Threatpost https://threatpost.com/utah-ponders-making-online-catfishing-a-crime/163456/

Threat Post - LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages

A phishing kit has been found running on at least 700 domains - and mimicking services like false SharePoint portals, OneDrive and Office 365. from Threatpost https://threatpost.com/logokit-simplifies-office-365-sharepoint-login-phishing-pages/163430/

Dark Reading - Breach Data Highlights a Pivot to Orgs Over Individuals

In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds. from Dark Reading: https://www.darkreading.com/attacks-breaches/breach-data-highlights-a-pivot-to-orgs-over-individuals/d/d-id/1340005?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

US-CERT - Data Privacy Day

Original release date: January 28, 2021 January 28 is Data Privacy Day (DPD) , an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA) , focus on how to Own Your Privacy. The NCSA teaches users how to protect valuable data online, while encouraging businesses to Respect Privacy by protecting data they collect. CISA encourages users and businesses to visit NCSA’s website to learn more, including several calls to action: For Individuals: Own Your Privacy Personal info is like money. Your purchase history, IP address, or location has tremendous value. Make informed decisions about whether or not to share such data with certain businesses. Keep tabs on your apps. Delete unused ones and keep others secure by performing updates. Manage your privacy and security settings. Continuously check them to limit what information you share. For Businesses: Respect Privacy If you collect it, protect it...

Threat Post - Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. from Threatpost https://threatpost.com/mimecast-solarwinds-hack-security-vendor-victims/163431/

Recorded Future - Keyloggers and Stealers Help Harvest Lifeblood Data of Criminal Activities

Image
to download the full report. Recorded Future analyzed current data from the Recorded Future® Platform, information security reporting, and other open source intelligence (OSINT) sources to identify keyloggers and stealers that facilitate threat actor campaigns. This report expands upon findings addressed in the report “ Automation and Commoditization in the Underground Economy ,” following reports on database breaches , checkers and brute forcers , loaders and crypters , credit card sniffers , banking web injects , exploit kits , forums, marketplaces and shops , and bulletproof hosting services, and will be of most interest to network defenders, security researchers, and executives charged with security risk management and mitigation. Executive Summary Keyloggers and stealers allow threat actors to gather sensitive information from victim systems, including credentials, personally identifiable information (PII), login data, network access, and cookies. As malware continues to de...

Dark Reading - Digital Identity Is the New Security Control Plane

Simplifying the management of security systems helps provide consistent protection for the new normal. from Dark Reading: https://www.darkreading.com/endpoint/authentication/digital-identity-is-the-new-security-control-plane/a/d-id/1339913?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - Building Your Personal Privacy Risk Tolerance Profile

Even today, on Data Privacy Day, privacy professionals give you permission to admit you actually love targeted ads. from Dark Reading: https://www.darkreading.com/edge/theedge/building-your-personal-privacy-risk-tolerance-profile/b/d-id/1339998?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

KnowBe4 - [HEADS UP] New Phishing Kit Spotted on Over 700 Domains

Image
A cybercriminal gang has recently developed a new phishing kit named LogoKit on several domains. LogoKit changes logos and text in real-time in order to adapt to the targeted victims. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-new-phishing-kit-spotted-on-over-700-domains

TrustedSec - Tailoring Cobalt Strike on Target

Image
We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic callbacks that the beacon executed, so what gives? You quickly make a few changes to your payload and resend your phish. But it’s too late, a Slack message has been sent, warning everyone to be careful of opening suspicious emails… OK, so maybe that’s a tad specific, but you get the point. Phishing is getting harder and rightly so—as an industry, we’ve spent years sending campaign after campaign, openly publishing research on how to evade that new security product with that obscure fronting technique. But we can’t really afford to lose what could be our only avenue for gaining access to a target, right? Here on the TrustedSec Adversary Emulation team, we’ve spent a...

Dark Reading - App Variety -- and Security Innovation -- Surged in 2020

The shift to remote work pushed businesses to reimagine the fabric of apps and cloud services they needed to support their workforces. from Dark Reading: https://www.darkreading.com/application-security/app-variety----and-security-innovation----surged-in-2020/d/d-id/1340003?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

KnowBe4 - Beware the Long Con Phish

Image
Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get the victim to reveal private information (e.g. a password or document) or perform another desired action (e.g. run a Trojan Horse malware program) that is against the victim’s or their organization’s best interest. Most are quick flights of fancy. One email, one rogue URL link, one phone call. The fraudster is counting on the victim’s immediate response as key to the success of the phishing campaign. The longer the potential victim takes to respond the less likely they are to fall for the criminal scheme. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/beware-the-long-con-phish

KnowBe4 - Data Privacy and Fingerprints

Image
Most people know, primarily criminals, that you don't want to leave the oils from your fingers at a crime scene because it creates a fingerprint. Everyone has them (unless they don't have fingers), everyone is unique, and there are databases to store, identify and catalog those fingerprints. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-privacy-and-fingerprints

KnowBe4 - 2021 Begins a New Decade of Privacy

Image
Privacy issues came about all across the board in 2020, and 2021 will be no different. From WhatsApp updating their terms of service and losing millions of users to countless proposals by legislatures to enact stricter privacy laws, and the interconnectedness of everything and everyone in our lives, we will begin to see huge advancements in the area of data privacy over the next year. I’ll take it up a notch and say that 2021 starts the next decade of privacy - and let's start with Data Privacy Day . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/2021-begins-a-new-decade-of-privacy

KnowBe4 - NSA Warns Against Using Third-Party DNS and Encourages DNS Over HTTPS

Image
As cybercriminals look for new ways to attack organizations, the National Security Agency takes a hard look at how DNS can be manipulated and makes recommendations on how to secure it. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/nsa-warns-against-using-third-party-dns-and-encourages-dns-over-https

KnowBe4 - Australians Experienced over 200K Scams in 2020 Costing Over A$176 Million

Image
New data from the Australian government’s Scamwatch site shows that phishing and vishing topped the list of scam types used to trick Australians into becoming a scam’s next victim. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/australians-experienced-over-200k-scams-in-2020-costing-over-a176-million