Tehran strategic networks attacked, Hadashot TV says, hours after Israel revealed it tipped off Denmark about Iran murder plot, and days after Rouhani’s phone was found bugged
Iranian infrastructure and strategic networks have come under attack in the last few days by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” and Israeli officials are refusing to discuss what role, if any, they may have had in the operation, an Israeli TV report said Wednesday.
The report came hours after Israel said its Mossad intelligence agency had thwarted an Iranian murder plot in Denmark, and two days after Iran acknowledged that President Hassan Rouhani’s mobile phone had been bugged.
“Remember Stuxnet, the virus that penetrated the computers of the Iranian nuclear industry?” the report on Israel’s Hadashot news asked. Iran “has admitted in the past few days that it is again facing a similar attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”
According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts.
The purpose of this research from High-Tech Bridge (HTB) is designed to show that the problem is far bigger and less acceptable than most companies imagine. It was prompted, at least in part, by HTB’s experience with one particular U.S. government agency client.
The majority of those using their personal mobiles for work object to their employer’s demands
Almost three-quarters of employees are being forced to install work-based applications onto their personal mobile phones so they can carry out their jobs, a report by CCS Insight has revealed.
Although 74% of employees admit they resent the idea of using work applications on their personal devices due to fears their employers can track them, two-thirds said they do trust their employers with their privacy.
Other concerns expressed by employees in the survey included a fear that artificial intelligence will result in job losses over time.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service.
North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit on Wednesday, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo.
According to South Korea’s intelligence service, North Korea is purportedly still hacking computers to mine cryptocurrency as a revenue stream for the country’s government, United Press International (UPI) reports.
The malware appears to be hi-jakcing host computers to mine – you guessed it – Monero. As ever, XMR remains the choice for crypto-jacking bandits around the globe.
Not only that, the Monero is then sent back to Kim II Sung University in Pyongyang, according to another local news outlet, Chosun Ilbo.
North Korea seems to be turning to cryptocurrency as a way to bypass ever increasing international sanctions placed on the country.
Recently it was reported that a supposedly state-sponsored North Korean hacking outfit stole over $570 million worth of cryptocurrency.
A series of research projects, patent filings, and policy changes indicate that the Pentagon wants to use social media surveillance to quell domestic insurrection and rebellion.
A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.
Steganography is the act of hiding information or messages inside objects that are not themselves secret. This allows people to covertly distribute messages, files, and other types of data in files or data that appear to be non-secretive in nature.
In a recent experiment, security researcher Dаvіd Вucһаnаn created a JPEG image of Shakespeare that also included a RARed copy of his complete works in HTML format. Buchanan went on to further show that this image could also be uploaded to Twitter, which would create a thumbnail that continued to contain the embedded RAR file.
Вucһаnаn was able to do this by creating a script that converted the multi-part RAR file into an ICC profile, which was then embedded into a picture of Shakespeare. ICC profiles are data fields in an image that detail the characteristics and color of an input device, so that the colors are displayed properly when outputted.
“ICC profiles are stored in chunks of approximately 64kb,” Вucһаnаn told BleepingComputer via Twitter direct message. “So I had to split the data into correspondingly sized chunks and a multi-part RAR archive seemed like a good way to do that”
In many cases, not even a simple network vulnerability scan has been performed, much less in-depth application vulnerability and penetration testing. Source code analysis, which can complement traditional vulnerability and penetration testing, is typically an afterthought at best.
Why Is Application Security Lacking?
In many cases, I believe IT and security teams, along with their software development and quality assurance (QA) counterparts, take application security for granted because they assume it’s just an internal application or marketing website that doesn’t process or store critical information assets. Or, they assume that common application flaws, such as cross-site scripting (XSS), unhandled exceptions and web server misconfigurations, are insignificant.
In reality, these vulnerabilities can amount to a huge gap in security. It’s all about context: I’ve seen situations where critical software flaws were right under the noses of the people in charge, but they didn’t fully understand their own software functionality or didn’t look deeply enough from multiple perspectives.
Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, masquerading as a security solution, on the website SuperAntiSpyware, infecting systems that tried to download a legitimate version of the antispyware software.
Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a publicly available data breach, and then used this data to facilitate their sextortion attacks. While the attackers do not actually have any compromising videos showing the victim, the emails claim to have explicit videos that they will distribute if the victim doesn’t pay the extortion payment by a certain time. By including the recipient’s password along with their demands for payment, the attackers hope to legitimize their claims about having compromising material concerning the victim.
Security and compliance solutions provider Qualys on Tuesday announced the acquisition of Layered Insight, a company that specializes in protecting container-native applications.
Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.
Security Teams Are Often Challenged to Run a Proper Security Program With Too Few Resources
One of my favorite English-language proverbs states: “necessity is the mother of invention.” The Oxford dictionary explains the meaning of this proverb as: “when the need for something becomes imperative, you are forced to find ways of getting or achieving it.” As you might have already guessed, I believe we can learn an important security lesson from this proverb.
At a high level, our goal in security is to manage, mitigate, and minimize risk. In an ideal world, we would enumerate the list of risks and threats we are concerned about and allocate the necessary resources to properly address them. Of course, we don’t live in an ideal world. Most security teams feel this quite acutely in the form of resource constraints. Whether considering time, money, personnel, or any combination of the three, there just never seem to be enough resources to address the challenges at hand.
Open Whisper Systems on Monday announced that the latest beta version of the Signal messaging app includes a new feature that aims to protect the identity of the sender.
Signal uses end-to-end encryption to protect messages and it avoids storing data such as contacts, conversations, locations, avatars, profile names, and group details. However, current stable versions do rely on the service knowing where a message comes from and where it’s going.
Signal developers hope to further reduce the amount of data accessible to the messaging service with a new feature, named “sealed sender,” that eliminates the need to know who the sender is.
Although the U.S has been engaged in cybersecurity for over a generation, “there continues to be organizational and human gaps that leave the nation insecure.” Few people would disagree. What is less clear is any realistic and effective solution to the problem.
Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.
This is a buffer overflow issue in the error handling for network packets.
Sometimes a simple idea can yield fantastic results. A few runs of LED strips fastened to a black hoody and sweatpants and just like that…a LED stick person costume for Halloween. The creator of the “Glowy Zoey” [Royce] originally put together some glow in the dark stick person suits to stand out when hitting the slopes at night. Now he’s taken that simple idea for a costume and made a small business out of it.
It has been argued that the future of software development and operations is all about speeding up development and deployment through cloud-based infrastructure and open source software.
Plenty of people are following the final days of the midterm election campaigns. Yale law researcher Rebecca Crootof has a special interest—a small wager. If she wins, victory will be bitter sweet, like the Manhattan cocktail that will be her prize.
In June, Crootof bet that before 2018 is out an electoral campaign somewhere in the world will be roiled by a deepfake—a video generated by machine learning software that shows someone doing or saying something that in fact they did not do or say. Under the terms of the bet, the video must receive more than 2 million views before being debunked. If she loses, Crootof will owe a sporting tiki drink to Tim Hwang, director of a Harvard-MIT project on ethics and governance of artificial intelligence. If she wins, it will validate the fears of researchers and lawmakers that recent AI advances could be used to undermine democracy.
The US midterms are seen as a possible target that could prove the pessimists right. Facebook says the elections have already attracted other, more conventional disinformation campaigns.
Fresh on the heels of the IBM purchase announcement, Red Hat released RHEL 7.6
The release offers improved security, such as support for the Trusted Platform Module (TPM) 2.0 specification for security authentication. It also provides enhanced support for the open-source nftables firewall technology.
According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed. “This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,”
Open Source software is always trustworthy, right? [Bertus] broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the system clipboard for a Bitcoin address, and replaces that address with a hardcoded one. Essentially this plugin attempts to redirects Bitcoin payments to whoever wrote the “colourama” library.
Why would anyone install this thing? There is a legitimate package named “Colorama” that takes ANSI color commands, and translates them to the Windows terminal. It’s a fairly popular library, but more importantly, the name contains a word with multiple spellings
At a hearing into the SingHealth cyber attack on Oct 31, 2018, a senior manager said that if he reported what he learnt about a possible breach into the database, he will have many people chasing him for answers and updates.
Two days after a junior staff member from the Integrated Health Systems (IHiS) informed a senior manager that an attacker had infiltrated SingHealth’s patient database on July 4, the superior still decided against reporting the cyber-security incident to higher management.
his decision led to “a bottleneck” in the reporting of the breach.
In his reply to his subordinate on July 6, the senior manager said: “Once we escalate to management, there will be no day and no night… everyone in IHiS will be working non-stop on this case.”
During the cyber attack, 1.5 million patients had their personal data stolen, and 160,000 of them — including Prime Minister Lee Hsien Loong — also had their outpatient medication data extracted.
Mr Lee also urged his boss to report the incident to higher-level management.
Mr Tan said he had thought to himself, “If I report the matter, what do I get?”
Cybersecurity Agency of Singapore (CSA), IHiS and SingHealth would “put pressure” on his team.
“it was not confirmed that there had been successful access to any server”.
NOT REALLY HIS JOB TO RAISE ALARM
he did not feel a need to report the matter, until he had obtained all the necessary information deemed necessary to classify the attack as a security incident, which would include information about the impact of the attack and the identity of the attacker.
He added that even if a cyber-security incident had occurred, he did not think that it would be his job to raise the alarm.
this “bottleneck is not acceptable”, Mr Benedict Tan said
Mr Chua replied that it may not be wise to involve senior management in all cyber-security threats, as there could be numerous false alarms.
Adopting the “assume breach” mindset, where it is always assumed that the company’s assets have been compromised
To this, COI chair Richard Magnus said that cyber-security defence was both an “art and a science”.
Mr Chua then acknowledged that the tabletop exercises may not fully prepare staff members to identify and respond to security incidents.
the SCM database itself, which is considered a critical information infrastructure, was not tested for vulnerabilities.
Google on Wednesday announced several new tools and protection mechanisms designed to help users secure their accounts and recover them in case they have been compromised.
It’s not uncommon for accounts to get hacked after their username and password have been obtained by malicious actors through phishing attacks. Since many users still haven’t enabled two-factor authentication, Google has introduced an additional layer of security during the login process.
When the username and password are entered on the sign-in page, a risk assessment is run and the login is only successful if nothing is suspicious. However, for the risk assessment to work, Google says users need to have JavaScript enabled.
A top Australian defence firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt.
Austral — which among other things makes small, quick ships for warfare close to shore — said its “data management system” had been infiltrated by an “unknown offender”.
In a statement, the company claimed that there was “no evidence to date” that “information affecting national security nor the commercial operations of the company have been stolen”.
However it said staff email addresses and mobile phone numbers were accessed and the offender purported to offer materials for sale on the internet and “engage in extortion”.
Their anger is all over social media for the whole world to see, with rants about minorities, relationships gone bad or paranoid delusions about perceived slights.
The perpetrators of mass shootings often provide a treasure trove of insight into their violent tendencies, but the information is not always seen by law enforcement until after the violence is carried out. In addition, rants and hate speech rarely factor into whether someone passes a background check to buy guns.
“We can go out on Twitter and there are loads of people saying insane stuff, but how do you know which is the one person? It’s always easy after the fact, to go: ‘That was clear.’ But clearly everyone spouting their mouth doesn’t go and shoot up a synagogue,” said David Chipman, a retired agent of the federal Bureau of Alcohol, Tobacco, Firearms and Explosives and now senior policy adviser for the Giffords Center.
Democrat Senator Ron Wyden released a draft bill this week that proposes big fines for companies misusing the personal information of American consumers, along with significant prison terms for their executives.
The new bill, named the Consumer Data Protection Act of 2018, aims to give consumers control over their data, including how it’s sold or shared, and gives the U.S. Federal Trade Commission (FTC) the power to issue fines and other penalties.
Sen. Wyden is accepting feedback on the bill. In its current form, the legislation empowers the FTC to establish minimum privacy and security standards, issue fines of up to 4% of an offending company’s annual revenue (similar to the EU’s GDPR), and even prison terms ranging between 10 and 20 years for senior executives. The agency would be given the resources necessary to hire 175 individuals to “police” the market for private data.
US Attorney General Jeff Sessions announced charges Thursday against Chinese and Taiwan companies for theft of an estimate $8.75 billion worth of trade secrets from US semiconductor giant Micron.
Sessions said the case was the latest in a series that are part of a state-backed program by Beijing to steal US industrial and commercial secrets.
“Taken together, these cases and many others like them paint a grim picture of a country bent on stealing its way up the ladder of economic development and doing so at American expense,” Session said.
“This behavior is illegal. It is wrong. It is a threat to our national security. And it must stop.”
US spending on intelligence has soared under President Donald Trump, figures released on Tuesday showed, as the government stepped up cyber warfare activities and boosted spying on North Korea, China and Russia.
Spending on civilian and military intelligence jumped by 11.6 percent to $81.5 billion in fiscal 2018, which ended on September 30, according to the Department of Defense and the Office of the Director of National Intelligence.
Spending for the National Intelligence Program, which spans some 16 agencies including the Central Intelligence Agency, National Security Agency, some defense operations and reconnaissance from space, rose to $59.4 billion from $54.6 billion in fiscal 2017.
The Military Intelligence Budget came in at $22.1 billion, up from $18.4 billion in fiscal 2017.
The Trump administration has sharply increased both military and intelligence outlays, spending more on personnel, equipment and operations.
Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell.
The industrial giant last year launched SMX, a product designed to protect facilities from USB-born threats, and the company has also been using it to determine the risk posed by USB drives to such organizations.
Honeywell has analyzed data collected from 50 locations across the United States, South America, Europe and the Middle East. The enterprises whose systems were part of the study represented the energy, oil and gas, chemical manufacturing, pulp and paper, and other sectors.
Honeywell said its product had blocked at least one suspicious file in 44% of the analyzed locations. Of the neutralized threats, 26% could have caused major disruptions to industrial control systems (ICS), including loss of control or loss of view.
Furthermore, Honeywell says 16% of the detected malware samples were specifically designed to target ICS or IoT systems, and 15% of the samples belonged to high profile families such as Mirai (6%), Stuxnet (2%), Triton (2%), and WannaCry (1%).
Millions of access points and other networking devices used by enterprises around the world may be exposed to remote attacks due to a couple of vulnerabilities discovered by researchers in Bluetooth Low Energy (BLE) chips made by Texas Instruments.
Bluetooth Low Energy, or Bluetooth 4.0, is designed for applications that do not require exchanging large amounts of data, such as smart home, health and sports devices. BLE stays in sleep mode and is only activated when a connection is initiated, which results in low power consumption. Similar to the classic Bluetooth, BLE works over distances of up to 100 meters (330 feet), but its data transfer rate is typically 1 Mbit/s, compared to 1-3 Mbit/sec in the case of classic Bluetooth.
Researchers at IoT security company Armis, who in the past discovered the Bluetooth vulnerabilities known as BlueBorne, now claim to have found two serious vulnerabilities in BLE chips made by Texas Instruments. These chips are used in access points and other enterprise networking devices made by Cisco, including Meraki products, and HP-owned Aruba Networks.
The flaws, dubbed BLEEDINGBIT by Armis, can allow a remote and unauthenticated attacker to take complete control of impacted devices and gain access to the enterprise networks housing them.
The IoT security firm is in the processes of assessing the full impact of the BLEEDINGBIT vulnerabilities, but so far it determined that they affect several Texas Instruments chips. One of the flaws, tracked as CVE-2018-16986, has been found in CC2640 and CC2650 chips running BLE-STACK 2.2.1 and earlier, and CC2640R2 running version 1.0 or earlier.
November marks the beginning of the holiday shopping season. Consumers are making their shopping lists. Retailers are gearing up for the rush of shoppers. And hackers are honing their skills and using new tools to take advantage of the spike in online transactions. A 2018 survey (PDF) by RetailMeNot shows that consumers are expected to spend an average of $803 holiday shopping during Black Friday weekend, up from an average of $743 last year, with Black Friday and Cyber Monday projected to be the top two desktop and mobile shopping days of the year. While 67 percent of shoppers will go to department stores, 60 percent plan to shop with online-only retailers.
On Thursday, network equipment makers Aruba, Cisco, and Cisco-owned Meraki plan to patch two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that power their respective enterprise Wi-Fi access points.
aking a page from Apple’s playbook, Nadella was keen to highlight the efforts made by the Microsoft in privacy. Amazon, in its September gadgetfest, famously failed to utter the “P” word once. Nadella, on the other hand, was more forthright, seeing the recently introduced GDPR as a good first step before declaring: “Privacy is a human right.”
Cisco firewalls under attack – and there’s no patch: Too many SIPs and they drown in data
Denial-of-service flaw exploited by miscreants in the wild, networking kit giant warns https://www.theregister.co.uk/2018/11/02/cisco_sip_warning/
Cisco says miscreants are actively exploiting a SIP vulnerability in its networking gear that it disclosed on Wednesday.
The bug, CVE-2018-15454, lies within code in some Adaptive Security Appliances, and its Firepower Threat Defense software, that handles Session Initiation Protocol (SIP) packets. SIP is the signalling protocol used in IP telephony.
The advisory warns that an attacker can hose a vulnerable system offline “by sending SIP requests designed to specifically trigger this issue at a high rate.”
Trickbot, which used to be a simple banking trojan, has come a long way. Over time, we’ve seen how cybercriminals continue to add more features to this malware. Last March, Trickbot added a new module that gave it increased detection evasion and a screen-locking feature. This month, we saw that Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module (pwgrab32) that steals access from several applications and browsers, such as Microsoft Outlook, Filezilla, WinSCP, Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge. Based on our telemetry, we saw that this Trickbot variant has affected users mainly in the United States, Canada, and the Philippines.
A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran.
Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets.
A report on Wednesday from Israeli evening news bulletin Hadashot says that Iran “has admitted in the past few days that it is again facing a [Stuxnet-like] attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
558 Comments
Tomi Engdahl says:
TV report: Israel silent as Iran hit by computer virus more violent than Stuxnet
https://www.timesofisrael.com/tv-report-israel-silent-as-iran-hit-by-computer-virus-more-violent-than-stuxnet/amp/
Tehran strategic networks attacked, Hadashot TV says, hours after Israel revealed it tipped off Denmark about Iran murder plot, and days after Rouhani’s phone was found bugged
Iranian infrastructure and strategic networks have come under attack in the last few days by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” and Israeli officials are refusing to discuss what role, if any, they may have had in the operation, an Israeli TV report said Wednesday.
The report came hours after Israel said its Mossad intelligence agency had thwarted an Iranian murder plot in Denmark, and two days after Iran acknowledged that President Hassan Rouhani’s mobile phone had been bugged.
“Remember Stuxnet, the virus that penetrated the computers of the Iranian nuclear industry?” the report on Israel’s Hadashot news asked. Iran “has admitted in the past few days that it is again facing a similar attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”
Tomi Engdahl says:
92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
https://www.securityweek.com/92-external-web-apps-have-exploitable-security-flaws-or-weaknesses-report
According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts.
The purpose of this research from High-Tech Bridge (HTB) is designed to show that the problem is far bigger and less acceptable than most companies imagine. It was prompted, at least in part, by HTB’s experience with one particular U.S. government agency client.
https://www.htbridge.com/blog/FT500-application-security.html
Tomi Engdahl says:
Nearly three-quarters of employees are forced to install work software on their personal devices
http://www.itpro.co.uk/mobile/32241/nearly-three-quarters-of-employees-are-forced-to-install-work-software
The majority of those using their personal mobiles for work object to their employer’s demands
Almost three-quarters of employees are being forced to install work-based applications onto their personal mobile phones so they can carry out their jobs, a report by CCS Insight has revealed.
Although 74% of employees admit they resent the idea of using work applications on their personal devices due to fears their employers can track them, two-thirds said they do trust their employers with their privacy.
Other concerns expressed by employees in the survey included a fear that artificial intelligence will result in job losses over time.
Tomi Engdahl says:
North Korea continues to hack computers to mine cryptocurrency
https://www.upi.com/Top_News/World-News/2018/10/31/North-Korea-continues-to-hack-computers-to-mine-cryptocurrency/7231540971126/
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service.
North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit on Wednesday, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo.
South Korea: North Korea is still hacking our computers to mine cryptocurrency
https://thenextweb.com/hardfork/2018/10/31/north-korea-hacking-mine-cryptocurrency/
According to South Korea’s intelligence service, North Korea is purportedly still hacking computers to mine cryptocurrency as a revenue stream for the country’s government, United Press International (UPI) reports.
The malware appears to be hi-jakcing host computers to mine – you guessed it – Monero. As ever, XMR remains the choice for crypto-jacking bandits around the globe.
Not only that, the Monero is then sent back to Kim II Sung University in Pyongyang, according to another local news outlet, Chosun Ilbo.
North Korea seems to be turning to cryptocurrency as a way to bypass ever increasing international sanctions placed on the country.
Recently it was reported that a supposedly state-sponsored North Korean hacking outfit stole over $570 million worth of cryptocurrency.
Tomi Engdahl says:
Pentagon Wants to Predict Anti-Trump Protests Using Social Media Surveillance
https://motherboard.vice.com/en_us/article/7x3g4x/pentagon-wants-to-predict-anti-trump-protests-using-social-media-surveillance
A series of research projects, patent filings, and policy changes indicate that the Pentagon wants to use social media surveillance to quell domestic insurrection and rebellion.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/android-puhelimien-sovellukset-lahettavat-kayttajadataa-jopa-20-taholle-katso-mihin-suomalaisten-suosikkisovellukset-lahettavat-dataa-6747250
Tomi Engdahl says:
Complete Works Of Shakespeare Hidden Inside Twitter Thumbnail Image
https://www.bleepingcomputer.com/news/security/complete-works-of-shakespeare-hidden-inside-twitter-thumbnail-image/
A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.
Steganography is the act of hiding information or messages inside objects that are not themselves secret. This allows people to covertly distribute messages, files, and other types of data in files or data that appear to be non-secretive in nature.
In a recent experiment, security researcher Dаvіd Вucһаnаn created a JPEG image of Shakespeare that also included a RARed copy of his complete works in HTML format. Buchanan went on to further show that this image could also be uploaded to Twitter, which would create a thumbnail that continued to contain the embedded RAR file.
Вucһаnаn was able to do this by creating a script that converted the multi-part RAR file into an ICC profile, which was then embedded into a picture of Shakespeare. ICC profiles are data fields in an image that detail the characteristics and color of an input device, so that the colors are displayed properly when outputted.
“ICC profiles are stored in chunks of approximately 64kb,” Вucһаnаn told BleepingComputer via Twitter direct message. “So I had to split the data into correspondingly sized chunks and a multi-part RAR archive seemed like a good way to do that”
Tomi Engdahl says:
ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms
https://threatpost.com/threatlist-dead-web-apps-haunt-70-percent-of-ft-500-firms/138659/
Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses.
Tomi Engdahl says:
Five ways to make Halloween less cyber-scary for kids
https://www.welivesecurity.com/2018/10/31/five-ways-halloween-less-cyber-scary-kids/
How can we help kids avoid security horrors and stay safe from rogue online “neighbors” at Halloween and thereafter?
Tomi Engdahl says:
Major Application Security Oversights You Can’t Afford
https://securityintelligence.com/major-application-security-oversights-you-cant-afford/
In many cases, not even a simple network vulnerability scan has been performed, much less in-depth application vulnerability and penetration testing. Source code analysis, which can complement traditional vulnerability and penetration testing, is typically an afterthought at best.
Why Is Application Security Lacking?
In many cases, I believe IT and security teams, along with their software development and quality assurance (QA) counterparts, take application security for granted because they assume it’s just an internal application or marketing website that doesn’t process or store critical information assets. Or, they assume that common application flaws, such as cross-site scripting (XSS), unhandled exceptions and web server misconfigurations, are insignificant.
In reality, these vulnerabilities can amount to a huge gap in security. It’s all about context: I’ve seen situations where critical software flaws were right under the noses of the people in charge, but they didn’t fully understand their own software functionality or didn’t look deeply enough from multiple perspectives.
Tomi Engdahl says:
How to Develop an Immersive Cybersecurity Simulation
https://securityintelligence.com/how-to-develop-an-immersive-cybersecurity-simulation/
Tomi Engdahl says:
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-releases-the-kraken-ransomware-on-its-victims/
Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, masquerading as a security solution, on the website SuperAntiSpyware, infecting systems that tried to download a legitimate version of the antispyware software.
Tomi Engdahl says:
US government charges two Chinese spies over jet engine blueprint theft
China says case is full of hot air
https://www.theregister.co.uk/2018/10/31/china_spying_jet_engines/
FOR IMMEDIATE RELEASE
Tuesday, October 30, 2018
Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years
https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal
Tomi Engdahl says:
Chinese Intelligence Officers Accused of Stealing Aerospace Secrets
https://www.nytimes.com/2018/10/30/us/politics/justice-department-china-espionage.html
Tomi Engdahl says:
Anatomy of a sextortion scam
https://blog.talosintelligence.com/2018/10/anatomy-of-sextortion-scam.html
Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a publicly available data breach, and then used this data to facilitate their sextortion attacks. While the attackers do not actually have any compromising videos showing the victim, the emails claim to have explicit videos that they will distribute if the victim doesn’t pay the extortion payment by a certain time. By including the recipient’s password along with their demands for payment, the attackers hope to legitimize their claims about having compromising material concerning the victim.
Tomi Engdahl says:
https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cha-VB2018-HackingSonyPictures.pdf
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8649-uutta-macbookia-on-mahdoton-murtaa
Tomi Engdahl says:
Cisco Warns of Zero-Day Vulnerability in Security Appliances
https://www.securityweek.com/cisco-warns-zero-day-vulnerability-security-appliances
Tomi Engdahl says:
Qualys Acquires Container Security Firm Layered Insight
https://www.securityweek.com/qualys-acquires-container-security-firm-layered-insight
Security and compliance solutions provider Qualys on Tuesday announced the acquisition of Layered Insight, a company that specializes in protecting container-native applications.
Tomi Engdahl says:
Apple Patches Passcode Bypass, FaceTime Flaws in iOS
https://www.securityweek.com/apple-patches-passcode-bypass-facetime-flaws-ios
Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.
Tomi Engdahl says:
Laziness is a Wonderful Motivator in Security
https://www.securityweek.com/laziness-wonderful-motivator-security
Security Teams Are Often Challenged to Run a Proper Security Program With Too Few Resources
One of my favorite English-language proverbs states: “necessity is the mother of invention.” The Oxford dictionary explains the meaning of this proverb as: “when the need for something becomes imperative, you are forced to find ways of getting or achieving it.” As you might have already guessed, I believe we can learn an important security lesson from this proverb.
At a high level, our goal in security is to manage, mitigate, and minimize risk. In an ideal world, we would enumerate the list of risks and threats we are concerned about and allocate the necessary resources to properly address them. Of course, we don’t live in an ideal world. Most security teams feel this quite acutely in the form of resource constraints. Whether considering time, money, personnel, or any combination of the three, there just never seem to be enough resources to address the challenges at hand.
Tomi Engdahl says:
Signal Unveils New ‘Sealed Sender’ Feature
https://www.securityweek.com/signal-unveils-new-sealed-sender-feature
Open Whisper Systems on Monday announced that the latest beta version of the Signal messaging app includes a new feature that aims to protect the identity of the sender.
Signal uses end-to-end encryption to protect messages and it avoids storing data such as contacts, conversations, locations, avatars, profile names, and group details. However, current stable versions do rely on the service knowing where a message comes from and where it’s going.
Signal developers hope to further reduce the amount of data accessible to the messaging service with a new feature, named “sealed sender,” that eliminates the need to know who the sender is.
Tomi Engdahl says:
Proposal for Cybersecurity Civilian Corps Gets Mixed Reception
https://www.securityweek.com/proposal-cybersecurity-civilian-corps-gets-mixed-reception
Although the U.S has been engaged in cybersecurity for over a generation, “there continues to be organizational and human gaps that leave the nation insecure.” Few people would disagree. What is less clear is any realistic and effective solution to the problem.
Tomi Engdahl says:
Apple Kernel Code Vulnerability Affected All Devices
https://hackaday.com/2018/11/01/apple-kernel-code-vulnerability-affects-everything/
Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.
This is a buffer overflow issue in the error handling for network packets.
Tomi Engdahl says:
LED Stick Person Costume Lights Up the Night
https://hackaday.com/2018/10/31/led-stick-person-costume-lights-up-the-night/
Sometimes a simple idea can yield fantastic results. A few runs of LED strips fastened to a black hoody and sweatpants and just like that…a LED stick person costume for Halloween. The creator of the “Glowy Zoey” [Royce] originally put together some glow in the dark stick person suits to stand out when hitting the slopes at night. Now he’s taken that simple idea for a costume and made a small business out of it.
https://glowyzoey.com/
Tomi Engdahl says:
Streamline delivery with open source, they said. It’s perfectly safe, they said
Eliminate the risks: Uncover the latest security trends here
https://www.theregister.co.uk/2018/10/31/webcast_streamline_devops_delivery_with_open_source_while_eliminating_the_risks/
It has been argued that the future of software development and operations is all about speeding up development and deployment through cloud-based infrastructure and open source software.
But that can leave security overlooked.
Tomi Engdahl says:
Will ‘Deepfakes’ Disrupt the Midterm Election?
https://www.wired.com/story/will-deepfakes-disrupt-the-midterm-election/
Plenty of people are following the final days of the midterm election campaigns. Yale law researcher Rebecca Crootof has a special interest—a small wager. If she wins, victory will be bitter sweet, like the Manhattan cocktail that will be her prize.
In June, Crootof bet that before 2018 is out an electoral campaign somewhere in the world will be roiled by a deepfake—a video generated by machine learning software that shows someone doing or saying something that in fact they did not do or say. Under the terms of the bet, the video must receive more than 2 million views before being debunked. If she loses, Crootof will owe a sporting tiki drink to Tim Hwang, director of a Harvard-MIT project on ethics and governance of artificial intelligence. If she wins, it will validate the fears of researchers and lawmakers that recent AI advances could be used to undermine democracy.
The US midterms are seen as a possible target that could prove the pessimists right. Facebook says the elections have already attracted other, more conventional disinformation campaigns.
Tomi Engdahl says:
Red Hat Enterprise Linux 7.6 Released
https://linux.slashdot.org/story/18/10/30/2235242/red-hat-enterprise-linux-76-released?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Fresh on the heels of the IBM purchase announcement, Red Hat released RHEL 7.6
The release offers improved security, such as support for the Trusted Platform Module (TPM) 2.0 specification for security authentication. It also provides enhanced support for the open-source nftables firewall technology.
Tomi Engdahl says:
Apple’s New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
https://it.slashdot.org/story/18/10/30/222211/apples-new-t2-security-chip-will-prevent-hackers-from-eavesdropping-on-your-microphone?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed. “This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,”
Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone
https://techcrunch.com/2018/10/30/apple-t2-security-chip-microphone-eavesdropping/
Tomi Engdahl says:
Kali Linux 2018.4 Released
https://www.linuxjournal.com/content/kali-linux-20184-released-protondb-reports-2671-games-now-work-linux-google-discover
https://www.kali.org/news/kali-linux-2018-4-release/
Tomi Engdahl says:
When Good Software Goes Bad: Malware In Open Source
https://hackaday.com/2018/10/31/when-good-software-goes-bad-malware-in-open-source/
Open Source software is always trustworthy, right? [Bertus] broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the system clipboard for a Bitcoin address, and replaces that address with a hardcoded one. Essentially this plugin attempts to redirects Bitcoin payments to whoever wrote the “colourama” library.
Why would anyone install this thing? There is a legitimate package named “Colorama” that takes ANSI color commands, and translates them to the Windows terminal. It’s a fairly popular library, but more importantly, the name contains a word with multiple spellings
https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8
Tomi Engdahl says:
SingHealth cyber attack: Senior manager didn’t report suspicious activity, for fear of working ‘non-stop’ to answer for it
https://www.todayonline.com/singapore/afraid-being-pressed-deliver-answers-senior-ihis-employee-decided-not-report-suspicious?cid=emarsys-today_TODAY%27s%20morning%20briefing%20for%20Nov%201,%202018%20%28ACTIVE%29_newsletter_01112018_today
At a hearing into the SingHealth cyber attack on Oct 31, 2018, a senior manager said that if he reported what he learnt about a possible breach into the database, he will have many people chasing him for answers and updates.
Two days after a junior staff member from the Integrated Health Systems (IHiS) informed a senior manager that an attacker had infiltrated SingHealth’s patient database on July 4, the superior still decided against reporting the cyber-security incident to higher management.
his decision led to “a bottleneck” in the reporting of the breach.
In his reply to his subordinate on July 6, the senior manager said: “Once we escalate to management, there will be no day and no night… everyone in IHiS will be working non-stop on this case.”
During the cyber attack, 1.5 million patients had their personal data stolen, and 160,000 of them — including Prime Minister Lee Hsien Loong — also had their outpatient medication data extracted.
Mr Lee also urged his boss to report the incident to higher-level management.
Mr Tan said he had thought to himself, “If I report the matter, what do I get?”
Cybersecurity Agency of Singapore (CSA), IHiS and SingHealth would “put pressure” on his team.
“it was not confirmed that there had been successful access to any server”.
NOT REALLY HIS JOB TO RAISE ALARM
he did not feel a need to report the matter, until he had obtained all the necessary information deemed necessary to classify the attack as a security incident, which would include information about the impact of the attack and the identity of the attacker.
He added that even if a cyber-security incident had occurred, he did not think that it would be his job to raise the alarm.
this “bottleneck is not acceptable”, Mr Benedict Tan said
Mr Chua replied that it may not be wise to involve senior management in all cyber-security threats, as there could be numerous false alarms.
Adopting the “assume breach” mindset, where it is always assumed that the company’s assets have been compromised
To this, COI chair Richard Magnus said that cyber-security defence was both an “art and a science”.
Mr Chua then acknowledged that the tabletop exercises may not fully prepare staff members to identify and respond to security incidents.
the SCM database itself, which is considered a critical information infrastructure, was not tested for vulnerabilities.
Tomi Engdahl says:
Google Boosts Account Security With New Tools, Protections
https://www.securityweek.com/google-boosts-account-security-new-tools-protections
Google on Wednesday announced several new tools and protection mechanisms designed to help users secure their accounts and recover them in case they have been compromised.
It’s not uncommon for accounts to get hacked after their username and password have been obtained by malicious actors through phishing attacks. Since many users still haven’t enabled two-factor authentication, Google has introduced an additional layer of security during the login process.
When the username and password are entered on the sign-in page, a risk assessment is run and the login is only successful if nothing is suspicious. However, for the risk assessment to work, Google says users need to have JavaScript enabled.
Tomi Engdahl says:
Top Australia Defence Firm Reports Serious Cyber Breach
https://www.securityweek.com/top-australia-defence-firm-reports-serious-cyber-breach
A top Australian defence firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt.
Austral — which among other things makes small, quick ships for warfare close to shore — said its “data management system” had been infiltrated by an “unknown offender”.
In a statement, the company claimed that there was “no evidence to date” that “information affecting national security nor the commercial operations of the company have been stolen”.
However it said staff email addresses and mobile phone numbers were accessed and the offender purported to offer materials for sale on the internet and “engage in extortion”.
Tomi Engdahl says:
Law Enforcement Faces Dilemma in Assessing Online Threats
https://www.securityweek.com/law-enforcement-faces-dilemma-assessing-online-threats
Their anger is all over social media for the whole world to see, with rants about minorities, relationships gone bad or paranoid delusions about perceived slights.
The perpetrators of mass shootings often provide a treasure trove of insight into their violent tendencies, but the information is not always seen by law enforcement until after the violence is carried out. In addition, rants and hate speech rarely factor into whether someone passes a background check to buy guns.
“We can go out on Twitter and there are loads of people saying insane stuff, but how do you know which is the one person? It’s always easy after the fact, to go: ‘That was clear.’ But clearly everyone spouting their mouth doesn’t go and shoot up a synagogue,” said David Chipman, a retired agent of the federal Bureau of Alcohol, Tobacco, Firearms and Explosives and now senior policy adviser for the Giffords Center.
Tomi Engdahl says:
New Bill Proposes Prison for Execs Misusing Consumer Data
https://www.securityweek.com/new-bill-proposes-prison-execs-misusing-consumer-data
Democrat Senator Ron Wyden released a draft bill this week that proposes big fines for companies misusing the personal information of American consumers, along with significant prison terms for their executives.
The new bill, named the Consumer Data Protection Act of 2018, aims to give consumers control over their data, including how it’s sold or shared, and gives the U.S. Federal Trade Commission (FTC) the power to issue fines and other penalties.
Sen. Wyden is accepting feedback on the bill. In its current form, the legislation empowers the FTC to establish minimum privacy and security standards, issue fines of up to 4% of an offending company’s annual revenue (similar to the EU’s GDPR), and even prison terms ranging between 10 and 20 years for senior executives. The agency would be given the resources necessary to hire 175 individuals to “police” the market for private data.
Tomi Engdahl says:
US Accuses China, Taiwan Firms With Stealing Secrets From Chip Giant Micron
https://www.securityweek.com/us-accuses-china-taiwan-firms-stealing-secrets-chip-giant-micron
US Attorney General Jeff Sessions announced charges Thursday against Chinese and Taiwan companies for theft of an estimate $8.75 billion worth of trade secrets from US semiconductor giant Micron.
Sessions said the case was the latest in a series that are part of a state-backed program by Beijing to steal US industrial and commercial secrets.
“Taken together, these cases and many others like them paint a grim picture of a country bent on stealing its way up the ladder of economic development and doing so at American expense,” Session said.
“This behavior is illegal. It is wrong. It is a threat to our national security. And it must stop.”
Tomi Engdahl says:
U.S. Intel Budget Soars Under Trump
https://www.securityweek.com/us-intel-budget-soars-under-trump
US spending on intelligence has soared under President Donald Trump, figures released on Tuesday showed, as the government stepped up cyber warfare activities and boosted spying on North Korea, China and Russia.
Spending on civilian and military intelligence jumped by 11.6 percent to $81.5 billion in fiscal 2018, which ended on September 30, according to the Department of Defense and the Office of the Director of National Intelligence.
Spending for the National Intelligence Program, which spans some 16 agencies including the Central Intelligence Agency, National Security Agency, some defense operations and reconnaissance from space, rose to $59.4 billion from $54.6 billion in fiscal 2017.
The Military Intelligence Budget came in at $22.1 billion, up from $18.4 billion in fiscal 2017.
The Trump administration has sharply increased both military and intelligence outlays, spending more on personnel, equipment and operations.
Tomi Engdahl says:
USB Drives Deliver Dangerous Malware to Industrial Facilities: Honeywell
https://www.securityweek.com/usb-drives-deliver-dangerous-malware-industrial-facilities-honeywell
Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell.
The industrial giant last year launched SMX, a product designed to protect facilities from USB-born threats, and the company has also been using it to determine the risk posed by USB drives to such organizations.
Honeywell has analyzed data collected from 50 locations across the United States, South America, Europe and the Middle East. The enterprises whose systems were part of the study represented the energy, oil and gas, chemical manufacturing, pulp and paper, and other sectors.
Honeywell said its product had blocked at least one suspicious file in 44% of the analyzed locations. Of the neutralized threats, 26% could have caused major disruptions to industrial control systems (ICS), including loss of control or loss of view.
Furthermore, Honeywell says 16% of the detected malware samples were specifically designed to target ICS or IoT systems, and 15% of the samples belonged to high profile families such as Mirai (6%), Stuxnet (2%), Triton (2%), and WannaCry (1%).
Tomi Engdahl says:
Bluetooth Chip Flaws Expose Enterprises to Remote Attacks
https://www.securityweek.com/bluetooth-chip-flaws-expose-enterprises-remote-attacks
Millions of access points and other networking devices used by enterprises around the world may be exposed to remote attacks due to a couple of vulnerabilities discovered by researchers in Bluetooth Low Energy (BLE) chips made by Texas Instruments.
Bluetooth Low Energy, or Bluetooth 4.0, is designed for applications that do not require exchanging large amounts of data, such as smart home, health and sports devices. BLE stays in sleep mode and is only activated when a connection is initiated, which results in low power consumption. Similar to the classic Bluetooth, BLE works over distances of up to 100 meters (330 feet), but its data transfer rate is typically 1 Mbit/s, compared to 1-3 Mbit/sec in the case of classic Bluetooth.
Researchers at IoT security company Armis, who in the past discovered the Bluetooth vulnerabilities known as BlueBorne, now claim to have found two serious vulnerabilities in BLE chips made by Texas Instruments. These chips are used in access points and other enterprise networking devices made by Cisco, including Meraki products, and HP-owned Aruba Networks.
The flaws, dubbed BLEEDINGBIT by Armis, can allow a remote and unauthenticated attacker to take complete control of impacted devices and gain access to the enterprise networks housing them.
The IoT security firm is in the processes of assessing the full impact of the BLEEDINGBIT vulnerabilities, but so far it determined that they affect several Texas Instruments chips. One of the flaws, tracked as CVE-2018-16986, has been found in CC2640 and CC2650 chips running BLE-STACK 2.2.1 and earlier, and CC2640R2 running version 1.0 or earlier.
https://armis.com/bleedingbit/
Tomi Engdahl says:
Hackers Gear Up for the Holidays Too
https://www.securityweek.com/hackers-gear-holidays-too
November marks the beginning of the holiday shopping season. Consumers are making their shopping lists. Retailers are gearing up for the rush of shoppers. And hackers are honing their skills and using new tools to take advantage of the spike in online transactions. A 2018 survey (PDF) by RetailMeNot shows that consumers are expected to spend an average of $803 holiday shopping during Black Friday weekend, up from an average of $743 last year, with Black Friday and Cyber Monday projected to be the top two desktop and mobile shopping days of the year. While 67 percent of shoppers will go to department stores, 60 percent plan to shop with online-only retailers.
Tomi Engdahl says:
IT Wi-Fi kit bit by TI chip slip: Wireless gateways open to hijacking via BleedingBit chipset vuln
Firmware security patches hit to fix critical holes in enterprise network access points
https://www.theregister.co.uk/2018/11/01/it_bit_by_ti_chip_slipup_dubbed_bleedingbit/
On Thursday, network equipment makers Aruba, Cisco, and Cisco-owned Meraki plan to patch two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that power their respective enterprise Wi-Fi access points.
Tomi Engdahl says:
aking a page from Apple’s playbook, Nadella was keen to highlight the efforts made by the Microsoft in privacy. Amazon, in its September gadgetfest, famously failed to utter the “P” word once. Nadella, on the other hand, was more forthright, seeing the recently introduced GDPR as a good first step before declaring: “Privacy is a human right.”
Source: https://www.theregister.co.uk/2018/11/01/satya_nadella_microsoft_future_decoded_keynote/
Tomi Engdahl says:
Cisco firewalls under attack – and there’s no patch: Too many SIPs and they drown in data
Denial-of-service flaw exploited by miscreants in the wild, networking kit giant warns
https://www.theregister.co.uk/2018/11/02/cisco_sip_warning/
Cisco says miscreants are actively exploiting a SIP vulnerability in its networking gear that it disclosed on Wednesday.
The bug, CVE-2018-15454, lies within code in some Adaptive Security Appliances, and its Firepower Threat Defense software, that handles Session Initiation Protocol (SIP) packets. SIP is the signalling protocol used in IP telephony.
The advisory warns that an attacker can hose a vulnerable system offline “by sending SIP requests designed to specifically trigger this issue at a high rate.”
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/javascript-kehittajat-tarkastavat-pakettiensa-tietoturvaa-yha-useammin-ja-hyvasta-syysta-6738409
One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability…
…and those devs are then applying patches, we hope
https://www.theregister.co.uk/2018/08/22/npm_vulnerability_scanner/
Tomi Engdahl says:
Security researchers find flaws in chips used in hospitals, factories and stores
https://www.cnet.com/news/security-researchers-find-flaws-in-chips-used-in-hospitals-factories-and-stores/?ftag=COS-05-10aaa0b&linkId=59034799
The vulnerabilities are packed in chips used for Bluetooth connections, and can allow for serious attacks.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/f-securen-liikevaihto-kasvoi-yli-odotusten-mutta-tulos-romahti-6747589
Tomi Engdahl says:
Quantum Random Numbers Future-Proof Encryption
https://semiengineering.com/quantum-random-numbers-future-proof-encryption/
Three universities chose to build and license quantum random number generators.
Tomi Engdahl says:
Trickbot Shows Off New Trick: Password Grabber Module
https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module/
Trickbot, which used to be a simple banking trojan, has come a long way. Over time, we’ve seen how cybercriminals continue to add more features to this malware. Last March, Trickbot added a new module that gave it increased detection evasion and a screen-locking feature. This month, we saw that Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module (pwgrab32) that steals access from several applications and browsers, such as Microsoft Outlook, Filezilla, WinSCP, Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge. Based on our telemetry, we saw that this Trickbot variant has affected users mainly in the United States, Canada, and the Philippines.
Tomi Engdahl says:
New Stuxnet Variant Allegedly Struck Iran
https://www.bleepingcomputer.com/news/security/new-stuxnet-variant-allegedly-struck-iran/
A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran.
Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets.
A report on Wednesday from Israeli evening news bulletin Hadashot says that Iran “has admitted in the past few days that it is again facing a [Stuxnet-like] attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”
TV report: Israel silent as Iran hit by computer virus more violent than Stuxnet
https://www.timesofisrael.com/tv-report-israel-silent-as-iran-hit-by-computer-virus-more-violent-than-stuxnet/