Friday, September 30, 2016

[SANS ISC Diary] Another Day, Another Malicious Behaviour

I published the following diary on isc.sans.org: “Another Day, Another Malicious Behaviour.

Every day, we are spammed with thousands of malicious emails and attackers always try to find new ways to bypass the security controls. Yesterday, I detected a suspicious HTTP GET request: … [Read more]

[The post [SANS ISC Diary] Another Day, Another Malicious Behaviour has been first published on /dev/random]



from Xavier

"Lock Down Your Login - A National Campaign to Learn From"

Yesterday the White House and the National Cyber Security Alliance announced a national campaign promotingstrong authentication, called Lock Down Your Login. I was fortunate enough to be part of theplanning committee that helped design this campaignand wanted to share why I feel this is a big deal. Focus: The key to changing behaviors is you … Continue reading Lock Down Your Login - A National Campaign to Learn From

from lspitzner

Thursday, September 29, 2016

A Cyber Security Firm Has Revealed Who Hacked Yahoo

A cybersecurity company has found out who hacked Yahoo

A cybersecurity company has found out who hacked Yahoo

A report released by the cybersecurity company  InfoArmor on Wednesday has revealed that 500 million accounts of Yahoo was hacked by an Eastern European criminal gang. Earlier it was suspected that it was a state sponsored group behind the act.

InfoArmor is quite confident that the act was performed by a criminal gang whereas Yahoo released a report stating that it was conducted by a nation state actor. InfoArmor provides big companies and businesses with protection against identity theft online. They also said that the data acquired by the hackers was sold of to at least 3 different clients which includes one state sponsored group.

Read more http://fortune.com/2016/09/29/yahoo-hacked-by-eastern-european-gang-cybersecurity-firm-says/

The post A Cyber Security Firm Has Revealed Who Hacked Yahoo appeared first on Cyber Security Portal.



from Gilbertine Onfroi

[SANS ISC Diary] SNMP Pwn3ge

I published the following diary on isc.sans.org: “SNMP Pwn3ge.

Sometimes getting access to company assets is very complicated. Sometimes it is much easier (read: too easy) than expected. If one of the goals of a pentester is to get juicy information about the target, preventing the IT infrastructure to run efficiently (deny of service) is also a “win”. Indeed, in some business fields, if the infrastructure is not running, the business is impacted and the company may lose a lot of money. Think about traders… [Read more]

[The post [SANS ISC Diary] SNMP Pwn3ge has been first published on /dev/random]



from Xavier

Too few women in cybersecurity: a gap in our protections that must be addressed

This post was authored by Angela Mckay, Director of Cybersecurity Policy, CPP US

I started working in the cybersecurity space in almost 15 years ago, first as an engineer for BellSouth Telecommunications and then supporting the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications in several key roles at Booz Allen Hamilton, before joining Microsoft in 2008. In those years I learned that in at least one respect I was unusual, even exceptional: unlike most of my colleagues and peers, I was a woman.

Diversity in cybersecurity matters for a very practical reason. Those seeking to breach cybersecurity are willing and able to exploit any flawed thinking, any inadvertent blind spot. Cybersecurity teams that fall into group-think or are blind to alternative ways of working through challenges are more likely to miss things and enable hostile actors. Teams that include people with different expertise, backgrounds, genders, ages, cultures are more likely to deliver robust cybersecurity outcomes; implicit assumptions can be more easily challenged and the fullest range of insights on what can go wrong (and hence what can be done) can be gathered.

Diversity also matters from a business perspective. Microsoft’s goal of empowering every person and organization across the world means that our technology needs to reflect the different needs and perspectives of the people who will use it. These perspectives and requirements cross cultural, gender, social and age lines, and our teams need to be able to cross those lines too, even in cybersecurity.
Recently, I had an opportunity to host an event, “Women in Cybersecurity: Opportunities and Experiences” at the Microsoft offices in Washington, D.C. The event addressed the concerning deficit of women in the cybersecurity arena and also explored avenues for making a career in this field attractive for a more diverse range of people.

Fred Humphries, who leads Microsoft’s U.S. government affairs, made an excellent point in his opening remarks: achieving gender balance in the cybersecurity workforce is important but part of doing so is better acknowledging women already active in the sector. Events such as “Women in Cybersecurity” should be a platform for pushing for that acknowledgement. So I’d like to take a moment to acknowledge the impressive women I was honored to join as moderator for a discussion of the practical challenges and opportunities for women in the cybersecurity field.

Brooke Hunter is chief of staff and director of strategic initiatives at New America’s Open Technology Institute. Her career path started in policy-related work in Washington D.C., not just on technology but on media and workplace diversity.

Valecia Maclin, director of cybersecurity and special missions at Raytheon, began (like me) as an engineer, transitioning into the cybersecurity space at a time when it was moving from being a technical, backroom issue to a significant business, government and societal concern.

Dena Graziano, Symantec’s director of federal government affairs started in the policy space, working on Capitol Hill, including for the House Homeland Security Committee and the Judiciary Committee, all of which brought her into privacy and security sphere.

Emily Schneider, cybersecurity consultant at Deloitte & Touche LLP, entered cybersecurity from a distinctly non-technical background, studying literature before going to law school and supporting federal clients in the identity management sector.

As the panel itself shows, there are multiple career paths into the cybersecurity sector for women, so the question is what is hindering our numbers and contributions?

All the panelists found common ground on the challenges facing women. Even with technical experience and skill, the importance of speaking confidently was underscored as a way of ensuring different, opinions were heard. The ability to ask questions and insist on answers was also seen as essential, especially in more technical areas.

The panel discussion and the event’s group exercises and side-bar conversations, confirmed my belief that cybersecurity can and must benefit from diverse contributions from diverse people. By setting clear professional as well as personal priorities, women in particular can and should build strong careers in this space, not least because they (we) are well suited to foster collaboration in increasingly diverse cybersecurity teams. It is, therefore, up to businesses, from leaders like Microsoft to fresh start-ups, to encourage women to engage in the cybersecurity field, and it is up to women to take on the opportunities that cybersecurity offers.



from Microsoft Secure Blog Staff

"Solving the Communications Problem - At the European #SecAwareSummit"

Editor's Note:Magnus Solbergis the security lead forStorebrand Group in Norway. Heis one of the speakers for the upcoming European Security Awareness Summit in London 11 Nov. Below hediscusses histalk on how security teams can effectively communicate. In my past years as a security consultant, I've always strived to improve how the people responsible for IT/cyber/information … Continue reading Solving the Communications Problem - At the European #SecAwareSummit

from lspitzner

Tuesday, September 27, 2016

"Population Immunity - At the European #SecAwareSummit"

Editor's Note:David Rimmeris the European security lead for Equifax. David will be talking about the importance of role modelling, Data Guardians and his love of security analogies in his lightning talk - "lessons I learned from my dog" - at the SANS European Security Awareness Summit.Below he discusses the aims of his security programme, on … Continue reading Population Immunity - At the European #SecAwareSummit

from lspitzner

Modern browsers are closing the door on Java exploits, but some threats remain

Was 2015 the year the industry finally eradicated Java exploitation? Well, not quite, but the good news is we’re getting there.

It should be no surprise that encounters with Java exploits continued to decrease significantly in the second half of 2015 — All of the most commonly encountered exploits target vulnerabilities that were addressed with security updates years ago. While Java was once the vehicle of choice for attackers, modern browser technologies have rendered such exploits largely ineffective.

This is good news for IT security teams is that they can now concentrate more resources on emerging threats like those that have been targeting Adobe Flash. Despite the positive trend, it doesn’t mean organizations can ignore the threat of Java exploits entirely. As you can see in the graph below, some of the more common Java-based threats are still out there. While they are occurring much less frequently than they were years ago, organizations still need to ensure they are protected.

The fact that these numbers continue to decline is likely due to several important changes in the way web browsers evaluate and execute Java applets. The default web browser in Windows 10 is Microsoft Edge, which does not support Java or other ActiveX plug-ins at all. This in effect eliminates the possibility of Java exploits being delivered within the browser.

Other browsers are also built to eliminate or mitigate exploits:

  • As of September 1, 2015, Google Chrome stopped supporting the NPAPI plug-in architecture that many Java applets rely upon due to security concerns. Like Edge, Chrome no longer works with most Java-based plug-ins.
  • Mozilla Firefox currently allows users to disable Java applets by deselecting “Enable JavaScript” under its Content tab, and has announced that it will also discontinue NPAPI support by the end of 2016.
  • Internet Explorer 11 provides a mechanism to validate that a webpage is safe before allowing embedded Java applets. Further updates to Internet Explorer released in 2014 hardened the browser against Java exploitation by reducing use-after-free exploits and blocking out-of-date ActiveX controls.

Persistent threats

The fact that new browsers are flexing muscles in the security space is good news, but the bad news is that some threats still persist. The chart above shows that each of these exploits is in decline, but they are all risks that security teams should be aware of, especially where there are out-of-date Java installations:

  • CVE-2012-1723. This is the most common individual Java exploit we encountered in late 2015, and one we discussed way back in 2012. It works by tricking the Java Runtime Environment (JRE) into treating one type of variable like another type. Oracle confirmed the existence of the vulnerability in June 2012, and addressed it the same month with its June 2012 Critical Patch Update. The vulnerability was observed being exploited in the wild beginning in early July 2012, and has been used in a number of exploit kits.
  • CVE-2010-0840 is a JRE vulnerability that was first disclosed in March 2010 and addressed by Oracle with a security update the same month. The vulnerability was previously exploited by some versions of the Blackhole exploit kit (detected as JS/Blacole), which has been inactive in recent years.
  • CVE-2012-0507 allows an unsigned Java applet to gain elevated permissions and potentially have unrestricted access to a host system outside its sandbox environment. The vulnerability is a logic error that allows attackers to run code with the privileges of the current user, which means that an attacker can use it to perform reliable exploitation on other platforms that support the JRE, including Apple Mac OS X, Linux, VMWare, and others. Oracle released a security update in February 2012 to address the issue.
  • CVE-2013-0422 first appeared in January 2013 as a zero-day vulnerability. CVE-2013-0422 is a package access check vulnerability that allows an untrusted Java applet to access code in a trusted class, which then loads the attacker’s own class with elevated privileges. Oracle published a security update to address the vulnerability on January 13, 2013. For more information about CVE-2013-0422 is available here.
  • In addition, Obfuscator is a generic detection for programs that have been modified by malware obfuscation, often in an attempt to avoid detection by security software. Files identified as Java/Obfuscator can represent exploits that target many different Java vulnerabilities.

For a thorough analysis on the state of malware in the latter half of 2015, take a look at our latest Security Intelligence Report. And for a high-level look at the top ten trends and stats that matter most to security professionals right now, be sure and download our 2016 Trends in Cybersecurity e-book.



from Microsoft Secure Blog Staff

"Week00 - Preparing for #NCSAM"

Editor's Note: National Cyber Security Awareness Month (NCSAM) is coming up and we are enablingorganizations to make this most of October. Every Monday, for the next six weeks, we will be posting a new blog on how to make the most of NCSAM and the NCSAM Planning Kit. The planning kit is everything you need … Continue reading Week00 - Preparing for #NCSAM

from lspitzner

Saturday, September 24, 2016

Go Hunt for Malicious Activity!

What do security analysts when they aren’t on fire? They hunt for malicious activity on networks and servers! A few days ago, some suspicious traffic was detected. It was an HTTP GET request to a URL like hxxp://xxxxxx.xx/south/fragment/subdir/… Let’s try to access this site from a sandbox. Too bad, I landed on a login page which looked like a C&C. I tried some classic credentials, searched for the URL or some patterns on Google, in mailing lists and private groups, nothing! Too bad…

Then, you start some stupid tricks like moving to the previous directory in the path (like doing a “cd ..”) again and again to finally… find another (unprotected) page! This page was indexing screenshots sent by the malware from compromised computers. Let’s do a quick ‘wget -m’ to recursively collect the data. I came back a few hours later, pressed ‘F5’ and the number of screenshots increased. The malware was still in the wild. A few hours and some ‘F5’ later, again more screenshots! Unfortunately, the next day, the malicious content was removed from the server. Hopefully, I got copies of the screenshots. Just based on them, it is possible to get interesting info about the attack / malware:

  • People from many countries were infected (speaking Chinese, Russian, German, Arab, …)
  • It targeted mainly organizations
  • The malware was delivered via two files:
    • A “scan001.ace” archive containing a “scan001.exe” malicious PE file.
    • A “PR~Equipments-110 00012404.ace” file
  • The malicious file was opened on file servers and even a DC!
  • The malicious file was analyzed in sandboxes (easy to recognize them, Cuckoo & FireEye)

Here is a selection of interesting screenshots (anonymized). The original screenshots were named “<hostname>_<month>_<day>_<hour>_<min>_<sec>.jpg”. Based on the filename format, it seems that the malware is taking one screenshot per minute. I renamed all the files with their MD5 hash to prevent disclosure of sensitive info.

f7c75af9f6d84a761f979ebf490f921d ee517028d9b1bfaf2aae8abf6176735f e640309d8a27c14118906c3be7308363 e17d33f4f6969970d29f67063f416820 e6f74e098268b361261f26842fe05701 da5c267c26529951d914b1985b2b70df beae96aee2e7977bdda886c130c0d769 c0c429c65a61d6ef039b33c0b52263a2 c1f0b66cea6740c74b55b27e5eff72b7 c8d73ddafc18e8f3ecb1c2c69091b0bb d351e118cb3f9ce0e319ad9e527e650d d0344809b6b32ddec99d98eb96ff5995 b78c32559c276048e028e8af2b06f1ed b10b50a956d1dfd3952678161b9a8242 b1f39eaf121a3d7c9bb1093dc5e5e66b af66c8924f1bb047f44f0d3be39247f7 9643b3c28fa9cf71df8fbc1568e7d82e 957dc126433c79c71383a37ee3da4a5f 0134fc9dda9c6ffd2d3a2ed48c000851 81d74df34b1e85bd326570726dd6eacb 018b6037b4fa2ae9790e3c6fb98fb1e7 9fda6c140a772b5069bd07b7ee898dba 9ed4787a1e215f341aff9b5099846bfe 09c5cfb440193b35017ae2a5552cd748 8c64f33d219f5cd0eadd90e1fcdc97ec 8c7c1fd9938e9cb78b0e649079a714df 6b76b6456af4a2ab54c4bd5935a5726a 6a4c19fb2a13121ee03577c9b37924a9 5aaf455193b2d4bfd13128a5c2502db8 4ba9db95f7bbeb58f73969f2262eea8b 2c48880ea3a8644985ffe038fe9a1260

[The post Go Hunt for Malicious Activity! has been first published on /dev/random]



from Xavier

Friday, September 23, 2016

"Combating CEO Fraud - At the European #SecAwareSummit"

Editor's Note:Chris Boydis a lead Malware Researcher for Malwarebytes. Heis one of the speakers for the upcoming European Security Awareness Summit in London 11 Nov. Below hediscusses histalk on CEO Fraud. There's a lot you can do in 10 minutes. Listen to 3 pop songs. Read a 2,000 word short story. Buy something cool online. &hellip; Continue reading Combating CEO Fraud - At the European #SecAwareSummit

from lspitzner

Wednesday, September 21, 2016

"Accelerated Learning - At the European #SecAwareSummit"

&nbsp; Editor's Note:Martine van de Merweis asecurity awareness trainer in healthcare / IT auditor, and is the founder ofPrivacyLab. She is one of the speakers for the upcoming European Security Awareness Summit in London 11 Nov. Below she discusses her talk on accelerated learning. How often does this happen to you? You're about to attend &hellip; Continue reading Accelerated Learning - At the European #SecAwareSummit

from lspitzner

Tuesday, September 20, 2016

"Communication: How Often is Too Often?"

I was recently asked a great question by Jonathan Crowe@jonathanscrowe on Twitter.While hisquestion appearssimple, it requiresa complex answer. As such, I'm replying to Jonathan on a blog post as opposed to Twitter. Hey Lance, do you have any tips for emailing users re: security announcements/alerts? How often is too often? The quick answer is it &hellip; Continue reading Communication: How Often is Too Often?

from lspitzner

Monday, September 19, 2016

A Surveillance Device From Police Reveals How They Are Able To Spy On Phones

The police is using a secret device to spy on your phone

The police is using a secret device to spy on your phone

The Harris Corp’s Stingray surveillance device is a long kept secret among the law enforcement agency for more than 15 years.

But a team of researchers were able to get there hands on manuals of the Harris device that spans over 200 pages that details how cellular surveillance is done.

The devices have been kept a secret from the public because they believe that if found out, criminals could use it in their favor.

This extremely powerful device can spy on modern phones without the notice of the user and can reveal almost everything they do on their phone.

Read more https://theintercept.com/2016/09/12/long-secret-stingray-manuals-detail-how-police-can-spy-on-phones/

The post A Surveillance Device From Police Reveals How They Are Able To Spy On Phones appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Hacks for sale: Exploit kits provide easy avenue for unskilled attackers

One of the most common cyber-attack vehicles we’ve seen over the years involves so-called “exploit kits.” These are collections of exploits bundled together and sold as commercial software or as a service.

A typical kit includes a collection of web pages with exploits for several vulnerabilities in popular web browsers, browser add-ons, or other types of software. When an attacker installs the kit on a web server, visitors to the attacker’s malicious webpage who don’t have appropriate security updates installed are at risk of their computers being compromised through drive-by download attacks.

One reason exploit kits are so dangerous to both consumers and businesses is that an attacker needn’t be a skilled hacker to use one. Prospective attackers can buy or rent exploit kits on malicious hacker forums and other outlets. Lower skilled attackers can use the kits to perform sophisticated attacks, which contributes to the fact that they have become so widespread over time. In fact, exploit kits accounted for four of the ten most commonly encountered threats during the second half of 2015 according to our 2016 Trends in Cybersecurity e-book.

What can you do to protect your organization?

To protect your organization, it’s important that your security teams understand which exploits and exploit kits are being used most often by attackers. The graphic below shows the most frequently encountered exploits noted in our latest Security Intelligence Report, and we detail three of the more common exploits, and the kits they are a part of, below.

Most frequently encountered exploits noted in our latest Security Intelligence Report

Most frequently encountered exploits noted in our latest Security Intelligence Report

Exploit Kit: Axpergle
A.K.A.: Angler

Axpergle is the most common exploit, commonly found in the Angler exploit kit. It targets Internet Explorer, Adobe Flash Player and Java. Exploit kit authors frequently change the exploits included in their kits in an effort to stay ahead of software publishers and security software vendors. Exploits targeting zero-day vulnerabilities — those for which no security update has yet been made available by the vendor — are highly sought after by attackers, and the Axpergle authors added several zero-day Flash Player exploits to the kit in 2015.

Exploit Kit: HTML/Meadgive
A.K.A.: RIG

Other exploit kits were encountered at much lower levels. Encounters involving the RIG exploit kit (also known as Redkit, Infinity, and Goon, and detected as HTML/Meadgive) more than doubled from summer to fall of 2015, but remained far below those involving Angler.

Exploit Kit: Win32/Anogre
A.K.A.: Sweet Orange

Encounters involving the Sweet Orange kit (detected as Win32/Anogre), the second most commonly encountered exploit kit in the first quarter of 2015, decreased to negligible levels by the end of the year.

Take the first step — Keep software up to date

Keeping your software up to date is one of the most effective defenses against exploit kits and their ever-evolving attacks.

To keep up with all the latest news about exploit kits, as well as viruses, malware and other known threats, make sure to bookmark the Microsoft Malware Protection Center blog for frequent updates. And for a high-level look at the top 10 trends and stats that matter most to security professionals right now, be sure and download the 2016 Trends in Cybersecurity e-book.



from Tim Rains

"Two Weeks Out - Preparing for #NCSAM"

&nbsp; &nbsp; Editor's Note: National Cyber Security Awareness Month (NCSAM) is coming up and we are enablingorganizations to make this most of October. Every Monday, for the next six weeks, we will be posting a new blog on how to make the most of NCSAM and the NCSAM Planning Kit. We are two weeks out &hellip; Continue reading Two Weeks Out - Preparing for #NCSAM

from lspitzner

Wednesday, September 14, 2016

Keep Microsoft software up to date — and everything else too

Many of the CIOs and CISOs that I talk to, have, over time, developed mature vulnerability assessment methodologies and security updating processes. But frequently, I find that the focus of these processes is squarely on keeping Microsoft operating systems and browsers up to date. Of course vulnerabilities in popular operating systems or browsers have the potential to affect a broad audience. Another reason for this focus is that Microsoft has made updating relatively easy by offering updates via Windows Update, Microsoft Update, and via various tools like Windows Server Update Services and others.

But data from our latest Security Intelligence Report suggests that customers need to keep all of their software up-to-date, not just Microsoft software.

In the last half of 2015 there were nearly 3,300 vulnerability disclosures across the industry, of which 305 were in Microsoft products. With more than 90 percent of reported vulnerabilities occurring outside the Microsoft portfolio, organizations need to monitor their entire technology stack to minimize their risk.

Microsoft products accounted for less than 10 percent of industrywide vulnerabilities in the second half of 2015.

Microsoft products accounted for less than 10 percent of industrywide vulnerabilities in the second half of 2015.

This is consistent with previous years as well. The software industry worldwide includes thousands of vendors, and historically, vulnerabilities for Microsoft software have accounted for between three and ten percent of disclosures in any six-month period.

To find out what’s happening in the world of software vulnerabilities across your IT environment, take some time to review our latest Security Intelligence Report and the information available through the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data. And for a high-level look at the top ten trends and stats that matter most to security professionals right now, be sure and download our 2016 Trends in Cybersecurity e-book.



from Tim Rains

Important Interview Tips For Security Analyst Job Seekers

secrurity jobsAre you seeking a position as a Security Analyst in a company? You may have a lot of questions. This post aims to help you with the hardest part of getting the job; the interview.

First things first, the IT world is currently facing threats that are increasingly tough to deal with and the need of talent is on the rise. This means that most companies are now digging for candidates who are able to demonstrate top notch skills with critical thinking as the most important part of their skill set.

Start With Knowing More Than The Basics

The best way to impress your interviewer is to know more than just the basics. Since companies are demanding high end talent, they are probably looking for someone who can go beyond the basics. For example, if you can learn the inside outs of your field, such as current technology, its usage and implementation, you may be able to easily impress the interviewer.

If you are completely new to the field of cybersecurity and security analyst, it is imperative that you start reading some material on the world of IT security.

Have A Number Of Projects Ready Under Your Belt

Experts have said this time and time again. Cybersecurity is all about showing your practical skills. So make sure your resume has plenty of projects listed down. Whether you did something voluntarily or during your classroom lab adventures, you need to show your interviewers that you have been busy with practical stuff.

Be Clear and Concise

Communication is the number one thing when it comes to being a security analyst. You will be working alongside a team of other IT professionals where you will have to communicate a lot. You should naturally be a team player.

Show your interviewer how well you can do when you work with a good team. Show them examples of your previous projects you completed with a group of other people.

Last but not the least, have a mindset of an explorer and adventurer. You must keep learning on new stuff if you want to excel in the cyber security world. Keep in mind both the defensive and offensive technologies are evolving day after day and it is getting tougher and tougher to fight back cybercrime. Learn new technologies and list them down in your resume so your interviewers can know that you are willing to spend time learning new things.

The post Important Interview Tips For Security Analyst Job Seekers appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Man Gets A New Trial In New Jersey Over Cyberbullying Case

Man suicides after roommate cyber bullied him constantly

Man suicides after roommate cyber bullied him constantly

A New Jersey appeals court has thrown out a conviction of a ex Rutgers University student who posted a video of his roommate kissing another man, causing him to commit suicide.

Dharun Ravi was originally convicted in 2012 on 15 different charges including bias intimidation. He also led a group of other students to spy on his roommate in 2010.

After being constantly bullied, Clementi, 18, decided to commit suicide. He jumped off George Washington Bridge a week later from the incident and instantly died from his injuries. The death of the student started a national debate over cyber bullying.

Read more details http://www.metro.us/news/new-jersey-man-gets-new-trial-in-clementi-cyberbullying-case/jZzpii—IL6JdSF25qYQAegir0Ic2g/

The post Man Gets A New Trial In New Jersey Over Cyberbullying Case appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Tuesday, September 13, 2016

"The Advanced Cybersecurity Learning Platform"

&nbsp; Folks, we areuber excited to announce the launch of SANS' Advanced Cybersecurity Learning Platform (ACLP). One of the key lessonswe learned from over our 1,000 customers, our Security Awareness Summits and theannual Security Awareness Report is that changing behavior is hard. Many organizations do not know the path to take to success, &hellip; Continue reading The Advanced Cybersecurity Learning Platform

from lspitzner

Saturday, September 10, 2016

[SANS ISC Diary] Collecting Users Credentials from Locked Devices

I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices.

It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use a feature or the way the computer is supposed to work. To illustrate this, let’s review an interesting blog post published yesterday[1]. It demonstrates how easy it is to steal credentials from a locked computer… [Read more]

[The post [SANS ISC Diary] Collecting Users Credentials from Locked Devices has been first published on /dev/random]



from Xavier

Friday, September 9, 2016

Here’s why you should never post your boarding pass photo on social media

ING_19047_00615 (300 x 225)We all have a habit of posting footage of luggage, passport and boarding passes on social media to impress our friends when we are going on a fun trip.

But a new study suggests that an airplane boarding pass contains a lot of information that is hidden from plain sight in a small barcode.

Additionally, the passenger’s first and last name are also visible inside the bar code with additional information such as destination, origin and whether he/she is a frequent passenger. It takes only little effort for a cyber criminal to crack this code and obtain all personal data about you.

Read more http://www.huffingtonpost.com/entry/boarding-pass-photos-security_us_56157460e4b021e856d350bb

The post Here’s why you should never post your boarding pass photo on social media appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Wednesday, September 7, 2016

"OUCH is Out - Do's and Don'ts of Email"

&nbsp; The Septemberedition of the OUCH! security awareness newsletter is out. We selected the topic The Do's and Don'ts of Email. Far too often peoplefocus on just cyber attackers, forgettingthat we can be our own worst enemy. In this edition we cover things that can bite us in email like auto-complete, Bcc or the dreaded &hellip; Continue reading OUCH is Out - Do's and Don'ts of Email

from lspitzner

As strong as your weakest link: A look at application vulnerability

When it comes to patching and updating software vulnerabilities, operating systems and web browsers seem to get all the love.

But in reality, vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities published in the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data.

Where are the rest of the vulnerabilities? The majority are in applications (i.e. software that doesn’t ship as part of operating systems or browsers), and unless you’re spending time protecting those too, your application layer could be a big chink in your IT armor. CIOs, CISOs and their security teams need to focus on assessing and patching known vulnerabilities in all business apps, or they could in fact be missing the bulk of the vulnerabilities that exist in their environments.

Vulnerabilities in applications other than web browsers and operating system applications accounted for 44.2% of all disclosures in the second half of 2015.

Vulnerabilities in applications other than web browsers and operating system applications accounted for 44.2% of all disclosures in the second half of 2015.

But separating core OS applications and web browsers from the rest of the application layer can be a bit murky. Comparing vulnerabilities that affect a computer’s operating system to vulnerabilities that affect other components, such as applications and utilities, requires a determination of whether the affected component is part of an operating system. This determination is not always simple and straightforward, given the componentized nature of modern operating systems.

For example, some programs (like photo editors) ship by default with operating system software, but can also be downloaded from the software vendor’s website and installed individually. Linux distributions, in particular, are often assembled from components developed by different teams, many of which provide crucial operating functions such as a graphical user interface (GUI) or Internet browsing.

To help companies navigate this issue and facilitate analysis of operating system and browser vulnerabilities, the Microsoft Security Intelligence Report distinguishes among four different kinds:

  • Core operating system vulnerabilities are those with at least one operating system platform enumeration in the NVD that do not also have any application platform enumerations.
  • Operating system application vulnerabilities are those with at least one OS platform enumeration and at least one application platform enumeration listed in the NVD, except for browsers.
  • Browser vulnerabilities are those that affect components defined as part of a web browser, including web browsers such as Internet Explorer and Apple’s Safari that ship with operating systems, along with third-party browsers such as Mozilla Firefox and Google Chrome.
  • Other application vulnerabilities are those with at least one application platform enumeration in the NVD that do not have any OS enumerations, except for browsers.

With those distinctions in mind, the latest SIR reports that disclosures of vulnerabilities in applications decreased in the second half of 2015, but remained the most common type of vulnerability during the period, accounting for 44.2 percent of all disclosures — a big number that any organization’s security team should be paying attention to.

Meanwhile, the other categories are important too. Core operating system vulnerability disclosures increased dramatically from the first half of the year, moving into second place at 24.5 percent. Operating system application disclosures decreased slightly to account for 18.6 percent, while browser disclosures increased by more than a third to account for 12.8 percent.

The key to keeping any organization safe is to stay on top of all disclosures, no matter which part of the stack they belong in. To stay on top of possible vulnerabilities across your software stack, take a look at our latest Security Intelligence Report and the information available through the NVD. And for a high-level look at the top 10 trends and stats that matter most to security professionals right now, be sure and download our 2016 Trends in Cybersecurity e-book.



from Tim Rains

Google Records Your Voice Conversations – Here’s How To Delete Them

ISS_3138_04538 (300 x 200)

If you’ve been using Google for voice communication, whether through Android or Gchat, chances are that everything you said so far on the platform has been recorded.

For Google, just talking is enough to trigger automatic recording of voice conversations. The company quietly records every conversation that happens through the medium.

This feature was introduced by Google to let people make searches with voice control. Also recording voices enables Google to enhance it’s language recognition system which is responsible for giving results when you do a voice based search.

You can also listen to these recordings and if you wish, you can also delete the information stored which was collected.

Read more http://www.independent.co.uk/life-style/gadgets-and-tech/news/google-voice-search-records-stores-conversation-people-have-around-their-phones-but-files-can-be-a7059376.html

The post Google Records Your Voice Conversations – Here’s How To Delete Them appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Tuesday, September 6, 2016

[SANS ISC Diary] Malware Delivered via ‘.pub’ Files

I published the following diary on isc.sans.org: “Malware Delivered via ‘.pub’ Files“.

While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaign to deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The tool Publisher is less known than Word or Excel. This desktop publishing tool was released in 1991 (version 1.0) but it is still alive and included in the newest Office suite. It is not surprising that it support also macros… [Read more]

[The post [SANS ISC Diary] Malware Delivered via ‘.pub’ Files has been first published on /dev/random]



from Xavier

"Awareness Summit Talk - John Scott on Three Key Skills"

Editor's Note: Over the coming weeks we will post recaps of speakers' talks from the 3rd Annual Security Awareness Summit. Today John Scottfrom Bank of Englandshares details from histalk and experiences from the summit.If you missed the summit, consider the European Security Awareness Summit 11 November in London. Back in the dawn of time, &hellip; Continue reading Awareness Summit Talk - John Scott on Three Key Skills

from lspitzner

Thursday, September 1, 2016

[SANS ISC Diary] Maxmind.com (Ab)used As Anti-Analysis Technique

I published the following diary on isc.sans.org: “Maxmind.com (Ab)used As Anti-Analysis Technique“.

A long time ago I wrote a diary[1] about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it just stops. This has been seen in Russian malware’s which did not infect people located in the same area … [Read more]

 

[The post [SANS ISC Diary] Maxmind.com (Ab)used As Anti-Analysis Technique has been first published on /dev/random]



from Xavier

"Awareness Summit Talk - Janet Roberts on Leveraging the Security Awareness Maturity Model"

Editor's Note: Over the coming weeks we will post recaps of speakers' talks from the 3rd Annual Security Awareness Summit. TodayJanet Roberts from Zurich Insuranceshares details from hertalk and experiences from the summit. If you missed the summit, consider the European Security Awareness Summit 11 November in London. Building a security awareness program is kind &hellip; Continue reading Awareness Summit Talk - Janet Roberts on Leveraging the Security Awareness Maturity Model

from lspitzner

68 million passwords were dumped online in recent Dropbox hack

02E97250 (300 x 200)

Earlier this week, Dropbox suffered a hack and had its users force reset passwords that it claims were stolen in a 2012 breach. The following message was given to the users.

Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012.

Our analysis suggests that the credentials relate to an incident we disclosed around that time

If you haven’t logged in on Dropbox, you will have to change your passwords. Furthermore, if you started using Dropbox before mid 2012, you should also reset your password.

The hack was so big that a file was obtained sized around 5GB which contained the details of 68,680,741 accounts.

Read more https://nakedsecurity.sophos.com/2016/08/31/dropbox-hack-leads-to-68-million-passwords-dumped-online/

The post 68 million passwords were dumped online in recent Dropbox hack appeared first on Cyber Security Portal.



from Gilbertine Onfroi