FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Hazelcast IMDG Discover Scan, (Sat, Feb 29th)

Today my honeypot has been capturing scans for the Hazelcast REST API. I checked my logs for the past 2 years and these only started today. The last vulnerability published for Hazelcast was CVE-2018-10654 and related to "There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."[3]
  • February 29th 2020 at 18:04

This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices

By Jon Clay (Global Threat Communications)
week in security

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.

Read on:

Trend Micro Detects a 10 Percent Rise in Ransomware

In its 2019 Annual Security Roundup, Trend Micro detected a decrease in the number of new ransomware families despite the overall attack increase. Additionally, it found that ransomware groups formed alliances in 2019 for more effective attacks. The healthcare industry remains the most targeted by ransomware; meanwhile, government and education sectors were also highly targeted.

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

Are you sure your home network is secure? In the third post of its four-part series, Trend Micro breaks down home network security to help you test the following features: threat blocking, access control and parental controls.

Six Suspected Drug Dealers Went Free After Police Lost Evidence in Ransomware Attack

US prosecutors were forced to drop 11 narcotics cases against six suspected drug dealers after crucial case files were lost in a ransomware infection at a Florida police department. Evidence from the 11 cases could not be recovered following the attack that hit the Stuart police department in April 2019.

Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019

Trend Micro’s 2019 roundup report reveals just how many tools, techniques and procedures hackers have at their disposal today. With 52 billion unique threats detected in 2019 by Trend Micro’s filters alone, threats are becoming an overwhelming challenge for many IT security departments.

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

Cybersecurity researchers uncovered a new high-severity hardware vulnerability residing in Wi-Fi chips manufactured by Broadcom and Cypress—reportedly powering over a billion devices. Dubbed ‘Kr00k’ and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.

Cybercrime Group Uses G Suite, Physical Checks in BEC Scam

An African cybercrime group named Exaggerated Lion uses G Suite and physical checks as new tools for Business Email Compromise (BEC) attacks, reported in a research paper by Agari. Like other BEC scams, the targets belong to company departments that handle finance.

Cisco Patches Flaws in FXOS, UCS Manager and NX-OS Software

On Wednesday, Cisco released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software. The most important of the bugs is a high severity flaw in FXOS and NX-OS that could allow an unauthenticated, adjacent attacker to execute arbitrary code as root. The weakness can also be exploited for denial of service (DoS).

PowerGhost Spreads Beyond Windows Devices, Haunts Linux Machines

Trend Micro researchers encountered a PowerGhost variant that infects Linux machines via EternalBlue, MSSQL and Secure Shell (SSH) brute force attacks. The malware, previously known to target only Windows systems, is a fileless cryptocurrency-mining malware that attacks corporate servers and workstations, capable of embedding and spreading itself undetected across endpoints and servers.

Android Malware Can Steal Google Authenticator 2FA Codes

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.

Ransomware Hits U.S. Electric Utility

The Reading Municipal Light Department (RMLD) has been infected with ransomware, revealed in a statement by the electric utility company. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware and there was no indication of plans to pay ransom to the threat actors.

Are you surprised that the number of new ransomware families detected in 2019 decreased while number of attacks increased? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices appeared first on .

Show me Your Clipboard Data!, (Fri, Feb 28th)

Yesterday I've read an article[1] about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app[2] that discloses the metadata of pictures copied to the clipboard (like the GPS coordinates).
  • February 28th 2020 at 06:11

Black Magic - BSW #164

By paul@securityweekly.com

This week, live from RSAC 2020 we welcome Rob Gurzeev, CEO of Cycognito, to discuss the idea of Shadow Risk and why it's something your organization can t ignore! In our second segment, we welcome Jinan Budge, Principal Analyst at Forrester, to discuss CISO Leadership, Security Culture, and the Evolving Role of the CISO!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode164

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 27th 2020 at 10:00

Offensive Tools Are For Blue Teams Too, (Thu, Feb 27th)

Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility is key. A good example is the combination of a certificate transparency list[1] with a domain monitoring tool like Dnstwist[2], you could spot domains that have been registered and associated with a SSL certificate: It's a good indicator that an attack is being prepared (like a phishing campaign).
  • February 27th 2020 at 06:46

Really Windy - ASW #97

By paul@securityweekly.com

This week, live from RSAC 2020, we interview Chris Eng, Chief Research Officer at Veracode! Chris provides an update on Veracode including 2019 growth, new product announcements, Veracode Security Labs, and booth activities at RSA Conference 2020! In the RSAC Application Security News, 6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Development and DevOps Environments, and more RSA Conference News!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode97

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 26th 2020 at 22:05

Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019

By Trend Micro

Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019  roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.

In response, many CISOs are rightly re-examining how they approach threat defense. Rather than create potential security gaps and risk budget shortfalls through best-of-breed investments, they’re understanding that it may be better to consolidate on one provider that can do it all.

The state of play

Our report provides an alarming snapshot into a threat landscape characterized by volatility and chaos. Financially motivated cybercriminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface.

Three trends in the report stand out:

Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10% to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defense strategies.

Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91%) of threats we blocked last year, and increased 15% in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100% from the previous year. BEC attacks, which the FBI has claimed cost more than any other cybercrime type last year, grew 5%.

The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. We also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts.

What happens now?

This is just the tip of the iceberg. We also detected a 189% brute force IoT logins, an increase in mobile malware, and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimizing defense at each layer.

Here’s a quick checklist of elements to consider:

  • Network segmentation, regular back-ups and continuous network monitoring to help tackle ransomware
  • Improved security awareness programs so users can better spot BEC and phishing attempts
  • Monitor vulnerabilities and misconfigurations in supply chain partners’ systems to defend against Magecart attacks
  • Scan container images at build and runtime for malware and vulnerabilities
  • Keep all systems and software on latest versions
  • Two-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like RDP and developer tools

To find out more, read Trend Micro’s 2019 roundup report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/the-sprawling-reach-of-complex-threats.

The post Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019 appeared first on .

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

By Trend Micro

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.

Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.

We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.

1.   Threat Blocking

To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:

http://www.eicar.org/download/eicar.com

http://test-malware.hns.tm

When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro™ Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.

2.   Access Control

Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.

Approving and Rejecting Devices

Device control is the first part of access control.

  • Navigate to Settings -> Access Control and enable New Device Approval, after completing setup and allowing HNS to scan the network for devices.
  • Connect a device that has never been connected to the HNS-secured network. The phone that’s managing the HNS Station will receive a notification indicating, “Request from a new device to join the network”.
  • Once you tap the notification, you’re given the option to either Allow Connection or Block the new device’s connection to your network.

Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.

Remote Access Protection

For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.

Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.

In this test, we will use the free version of TeamViewer.

  • Download the remote access software from https://www.teamviewer.com and install it on two devices—e.g., a laptop and desktop computer. (It’s available for phones and tablets too.) One will act as the source, the other the target. The target PC should be on the same home network where HNS is installed. The source PC should be on another network.
  • Navigate to Settings -> Access Control -> Remote Access Protection in the HNS app and enable Block Remote Access.
  • From the source PC outside of your network, attempt to establish a TeamViewer connection to the target PC and start a session.

HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.

Disconnecting Devices

Next, you should test Disconnecting Devices.

  • To do this, navigate to the Devices page and choose a connected device (indicated by a green status indicator next to the device’s name).
  • On the chosen device’s detail page, turn off the “Connect to the Network” switch to disconnect it from the network.
  • Using the disconnected device, attempt to browse to a webpage or use an online application to verify that the device no longer has access.

3.   Parental Controls

As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.

Website Filtering

Testing Website Filtering is easy.

  • For this test, under the Filtering sector, first assign a test PC with the Pre-Teen-Age Level default profile for Filtered Categories.
  • Next, using the browser of your assigned test PC, attempt to go to a website that belongs to the default blocked categories in the Pre-Teen level, such as Personals or Dating.

The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.

Content Filtering

Moving forward, Content Filtering is next in our checklist.

  • Go to the HNS app, proceed to the test user’s profile Settings -> Filtering. Then scroll down to the Content Turn ON Google SafeSearch and YouTube Restricted Mode if they’re turned OFF, or vice-versa.
  • The change in settings should be reflected on the browser. To verify this, open a new instance of the browser.
  • From the Google Search results page go to Settings -> Search Settings and Turn On SafeSearch should have a check mark beside it if it’s turned ON by HNS, or it’s unchecked when turned OFF by HNS.
  • For YouTube, go to https://www.youtube.com and locate the 3 vertical dots near the SIGN IN button. Scroll down and check whether Restricted Mode is turned ON or OFF, depending on the toggled setting made from the HNS app.

When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.

App Controls

To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.

  • From the HNS app, toggle on Inappropriate App Used from the Settings of the same test user account profile of the assigned test mobile device.
  • Enable Notifications and choose any or all that are listed in the App Category.

Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.

Time Limits

To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.

As an example:

  • Monday, Tuesday, Wednesday, Thursday, Friday
  • 30 minutes of Internet allowed, including 15 minutes of YouTube
  • Times allowed: 6:00 PM to 10:00 PM

To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.

Connection Alert & Notification

Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.

To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.

And Now, the Answer to Your Question

Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.

Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.

Go here for Parts 1 and 2 of our series:

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .

Quick look at a couple of current online scam campaigns, (Tue, Feb 25th)

Since I was exposed to three different online scam campaigns in the last three weeks, without having to go out and search for them, I thought that today might be a good time to take a look at how some of the current online scams work.
  • February 25th 2020 at 06:16

Maldoc: Excel 4 Macros and VBA, Devil and Angel?, (Mon, Feb 24th)

Philippe Lagadec, the developer of ole-tools, pointed out something interesting about the following maldoc sample (MD5 a0457c2728923cb46e6d9797fe7d81dd): it contains both Excel 4 macros and VBA code.
  • February 24th 2020 at 18:44

Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)

I've mentioned Excel 4 macros before, a scripting technology that predates VBA.
  • February 23rd 2020 at 21:54

Simple but Efficient VBScript Obfuscation, (Sat, Feb 22nd)

Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first idea about the code behaviour. In parallel, many obfuscation techniques exist to avoid detection by AV products and/or make the life of malware analysts more difficult. Personally, I like to find new techniques and discover how imaginative malware developers can be to implement new obfuscation techniques.
  • February 22nd 2020 at 12:28

ThemeGrill, Citrix Hacks, & ATT&CK for ICS - Wrap Up - SWN #14

By paul@securityweekly.com

This week, Doug brings you the weekly Wrap Up, talking all things like D-List Celebrities will call you for money, RSA Sold for 2.1B, IBM pulls out of RSA due to fear of COVID-19, Citrix hacks, all this and more including highlights from this past week across all of our shows!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode14

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 21st 2020 at 21:19

Hacking Back - PSW #640

By paul@securityweekly.com

This week, we welcome Mike Nichols, Head of Product at Elastic Security, to talk about how Elastic Security is unifying SIEM and Endpoint Security! In our second segment, we welcome Ian Coldwater, Lead Platform Security Engineer at Heroku, to talk bout Kubernetes and Container Security! In the Security News, Iranian Hackers are targeting Dutch Universities, how electrical tape can fool Tesla sensors, Ransomware attack forces 2-day shutdown of a natural gas pipeline, Ring Rolls Out Mandatory 2FA & New Privacy Controls, and 7 Ways to Improve the Security of Mobile Banking Apps!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 21st 2020 at 21:00

This Week in Security News: LokiBot Impersonates Popular Game Launcher and DRBControl Espionage Operation Hits Gambling, Betting Companies

By Jon Clay (Global Threat Communications)
week in security

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a variant of LokiBot that has been discovered impersonating a popular game launcher, known for Fortnite, to trick users into executing it on their machines. Also, read about how an advanced threat actor has been targeting gambling and betting companies with malware linked to two Chinese hacker groups.

Read on: 

LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File

LokiBot, which can harvest sensitive data such as passwords and cryptocurrency information, has been discovered impersonating game launcher Epic Games—the company behind games such as Fortnite–to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.

DRBControl Espionage Operation Hits Gambling, Betting Companies

An advanced threat actor has been targeting gambling and betting companies with malware that links to two Chinese hacker groups. The mission — named “DRBControl” by security researchers — appears to be cyberespionage and includes stealing databases and source code from the targets. Researchers at Trend Micro painted a larger picture of DRBControl’s activities after analyzing a backdoor used by the group against a company in the Philippines.

Uncovering Risks in Ordinary Places: A Look at the IoT Threat Landscape

As the IoT continues to become more integrated into enterprises and homes, the threat landscape also expands. In this blog, Trend Micro looks at the most significant threats and vulnerabilities in IoT devices on the edge of the network, within the network itself, and on the cloud; as well as gains insights from the cybercriminal underground.

Newly Discovered Vulnerability Can Let Hackers Impersonate LTE Mobile Device Users, Researchers Say

German researchers have found a new vulnerability on 4G/LTE mobile devices that could allow hackers to impersonate the phone’s owner. In this article, Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro, discusses the threat level of this vulnerability and its risks, which include  running up a person’s bill by making international calls or using premium services offered by the victim’s provider, like a TV streaming service.

Fake Dating Apps Found as Top Source of Malware in Africa

According to research from Kaspersky, 7,734 attacks from 1,486 threats were detected, affecting 2,548 mobile users from the continent. The countries with the most recorded attacks were South Africa with 58%, as Kenya (10%) and Nigeria (4%) trail behind.

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to all industries operating critical infrastructures about a new ransomware in response to a cyberattack targeting an unnamed natural gas compression company’s internal network, encrypting critical data and knocking servers out of operation for almost two days. 

Plugin Leaves Nearly 100,000 WordPress Sites Vulnerable to Compromise

According to a report by WebARX, a vulnerability in a plugin for WordPress themes allows remote attack execution, gives full administrator rights, and can possibly even wipe out the entire website database. The vulnerability was discovered in ThemeGrill Demo Importer, a plugin that offers demo options for themes, widgets, and other content that can help customize websites.

MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer

A hacking forum this week published personal details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. Those guests included celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

Stolen Credit Card Data Concealed through Fake Club Membership Cards

Stolen credit card data has been disguised through counterfeit club membership cards, as revealed by the U.S. Secret Service and reported by Brian Krebs. The cards, purportedly for exclusive use at name-brand retailers, had barcodes that contained the credit card information as well expiration dates and card verification values (CVVs). 

Adobe Releases Out-of-Band Patch for Critical Code Execution Vulnerabilities

Adobe has released an out-of-schedule fix to resolve two vulnerabilities that may expose user systems to code execution attacks. Users of Adobe Media Encoder and After Effects should update their software builds immediately. The tech giant thanked researcher Francis Provencher, alongside Matt Powell from Trend Micro’s Zero Day Initiative for reporting the vulnerabilities.  

Surprised by the scale of the giant MGM Grand breach? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: LokiBot Impersonates Popular Game Launcher and DRBControl Espionage Operation Hits Gambling, Betting Companies appeared first on .

Quick Analysis of an Encrypted Compound Document Format, (Fri, Feb 21st)

We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, it’s always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word document that I quickly analysed. Thanks to him!
  • February 21st 2020 at 07:11

The Golden Circle - ESW #173

By paul@securityweekly.com

This week, Matt is joined by Scott Lyons and Josh Marpet to talk Enterprise News, and how IBM announced RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020, and lots of funding announcements! In the second segment, CEO of Red Lion LLC. Scott Lyons will provide an overview of their CTF at InfoSec World 2020, including their training class and CTF 101! In our final segment, we welcome Ben Budge, System Administrator III at Litehouse Foods, and Lyle Beck, Technology Manager at Litehouse Foods, to discuss the problems they faced at Litehouse in regards to network and system monitoring, troubleshooting, and how that ultimately took them to ExtraHop!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode173

To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 20th 2020 at 17:00

Whodat? Enumerating Who "owns" a Workstation for IR, (Thu, Feb 20th)

Eventually in almost every incident response situation, you have to start contacting the actual people who sit at the keyboard of affected stations.  Often you'll want them to step back from the keyboard or logout, for either remote forensics data collection or for remediation.  Or in the worst case, if you don't have remote re-imaging working in your shop, to either ship their station back to home base for re-imaging or to arrange a local resource to re-image the machien the hard way.
  • February 20th 2020 at 16:24

Hackers Target Online Gambling Sites

Threat Actor Targets Gambling and Betting in Southeast Asia

Gambling and betting operations in Southeast Asia have been targeted in a campaign active since May 2019, Trend Micro reports. 

Dubbed DRBControl, the adversary behind the attacks is using a broad range of tools for cyber-espionage purposes, including publicly available and custom utilities that allow it to elevate privileges, move laterally in the compromised environments, and exfiltrate data. 

The intrusion begins with spear-phishing Microsoft Word files, with three different document versions identified: they embed an executable, a BAT file, and PowerShell code, respectively. Two very similar variations of the employed phishing content were observed.

The first two document versions execute the same payload onto the target system, and the third one is believed to be leading to the same piece of malware too. 

DRBControl employed two previously unknown backdoors in this campaign, but also used known malware families, such as the PlugX RAT, the Trochilus RAT, and the HyperBro backdoor, along with various custom post-exploitation tools, Trend Micro explains in a detailed report (PDF).

Both of the backdoors use DLL side-loading through the Microsoft-signed MSMpEng.exe, with the malicious code then injected into the svchost.exe

Written in C++, the first of the threat actor’s backdoors can bypass user account control (UAC), achieve persistence via a registry key, sends out information such as hostname, computer name, user privileges, Windows version, current time, and a campaign identifier. 

A recent version of the malware was observed using Dropbox for command and control (C&C), with multiple repositories employed to store the infected machine’s information, store commands and post-exploitation tools, and store files exfiltrated from the machine. 

The Dropbox-downloaded backdoor has keylogging functions and can receive commands to enumerate drives and files, execute files, move/copy/delete/rename files, upload to Dropbox, execute commands, and run binaries via process hollowing. 

Also written in C++, the second backdoor too has UAC bypass and keylogging capabilities. The security researchers discovered an old version of this backdoor being delivered by a Word document from July 2017, suggesting that DRBControl has been active for a long time. 

Post exploitation tools employed by the threat actor include a clipboard stealer, a network traffic tunnel EarthWorm, public IP address retriever, NBTScan tool for enumerating NetBIOS shares, brute-force tool, and an elevation of privilege tool for exploiting CVE-2017-0213. Multiple password dumpers, tools for bypassing UAC, and code loaders were also identified. 

The use of the same domain in one of the backdoors, a PlugX sample, and Cobalt Strike allowed the researchers to link DRBControl to all three malware families. Additionally, the researchers identified connections with Winnti (via mutexes, domain names, and issued commands) and Emissary Panda (the HyperBro backdoor appears to be exclusive to Emissary Panda). 

This cyber-espionage campaign was targeted at gambling and betting companies in Southeast Asia, with no attacks in other parts of the world being confirmed to date. 

“The threat actor described here shows solid and quick development capabilities regarding the custom malware used, which appears to be exclusive to them. The campaign exhibits that once an attacker gains a foothold in the targeted entity, the use of public tools can be enough to elevate privileges, perform lateral movements in the network, and exfiltrate data,” Trend Micro concludes. 

RelatedNew APT10 Activity Detected in Southeast Asia Copyright 2010 Respective Author at Infosec Island
  • February 20th 2020 at 02:10

Pixie Dust - SCW #18

By paul@securityweekly.com

This week, we welcome Jeff Recor, Global IRM Lead at Accenture, to talk about how Integrated Risk Management is the New GRC! Jeff was scheduled to be part of the 'Security vs. Compliance' Roundtable (https://securityweekly.com/shows/security-vs-compliance-psw-632-2/) recorded on Dec. 19, 2019, but got snowed out!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode18

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 19th 2020 at 22:00

Crypto Chaos, Assange Trial, & Turkish RATs - SWN #13

By paul@securityweekly.com

This week, Quantum Crypto Chaos, IBM Cloud Vulnerabilities in CICS, Crowded Flounder and Hacking Back, Turkish RATs, Israeli soldiers catfished by HAMAS, and the Julian Assange Trial: Australian PMs trying to prevent extradition to the United States!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode13

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 19th 2020 at 19:24

Over the Edge - ASW #96

By paul@securityweekly.com

This week, we welcome Doug DePerry, Director of Defense at Datadog, to discuss Lessons Learned From The DevSecOps Trenches! In the Application Security News, SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, RetireJS, What Is DevSecOps and How to Enable It on Your SDLC? and more!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode96

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 18th 2020 at 10:00

Discovering contents of folders in Windows without permissions, (Tue, Feb 18th)

I recently noticed an interesting side effect of the way in which Windows handles local file permissions, which makes it possible for a non-privileged user to brute-force contents of a folder for which they don’t have read access (e.g. Read or List folder contents) permissions. It is possible that it is a known technique, however as I didn’t find any write-ups on it anywhere, I thought I’d share it here.
  • February 18th 2020 at 06:17

Docker Repos, SweynTooth, & Emotet - Wrap Up - SWN #12

By paul@securityweekly.com

This week, Doug White brings you through the latest across all of our shows on the network, CIA pwns well, everyone in history, Bluetooth hacking, Thousands of Docker Repositories are open to the internet, lots of ransomware, and is Apple giving up passwords?

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode12

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 17th 2020 at 21:13

curl and SSPI, (Mon, Feb 17th)

There's an interesting comment on Xavier's diary entry "Keep an Eye on Command-Line Browsers" (paraphrasing): a proxy with authentication will prevent wget and curl to access the Internet because they don't do integrated authentication.
  • February 17th 2020 at 18:09

Leaky Secrets - PSW #639

By paul@securityweekly.com

This week, we welcome Oshea Bowens, Founder & Chief Janitor at Null Hat Security, to talk about Living in Blue Team Land and Skicon, a conference Founded by Oshea himself! In our second segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Hacking Firmware: The Unprotected Attack Surface of the Enterprise! In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

  • February 17th 2020 at 17:00

This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

By Jon Clay (Global Threat Communications)
week in security

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the more than 140 February Patch Tuesday updates from Microsoft and Adobe. Also, read about how an unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 inmate records in several U.S. states.

Read on:

February 2020 Patch Tuesday: Microsoft Fixes 99 Vulnerabilities, Adobe 42

This week, patches from Microsoft and Adobe for February were announced. Microsoft released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe released fixes for 42, most of which are critical, and none actively exploited.

How to Manage Your Privacy On and Off Facebook

Where on Facebook is your privacy most at risk and what can you do to mange these risks? Although Facebook has taken steps to offer users tools to manage their data, such as their recent broad launch of their Off-Facebook Activity tool, they are not always easy to find. This blog from Trend Micro serves as a guide on how to protect your privacy on Facebook.

Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims

Emotet, the notorious trojan behind several botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already-infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.

Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems

Trend Micro discovered that the hacking group Outlaw has been busy developing their toolkit for illicit income sources. While they had been quiet since Trend Micro’s analysis in June, there was an increase in the group’s activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks.

Irving Security Company Spun Out of Trend Micro Lands $26M in Funding

Cysiv announced this week the close of a $26 million Series A financing led by ForgePoint Capital, a top tier venture capital firm that invests in transformative cybersecurity companies. Trend Forward Capital has been actively backing Cysiv and is also participating in this financing. Proceeds will be used to scale business operations and fuel further platform enhancements.

Trickbot, Emotet Use Text About Trump to Evade Detection

Threat actors have been using text from news articles about U.S. President Donald Trump to make malware undetectable. Trickbot samples employing this technique were recently found, while Trend Micro researchers detected Emotet samples using the same method.

Puerto Rico Gov Hit By $2.6M Phishing Scam

According to reports, an email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors. The scam email alleged a change to a banking account tied to remittance payments, which is a transfer of money (often by a foreign worker) to an individual in their home country.

Malicious Spam Campaign Targets South Korean Users

The spam campaign, detected by Trend Micro researchers, utilizes attachments compressed through ALZip, an archive and compression tool widely used in South Korea. When decompressed, the attachment is revealed to contain two executable (.EXE) files that carry the information stealer TrojanSpy.

Google Removes 500+ Malicious Chrome Extensions from the Web Store

Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-month long investigation conducted by security researcher Jamila Kaya and Cisco’s Duo Security team. The removed extensions operated by injecting malicious ads (malvertising) inside users’ browsing sessions.

Dynamic Challenges to Threat Detection and Endpoint Security — and How to Overcome Them

As a result of great technological advancements, our environments are steadily changing. Now more than ever, individuals and organizations rely on technology to make life more dynamic. This reliance on technology and the consequent expanding attack surface are what cybercriminals bank on as they create threats that are meant to trick users and organizations. In this blog, learn how to step up your threat detection and endpoint security.

YouTube, Twitter Hunt Down Deepfakes

YouTube and Twitter have taken measures to clamp down on synthetic and manipulated media, including deepfakes. Deepfakes are media (images, audio, video, etc.) synthetically generated through artificial intelligence and machine learning (AI/ML), which have been exploited in adult videos and propaganda using the faces and voices of unwitting celebrities, politicians, and other well-known figures.

Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

An unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 records belonging to inmates of correctional facilities in several U.S. states. The leak, which was discovered by vpnMentor, exposed personally identifiable information (PII), prescription records and details of inmates’ daily activities.

An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

CVE-2020-0601 is a vulnerability that was discovered by the National Security Agency (NSA) and affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could create their own cryptographic certificates that appear to originate from a legitimate certificate that is trusted by Windows by default.

In your opinion, what was the most noteworthy patch from this month’s update? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records appeared first on .

SOAR or not to SOAR?, (Sun, Feb 16th)

Security, Orchestration, Automation and Response (SOAR) allow organizations to collect data about security threats from multiple sources to automate an appropriate response on repetitive tasks. As an analyst you need to juggle and pivot several times a day between multiple tools and devices to evaluate a huge amount information and deal with flood of repetitive tasks such as alerts, tickets, email, threat intelligence data, etc. The end goal is to centralize everything in one location to improve analysis using captured institutionalized knowledge.
  • February 16th 2020 at 17:22

bsdtar on Windows 10, (Sat, Feb 15th)

Reading Xavier's diary entry "Keep an Eye on Command-Line Browsers", I wondered when exactly curl was introduced in Windows 10?
  • February 15th 2020 at 19:23

Super Stoked - ESW #172

By paul@securityweekly.com

This week, we talk Enterprise News, to talk about Salt Security API Protection Explained, Thycotic Leads the Way for Cloud-based Privileged Access Management, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, Elastic Stack 7.6 delivers automated threat analysis and response, and 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks! In our second segment, we welcome David Waugh, Chief Revenue Officer at Managed Methods, to discuss how K-12 schools are victims of lateral phishing campaigns! In our final segment, we welcome Jeff Deininger, Principal Sales Engineer for the Cloud at ExtraHop, to discuss How to Secure Cloud Workloads & Reduce Friction with Cloud-Native Network Detection & Response!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 14th 2020 at 22:00

Keep an Eye on Command-Line Browsers, (Fri, Feb 14th)

For a few weeks, I’m searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type ‘curl.exe’ on your Windows 10 host:
  • February 14th 2020 at 06:26

Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020, (Thu, Feb 13th)

Good news, sort-of - - Microsoft has deferred their March changes to LDAP, citing the Christmas change freeze that most sensible organizations implement as their reason:
  • February 13th 2020 at 13:47

March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!, (Wed, Feb 12th)

Next month Microsoft will be changing the default behaviour for LDAP - Cleartext, unsigned LDAP queries against AD (over port 389) will be disabled by default - https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows  .  You'll still be able to over-ride that using registry keys or group policy, but the best advice is to configure all LDAP clients to use encrypted, signed LDAPS queries (over port 636).
  • February 13th 2020 at 01:21

Mission, Goals, & Objectives - BSW #162

By paul@securityweekly.com

This week, we welcome Dr. Mike Lloyd, CTO at RedSeal, to discuss The Critical Role of Basic Cyber Hygiene! In the Leadership and Communication Segment, 5 things successful people don't care about, 11 books that will change the way you think about Leadership, how IBM wants to be the next Microsoft starting with the CEO, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode162

To find out more and try Redseal, please visit: https://securityweekly.com/redseal

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 12th 2020 at 10:00

Big Pet Peeves - SCW #17

By paul@securityweekly.com

This week, Jeff and the crew discuss What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? In the Security & Compliance News, Back to the basics What is the cost of non-PCI Compliance?, Endpoint Security the Foundation to Cybersecurity, Facebook settles data breach class-action lawsuit, CCPA cited in Hanna Andersson/Salesforce breach lawsuit, and Hanna Andersson Notice of Data Breach to Consumers!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 11th 2020 at 22:00

CIA, Equifax, ATT&CK for ICS - SWN #11

By paul@securityweekly.com

The CIA spying? NASA could have used a USB charger? Election technology not very secure? ICS is a threat and the return of the Equifax monster from beyond the grave!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode11

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 11th 2020 at 21:15

When Data Is Currency, Who’s Responsible for Its Security?

In a year that was all about data and privacy, it seems only fitting that we closed out 2019 in the shadow of a jumbo data leak where more than a billion records were found exposed on a single server.

Despite this being one of the largest data exposures from a single source in history, it didn’t cause nearly the public uproar that one might expect from a leak involving personal information such as names, email addresses, phone numbers, LinkedIn and Facebook profiles. Instead, this quickly became yet another case of consumer information being mishandled, impacting many of the same consumers that have been burned several times already by companies they trusted.

What’s different about this leak – and what should have given consumers and businesses alike pause – is the way in which this case highlights a more complex problem with data that exists today.

There’s no question that data is a very valuable asset. Organizations have done a great job figuring out how to capture consumer data over the last decade and are now beginning to use and monetize it. The problem is, that data can also be used in many different ways to inflict serious pain on victims in their personal and business lives. So, when that data goes through someone’s hands (business or individual), how much responsibility do they – and those up the lifecycle chain – have for where it ends up?

Beginning at the consumer level, users can opt out of sharing data and should do so at any chance they get if they are concerned about having their information exposed. The good news is that new regulations like the GDPR and CCPA are making this easier to do retroactively than ever before. The challenge is that the system isn’t perfect. Aliases and other databases can still be difficult to opt out of because although they may have information captured, errors like misspellings can prevent consumers from getting to their own data.

With this particular incident, we also caught a glimpse of the role that data enrichment, aggregators and brokers play in security. Although it didn’t come directly from their own servers, the exposed data was likely tied to enrichment firms People Data Labs (PDL) and OxyData. While several data brokers today are taking more responsibility and offering security and privacy education to their customers, it was alarming to see that neither data broker in this case could rule out the possibility that their data was mishandled by a customer. In fact, rather than pushing for a solution, Oxydata seemed to shirk responsibility entirely when speaking with WIRED.

Data brokers need to own up to this challenge and look at better screening of their customers to ensure their use of data has valid purposes. A case study by James Pavur, DPhil student at Oxford University, underscored these failings in the system when he used GDPR Subject Access Requests to obtain his data from about 20 companies, many of which didn't ask for sufficient ID before sharing the information. He went on to try and get as much data as possible about his fiancée, finding he could access a range of sensitive data, including everything from addresses and credit card numbers to travel itineraries. None of this should be possible with proper scredaening in place.

Ultimately, whoever owns the server where the leak originated is the one that will be held legally and fiscally responsible. But should data brokers be emulating the shared responsibility model in use by cloud services like AWS? Either way, by understanding the lifecycle of data and taking additional responsibility upstream, we can begin to cut down on the negative impact when exposures like this inevitably occur.

About the author: Jason Bevis is the vice president of Awake Security Labs at Awake Security. He has extensive experience in professional services, cybersecurity MDR solutions, incident response, risk management and automation products.

Copyright 2010 Respective Author at Infosec Island
  • February 11th 2020 at 19:13

How to Manage Your Privacy On and Off Facebook

By Trend Micro

Social media has come a long way in a short space of time. In a little over a decade, it’s grown from being the preserve of a relatively small group of online enthusiasts to one of the defining trends of 21st century life. As the undisputed global leader in this field, Facebook now boasts nearly 1.7 billion daily active users.

Not only do we share personal and global news, photos and videos with each other every day on the site, we also log-in to our favorite third-party websites and apps via Facebook to shop, chat, play games and much more. In short, social media makes life more fun, more social, and more connected.

But at the same time, our digital lives have become more complicated. Sometimes we share without realizing the significance of the data we’re showing others — including strangers, trolls and maybe even fraudsters. Sometimes we sign-up for third-party apps/services that take advantage of small print agreements to sell our data on to others — possibly for uses we did not want. And often, the websites we visit independently of Facebook send data on our browsing behavior back to the social network without our knowledge.

Some of us view this kind of tracking as the price we pay for free internet services, and welcome the improved personalization it enables. But others may feel creeped out that their family’s every click and swipe is being silently monitored, logged, and shared.

Time for action

The good news is that Facebook has been listening (to some extent!) to regulators and consumers, and has started the new year by offering users more tools to shine a light on where and how their data is being used, and how they can protect their privacy. But we’re talking here about a platform that has been growing non-stop for the past 15 years. Complexity is everywhere, and it’s not always easy to find the tools you need to enhance your privacy on the site.

That’s why we’ve put together this short guide. It’ll teach you where your privacy is most at risk on Facebook, and what you can do to manage these risks, including an assist by Trend Micro’s own Privacy Scanner tool.

Why should I be worried?

Although social media offers much to enrich and improve our lives, there are multiple levels of privacy risk involved in using it. For many of us, the stakes have risen almost silently in the background over the past few years. We can split these into three basic areas:

Oversharing: At a very basic level Facebook allows you to share news, pictures, stories and more with the world. But would you want your boss, prospective employer, law enforcement, credit agencies and other users to see every little thing about you? Yes, they increasingly use Facebook as a source of intelligence gathering, so you may want to limit who can view your information to just those in your friendship network.

Among the most prodigious collectors and monetizers of our private data are cyber-criminals. A Facebook account is a trove of sensitive personal information: everything from email addresses and phone numbers to partners and political preferences. It could all be leveraged to commit identity fraud or craft convincing phishing emails which trick you into giving away even more details. Something as innocuous as a photo of a family pet could provide hackers with some useful intel for guessing your online passwords. Or what about a real-time update from the beach? It might be all an opportunistic burglar needs to raid your home.

Third-party apps and websites: One of the most controversial aspects of data collection and use on Facebook relates to partner sites and services. Often, users sign-up for these apps without being fully aware of how their data will be used, or even what profile data the app may be gaining permission to harvest. It was data on 87 million Facebook users and their friends collected by a popular third-party personality test app that ended up being sold to Cambridge Analytica. It was then controversially used to target US voters ahead of the last Presidential election.

Following a huge FTC fine, Facebook is now more rigorous in ensuring third-party developers comply with its privacy and data use policies. But some users may still balk at their private data being sold on to third parties.

Other Off-Facebook activity: Apps and websites that you log into with your Facebook ID technically count as “off-Facebook activity”: that is, stuff that happens outside of the social site. But there’s more. Did you know, for example, that Facebook collects data from a huge number of additional sites and apps that aren’t obviously connected to the platform?

It uses code embedded on these sites to track what you do there, in order to make advertising on Facebook more targeted and personalized. So accurate and covert is this technology that it has given rise to a conspiracy theory that Facebook is somehow listening in to its users’ phone calls. It’s not. Users simply don’t know that, when they visit many sites and apps on the web, those same sites are secretly sending data back to Facebook, which then serves up relevant ads. Just bought Season One of your favorite show on a streaming app? You may get an ad for Season Two when you next visit your Facebook account.

Some people may be fine with this trade-off: privacy for a more tailored user experience. But many others may not. It’s one thing monitoring what you bought off an e-commerce site, quite another to track who you swiped left on when you were last on a dating site.

How can I manage my privacy better?

Fortunately, Facebook provides tools to help you to manage your privacy. Let’s go through some of them, from the newest to the oldest.

Off-Facebook
Facebook has just released a way of checking which sites/apps track and send data on your web usage back to the social network, clearing your data sharing history with them, and disconnecting for the future.

  • The Off-Facebook Activity tool can be reached here, or you can go to Settings > Your Facebook Information > Off-Facebook Activity.
  • Click Manage Your Off-Facebook Activity and you’ll see a list of the (possibly many) apps and sites that have shared info about you with Facebook, including how they shared the data, and what kind of data it is.
  • You can turn off this activity by going to Clear History. However, to prevent such data sharing in future, you will need to go to Manage Future Activity and then toggle it Off.

There are some caveats. Disconnecting in this way will log you out of any apps/sites you used Facebook to log into. In addition, it will not stop Facebook serving you advertising — you’ll get the same number of ads, except these won’t be as personalized as before. Facebook will also continue to receive information about your interactions on various sites, but this will be anonymized.

Particular apps, games and websites

You can also directly edit the privacy and settings of particular apps, games and websites you’ve logged into with your Facebook account.

  • Go here, or click Settings, then Apps and Websites in the menu on the left.
  • Click the name of the app, game or website you want to update, or Search Apps and Websites with the Search tool on the upper right to find it.
  • Once you’ve found the app, game, or website in question, update the information you’re sharing, who can see that you use it, and the notifications you receive.
  • Click Save to save your changes.

Basic privacy settings

Facebook has also overhauled its most basic privacy settings. Its Privacy Checkup tool features four distinct sections.

  • Click at the top of any page on Facebook and select Privacy Checkup. Then choose
  • Who Can See What You Share to review and change who can view your profile info and posts, and to block individuals if you wish.
  • How to Keep Your Account Secure to choose a stronger password and turn on login alerts.
  • How People Can Find You On Facebook enables you to choose who can look you up and send friend requests.
  • Your Data Settings on Facebook provides a list of apps and sites you’ve used Facebook to log-in to and allows you to remove these.

How Trend Micro can help

An easier option for managing your basic privacy on Facebook is the Trend Micro Privacy Scanner, which is available within Trend Micro Security on Windows and Mac, and within Mobile Security on Android and iOS. It automates the process of finding and fixing any potentially risky settings to keep your personal data safe from prying eyes.

It’s turned on by default in Trend Micro Internet and Maximum Security, as well as in Mobile Security.

  • Either click on the Privacy icon in the TMS Console, or in the PC or Mac browser click the Trend Micro Toolbar and select Check Your Online Privacy/Check Social Network Privacy
  • In Mobile Security, tap the panel for Social Network Privacy > Facebook.
  • Once you’re signed-in to Facebook, See Scan Results, and then click or tap Fix All, or click or tap on the drop down to view and edit each issue separately.

Facebook is getting better at privacy, but its controls can be hard to find, and functionality is constantly being updated. That’s why we recommend a privacy audit every few months. Check in with your Facebook Privacy settings directly or via the Privacy Scanner to make sure you’re not leaking personal data. Privacy is subjective, but we’re all getting more critical about how big corporations use our data — and that’s not a bad thing.

Go here for more information on Trend Micro Security and Trend Micro Mobile Security.

The post How to Manage Your Privacy On and Off Facebook appeared first on .

The Toothbrush of Trust - ASW #95

By paul@securityweekly.com

This week, Mike and John interview Shaun Lamb about strategies for how to best design applications so they are "secure by default" and have fewer incidents and vulnerabilities, and more! In the Application Security News, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and more!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • February 11th 2020 at 10:00

Hacking Philips, Iowa Caucus, & Kryptos Key - Wrap Up - SWN #10

By paul@securityweekly.com

This week, Doug White gives you the latest updates across all of Security Weekly's shows, from malware to hacking air-gapped computers, Ashley Madison, Katelyn Bowden and the BADASSARMY, Security Through Obscurity in Iowa, and highlights from the show notes from the week of February 2, 2020!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode10

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

  • February 10th 2020 at 14:00

Current PayPal phishing campaign or "give me all your personal information", (Mon, Feb 10th)

One of my colleagues sent me a new PayPal phishing e-mail today. Although it was fairly usual, as phishing e-mails go, since the campaign is still active and since it shows the current "let’s take all that we can get" mentality of the attackers quite well, I thought it was worth a short diary.
  • February 10th 2020 at 08:27
❌