Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands.

Competitive Horse Racing - Enterprise Security Weekly #111

This week, John Strand and Paul discuss some companies Paul got a chance to catch up with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more! In the Enterprise News this week, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

GitHub security alerts now support Java and .NET projects

GitHub also launches Token Scanning tool and new Security Advisory API.

Open source web hosting software compromised with DDoS malware

Some VestaCP servers were infected with a new malware strain named Linux/ChachaDDOS.

Flaws in telepresence robots allow hackers access to pictures, video feeds

Vendor has patched two of five reported bugs. Three patches are in the works.

Zero-day in popular jQuery plugin actively exploited for at least three years

A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages!

DJI website's 'Get the app on Google Play' directs users elsewhere

Updated: At best it's an oversight, at worst it's placing user security and privacy at serious risk.

Kaspersky says it detected infections with DarkPulsar, alleged NSA malware

Victims located in Russia, Iran, and Egypt; related to nuclear energy, telecommunications, IT, aerospace, and R&D.

Audio recording is now disabled by default in OpenBSD

OpenBSD 6.4 also ships with Meltdown, Spectre v2, SpectreRSB, L1FT, and Lazy FPU mitigations.

48 Hours - Paul's Security Weekly #579

This week, we welcome Mark Dufresne, VP of Threat Research at Endgame for an interview, to talk about how MITRE created their tool and what the MITRE attack framework is! In our second feature interview, we welcome John Walsh, DevOps Evangelist at CyberArk to talk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk! In the security news, how to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with basic, and avoidable mistakes! All that and more, on this episode of Paul's Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/Episode579

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sponsor Landing Page: www.endgame.com

Sponsor Landing Page: www.conjure.org/asw

 

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

Vendors confirm products affected by libssh bug as PoC code pops up on GitHub

Red Hat and F5 Networks acknowledge that some products are vulnerable to the libssh authentication bug.

Hackers steal data of 75,000 users after Healthcare.gov FFE breach

CMS officials says open enrollment period won't be negatively impacted by recent breach.

The most interesting Internet-connected vehicle hacks on record

As researchers turn their attention to vehicles, we've seen everything from sending drivers into a ditch to brakes which suddenly won't work.

Trade.io loses $7.5Mil worth of cryptocurrency in mysterious cold wallet hack

Hackers stole over 50 million TIO tokens. Have already withdrawn 1.3 million tokens.

Facebook approaches major cybersecurity firms, acquisition goals in mind

The firm is reportedly aiming to patch up its tattered reputation with the purchase of external expertise.

Project Lakhta: Russian national charged with US election meddling

The Russian citizen allegedly played a key role in the spread of fake news and trolling across social media networks.

WordPress team working on "wiping older versions from existence on the internet"

DerbyCon presentation gives deep insight into the WordPress team's efforts to improve the security of nearly a third of all Internet sites.

Mozilla announces ProtonVPN partnership in attempt to diversify revenue stream

Selected Firefox users will be able to purchase a ProtonVPN version for $10/month. Some of the money will support Mozilla and Firefox.

Google News app bug burns through gigabytes of user mobile data

Users are reporting sharp spikes in data usage via the app, sometimes leading to hundreds of dollars in mobile data fees.

Super Micro trashes Bloomberg chip hack story in recent customer letter

Server vendor calls Bloomberg report a "technical implausibility" and "wrong."

Advertisers can track users across the Internet via TLS Session Resumption

German researchers find that only seven of 45 browsers block TLS Session Resumption tracking.

This is how government spyware StrongPity uses security researchers' work against them

While researchers are looking forward, hackers are going back to their roots to create new attacks from the ashes of old ones.

FireEye links Russian research lab to Triton ICS malware attacks

FireEye: Clues link Russia's Central Scientific Research Institute of Chemistry and Mechanics research lab to Triton-related activity.

Magecart group leverages zero-days in 20 Magento extensions

Security researcher asks for help in identifying all vulnerable Magento extensions. Only two of 20 currently identified.

Do Your Job - Business Security Weekly #103

This week, Michael and Paul interview Mike McKee, CEO of ObserveIT, and he joins us to talk about the importance of focussing on people, and you do that to experience growth! In the Article Discussion, Michael and Paul talk about the root cause of workplace drama, how to make the most of meetings between IT and your business partners, how to stop procrastinating on your goals by using the “Seinfeld Strategy", and more on this episode of Business Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Microsoft Windows zero-day disclosed on Twitter, again

Zero-day impacts Windows 10, Server 2016, and Server 2019 only.

Yahoo agrees to pay $50 million to settle data breach lawsuit

The company will also provide free credit monitoring services to roughly 200 million people impacted by the cyberattacks.

Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords

Updated: The Washington-based ISP's bucket exposed everything from passwords to internal corporate data.

This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai

Chalubo is a new botnet which is being used in attacks against servers and IoT devices.

Mozilla will match all donations to the Tor Project

Mozilla gives back to the Tor Project after it embedded multiple Tor Browser features into Firefox.

Most enterprise vulnerabilities remain unpatched a month after discovery

More bugs are being squashed by the enterprise, but the time it takes to do so leaves organizations at risk.

Meet the malware which turns your smartphone into a mobile proxy

The proxies can be used to circumvent internal network security controls.

Microsoft sees 25 percent rise in US law enforcement requests

Law enforcement requests numbers stayed the same at the global level, but saw a spike in the US.

Hack Naked News #194 - October 23, 2018

This week, Critical Code execution flaws, WordPress working on wiping older versions from existence, Multiple serious flaws in Drupal, TCP/IP flaws leave IoT gear open to mass hijacking, jQuery plugin actively exploited for at least three years, Flaw in libssh leaves thousands of servers at risk of hijacking, and 8 adult websites exposes a bunch of "intimate" user data! Leonard Simon from Springboard joins us for expert commentary on how to get into the field of Information Security!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode194

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Two Phones - Application Security Weekly #36

This week, Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, a remote code implantation flaw found in Medtronic Cardiac Programmers, hackers hiding Cryptocurrency malware in Adobe flash updates, how the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and how Disney is helping women from across their company to become Developers!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36

Visit https://www.securityweekly.com/asw for all the latest episodes!

Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!

 

Visit our website: https://www.securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence

Hacker was released on parole from Romanian prison this week and is now eligible for a second US extradition to serve 52 months in a US prison on a 2016 sentence.

Data leak at consulting firm handling fundraisers for the Democratic party

Exposed data includes information on thousands of fundraisers and even credentials for databases of voter records.

Free decryption tool released for multiple GandCrab ransomware versions

New decryption tool can recover files locked by GandCrab versions 1, 4, and 5.

Facebook must pay UK's ICO £500,000 over Cambridge Analytica scandal

The fine has now been imposed and is final, but it could have been far worse.

Apple blocks GrayKey police tech in iOS update

Reports suggest the data-slurping tool has been rendered useless -- but no-one knows how.

Cisco releases fix for privilege escalation bug in Webex Meetings app

No, there are no workarounds -- patch now.

North Korea blamed for two cryptocurrency scams, five trading platform hacks

Two new reports support FireEye's characterization that North Korea is "the most destructive cyber threat right now."

New DDoS botnet goes after Hadoop enterprise servers

Hacker group targets misconfigured Hadoop YARN components to plant DemonBot DDoS malware on resource-rich servers.

British Airways: Cyberattack, data theft bigger than we first thought

185,000 customers in addition to original estimates may have had their data, including credit card information, exposed.

China tells Trump to switch to Huawei after NYT iPhone tapping report

Chinese government denies NYT report that it's spying on President Trump's mobile calls.

You're Mind Will Explode - Enterprise Security Weekly #112

This week, Paul is joined by guest host Tyler Shields to interview Jonathan Sander, Security Field CTO of Snowflake computing! Jonathan explains how he came to work for Snowflake, what Snowflake does in the enterprise security space, and how Snowflake contains their data and protect from breaches as well as keeping the data safe! In the Enterprise Security News, Netscout takes internet scale Threat Protection to the Edge, Splunk addresses several vulnerabilities in Enterprise and Light products, Ping Identity launches a Quickstart Private Sandbox, and we have some acquisition updates from CheckPoint acquiring Dome9, CrowdStrike, Fortinet, Rapid7, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode112

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

New security flaw impacts most Linux and BSD distros

Issue is only a privilege escalation flaw but it impacts a large number of systems.

China has been 'hijacking the vital internet backbone of western countries'

Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say.

Majority of county election websites in 20 key swing states use non-.gov domains

Many county election websites also found to be lacking HTTPS support.

Facebook removes more Iran-linked accounts, this time targeting the US & UK

Facebook said it detected this second Iran-linked campaign a week ago.

Windows Defender becomes first antivirus to run inside a sandbox

Windows Defender with sandbox support rolled out to Windows insiders, but some Windows 10 users can enable it right now.

There's Always Scotch - Paul's Security Weekly #580

This week, we welcome Veronica Schmitt, Senior Digital Forensic Scientist for DFIRLABS! Veronica explains what SRUM is in Windows 10, and how SRUM can be a valuable tool in Digital Forensics! In the Technical Segment, we welcome Yossi Sassi, the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com and Advisory Board member at Javelin Networks! Yossi joins us to discuss using Windows Powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence! In the Security News, Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/Episode580

Visit https://www.securityweekly.com/psw for all the latest episodes!

To learn more about Javelin Networks, Go To: www.javelin-networks.com

 

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

Follow us on Twitter: https://www.twitter.com/securityweekly

ike us on Facebook: https://www.facebook.com/secweekly 

Twelve malicious Python libraries found and removed from PyPI

One package contained a clipboard hijacker that replaced victims' Bitcoin addresses in an attempt to hijack funds from users.

Satori botnet author in jail again after breaking pretrial release conditions

Still unclear what Nexus Zeta has done, but he's now incarcerated in the SeaTac detention center.

DHS: Election officials inundated, confused by free cyber-security offerings

Official would have liked free offerings to have been coordinated through DHS.

Pakistani bank denies losing $6 million in country's 'biggest cyber attack'

Anonymous source says the attack consisted of a flood of suspicious PoS transactions made at Target stores in Brazil and US.

US bans exports to Chinese DRAM maker citing national security risk

US official fears supply chain attack on US military systems.

Google launches reCAPTCHA v3 that detects bad traffic without user interaction

reCAPTCHA v3 assigns incoming site visitors a risk score and lets webmasters takes custom actions based on this score.

The Whole Genesis - Business Security Weekly #104

This week, Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

This is how hackers can wipe your memory and steal your thoughts

It might seem like science fiction, but security woes in brain chips could make such attacks reality sooner than we think.