Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Survey on industrial ...

 Business

Every security officer views remote connections to corporate systems as a potential threat. For infosec experts at industrial enterprises, and especially at critical infrastructure facilities, the threat feels very real. Every security officer views remote connections to corporate systems as a potential threat. For   show more ...

infosec experts at industrial enterprises, and especially at critical infrastructure facilities, the threat feels very real. You can’t blame them for being cautious. Industrial enterprises, for which downtime can mean damage in the millions of dollars, are tempting targets for cybercriminals of all stripes. Ransomware operators are constantly on the lookout for open RDP connections they can use to infect industrial systems. Employees with publicly known e-mail addresses often receive phishing emails with links to Trojans that provide remote access to attackers. Cybercriminals also keep an eye on HVAC operators, which sometimes connect remotely to the heating, ventilation, and air conditioning systems that operate in industrial environments. And that was before 2020. With its pandemic, varying measures of self-isolation, and global switch to remote working, this year could hardly fail to recalibrate the work of infosec departments. With that in mind, our colleagues decided to learn more about how new conditions are affecting information security, including priorities and approaches, at industrial enterprises. That entailed interviewing cybersecurity decision-makers and policy-influencers at industrial companies worldwide. Here is what they found: More than half (53%) of respondents admitted that the pandemic has caused a shift to more staff members working from home, which has become a kind of stress test for infosec services. Because of the huge number of external connections, the vast majority of companies are now carrying out periodic assessments of the security level of OT networks (all but 5% of those surveyed had such plans). Many have had to rethink their general approach to perimeter protection; it has become clear that segmentation and workstation protection are no longer enough. Only 7% of respondents stated that their cybersecurity strategy had been reasonably effective during the pandemic. To find out more about the results of the study, download the full report, “The state of industrial cybersecurity in the era of digitalization.” In addition to explaining how the pandemic has affected the work of industrial security officers, it provides insight into who influences security decisions and how, who the drivers of innovation are, and, above all, the problems cybersecurity departments faced in 2020.

image for Two Russians Charged ...

 Ne'er-Do-Well News

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice   show more ...

Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi, alleging the duo was responsible for a sophisticated phishing and money laundering campaign that resulted in the theft of $16.8 million in cryptocurrencies and fiat money from victims. Separately, the U.S. Treasury Department announced economic sanctions against Potekhin and Karasavidi, effectively freezing all property and interests of these persons (subject to U.S. jurisdiction) and making it a crime to transact with them. According to the indictments, the two men set up fake websites that spoofed login pages for the currency exchanges Binance, Gemini and Poloniex. Armed with stolen login credentials, the men allegedly stole more than $10 million from 142 Binance victims, $5.24 million from 158 Poloniex users, and $1.17 million from 42 Gemini customers. Prosecutors say the men then laundered the stolen funds through an array of intermediary cryptocurrency accounts — including compromised and fictitiously created accounts — on the targeted cryptocurrency exchange platforms. In addition, the two are alleged to have artificially inflated the value of their ill-gotten gains by engaging in cryptocurrency price manipulation using some of the stolen funds. For example, investigators alleged Potekhin and Karasavidi used compromised Poloniex accounts to place orders to purchase large volumes of “GAS,” the digital currency token used to pay the cost of executing transactions on the NEO blockchain — China’s first open source blockchain platform. “Using digital crurency in one victim Poloniex account, they placed an order to purchase approximately 8,000 GAS, thereby immediately increasing the market price of GAS from approximately $18 to $2,400,” the indictment explains. Potekhin and others then converted the artificially inflated GAS in their own fictitious Poloniex accounts into other cryptocurrencies, including Ethereum (ETH) and Bitcoin (BTC). From the complaint: “Before the Eight Fictitious Poloniex Accounts were frozen, POTEKHIN and others transferred approximately 759 ETH to nine digital currency addresses. Through a sophisticated and layered manner, the ETH from these nine digital currency addresses was sent through multiple intermediary accounts, before ultimately being deposited into a Bitfinex account controlled by Karasavidi.” The Treasury’s action today lists several of the cryptocurrency accounts thought to have been used by the defendants. Searching on some of those accounts at various cryptocurrency transaction tracking sites points to a number of phishing victims. “I would like to blow your bitch ass away, if you even had the balls to show yourself,” exclaimed one victim, posting in a comment on the Etherscan lookup service. One victim said he contemplated suicide after being robbed of his ETH holdings in a 2017 phishing attack. Another said he’d been relieved of funds needed to pay for his 3-year-old daughter’s medical treatment. “You and your team will leave a trail and will be found,” wrote one victim, using the handle ‘Illfindyou.’ “You’ll only be able to hide behind the facade for a short while. Go steal from whales you piece of shit.” There is potentially some good news for victims of these phishing attacks. According to the Treasury Department, millions of dollars in virtual currency and U.S. dollars traced to Karasavidi’s account was seized in a forfeiture action by the United States Secret Service. Whether any of those funds can be returned to victims of this phishing spree remains to be seen. And assuming that does happen, it could take years. In February 2020, KrebsOnSecurity wrote about being contacted by an Internal Revenue Service investigator seeking to return funds seized seven years earlier as part of the governments 2013 seizure of Liberty Reserve, a virtual currency service that acted as a $6 billion hub for the cybercrime world. Today’s action is the latest indication that the Treasury Department is increasingly willing to use its authority to restrict the financial resources tied to various cybercrime activities. Earlier this month, the agency’s Office of Foreign Asset Control (OFAC) added three Russian nationals and a host of cryptocurrency addresses to its sanctions lists in a case involving efforts by Russian online troll farms to influence the 2018 mid-term elections. In June, OFAC took action against six Nigerian nationals suspected of stealing $6 million from U.S. businesses and individuals through Business Email Compromise fraud and romance scams. And in 2019, OFAC sanctioned 17 members allegedly associated with “Evil Corp.,” an Eastern European cybercrime syndicate that has stolen more than $100 million from small businesses via malicious software over the past decade. A copy of the indictments against Potekhin and Karasavidi is available here (PDF).

 Incident Response, Learnings

A New Jersey man who physically installed keyloggers onto the computer networks of his rivals to steal trade secrets has been sent to prison for nearly eight years.

 Expert Blogs and Opinion

A multifaceted, targeted approach is necessary to bolster election security and protect democratic institutions in the run up to the 2020 election in the U.S., researchers argue.

 Emerging Threats

Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. As per a new study, people are mostly ignorant of how it can be used to launch digital attacks.

 Security Culture

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).

 Feed

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any   show more ...

command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

 Feed

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.

 Feed

Ubuntu Security Notice 4502-1 - It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service.

 Feed

Red Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major   show more ...

components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data.

 Feed

Ubuntu Security Notice 4501-1 - It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 4507-1 - It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service.

 Feed

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the   show more ...

broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

 Feed

Ubuntu Security Notice 4506-1 - It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks.

 Feed

Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.

 Feed

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This   show more ...

was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

 Feed

The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January. Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected

 Feed

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible

 Feed

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just

 Business + Partners

Reading Time: ~ 4 min. Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of curated data into their product   show more ...

or service. Over the years, we’ve had the good fortune to work with partners of all sizes, from global networking and security vendors to innovative and dynamic start-ups across the world. With the end-of-life of Broadcom’s Symantec RuleSpace OEM Web Classification service, we’ve received numerous inquiries from their former customers evaluating alternative solutions. Here we’ll outline the things to consider in a replacement. For more on why Webroot is poised to fill the gap left by the Broadcom, you can read the complete whitepaper here. Your use case: how well does it align with the vendor? Each use case is unique. Every vendor or service provider brings its own benefit to market and has its own idea about how their service or solution adds value for customers, clients or prospects. That’s why our adaptive business model focuses on consulting with partners on technical implementation options, spending the time to understand each business and how it may benefit from a well-architected integration of classification and/or intelligence services. Longevity and track record A key factor influencing change on the internet is innovation. Every service provider is continuously enhancing and improving its services to keep pace with changes in the threat landscape, and with general changes to the internet itself. As well as keeping up with this change, it’s important that a vendor brings a historical perspective to the partnership. This experience will come in handy in many ways. Scalability, reliability and overall business resilience should be expected from a well-established vendor. Industry recognition Fair comparative evaluations of web classification and threat intelligence providers are difficult to achieve. We can offer guidance to prospective partners, but it’s often more reassuring to simply see the strong partner relationships we have today. Many of these we’ve worked with for well over a decade. When evaluating a vendor, we recommend looking closely at current partners and imagining the investments each have made in their integrated solutions. This speaks volumes about integration performance and the quality of the partnership. Technology platform A classification or threat dataset is only as good its sources and the analytics used to parse it. Many companies offer classification and/or threat intelligence data, but the quality of that data varies significantly. Threat Intelligence Capabilities Not all our partners’ use cases require threat intelligence, but for those that do it’s critical they understand where their threat data comes from. There are now a great many sources of threat data, but again these are far from equal. Worse still, comparing source is often no simple task. Ease of integration As mentioned, every use case is unique. So are the platforms into which web classification, malware detection and threat intelligence services are integrated. It’s therefore crucial that a vendor provide flexible integration options to accommodate any pioneering partner, service provider or systems integrator. Simply providing data via an API is useful, but will it always deliver the performance required for real-time applications?  Delivering a local database of threats or classifications may help with performance, but what about new threats? Achieving a balance of flexible delivery, performance and security is crucial, so take time to discuss with potential vendors how they plan to deliver. Phishing detection Phishing sites are some of the most dynamic and short-lived attack platforms on the web, so intelligence sources must be capable of detecting and tracking them in real-time. Most phishing intelligence sources depend on manual submissions of phishing sites by end users. This is far from ideal. Users are prone to error, and for every 10,000 users who click on a phishing site only one will report it to an authority or tracking service, leading to massive under-reporting of this threat vector. Category coverage: beware category overload There are various approaches to classifying the web and different vendors specialize in different areas. In many cases, this is determined by the data sources they have access to or the markets in which they operate. Again, it’s important to evaluate the partners to whom the vendor is delivering services and to consider how the vendor may or may not add value to the partnership.  Efficacy and performance Efficacy is fundamental to web classification or threat detection capabilities, so it should be a core criterion when evaluating a vendor. Depending on the use case, false positives or false negatives may be the primary concern when making determinations. Potential vendors should be evaluated for performance in these areas and asked how they approach continuous improvement. Reliability Building any third-party service or solution into a product, platform or service entails risk. There’s always the chance the new dependency negatively affects the performance or user experience of a service. So it’s importance to ensure a vendor can reliably deliver consistent performance. Examine each’s track record and customers base, along with the use cases they’ve previously implemented. Do the vendor’s claims match the available evidence? Can current customers be contacted about their experiences with the vendor? Scalability In assessing vendors, it can be difficult to determine the level of scalability possible with their platform. It helps to ask questions about how they build and operate their services and looking for examples where they’ve responded to unexpected growth events that can help demonstrate the scaling capabilities of their platform. Be wary of smaller or upstart vendors that may have difficulty when their platform is heavily loaded or when called upon to grow faster than their existing implementation allows. Flexibility Some solutions may look technically sound, easily accessible and well-documented while a mutually agreeable business model remains elusive. Conversely, an agreeable business model may not be backed by the efficacy or quality of service that desired from a chosen vendor. Feedback loops: making the best better We’re often approached by contacts asking us for a “feed” of some kind. It may be a feed of threat data, malware information or classifications. In fact, many of our competitors simply push data for customers or partners to consume as their “product.” But this approach has inherent weaknesses. Partnership: not just a customer relationship As mentioned, we seek to build strong partnerships with mutual long-term benefit. Look for this approach when considering a vendor, knowing you’ll likely be working with them for a long time and fewer changes to your vendor lineup mean more time optimizing your products and services. Ask yourself: Who will we be working with? Do we trust them? How easy are they to get ahold of? These are critical considerations when selecting a vendor for your business. Summary We hope to have provided some food for thought when it comes to selecting an integration partner. To read the full whitepaper version of this blog, please click here. We’re always standing by to discuss prospective clients’ needs and to provide any possible guidance regarding our services. We’re here to help you craft the best possible solutions and services. Please contact us to take the next step towards an even more successful The post Key Considerations When Selecting a Web Classification Vendor appeared first on Webroot Blog.

2020-09
Aggregator history
Wednesday, September 16
TUE
WED
THU
FRI
SAT
SUN
MON
SeptemberOctoberNovember