Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for The Pied Piper of Ha ...

 Business

Contrary to popular opinion, fairy tales and folk legends were not invented as entertainment, but to teach children (and adults) important lessons in an easy-to-understand form. Since time immemorial, storytellers have woven cybersecurity tips into their tales, hoping to make the Internet (which they foresaw) a safer   show more ...

place. For example, the story of Little Red Riding Hood is a warning about MitM-type attacks, and Snow White foreshadows government-sponsored APT campaigns. The list goes on. Unfortunately, humankind continues to repeat the same mistakes with manic persistence, ignoring the obvious lessons of fairy tales. Another striking example of this is the legend of the Pied Piper of Hamelin. The Pied Piper of Hamelin As is often the case with truly old tales, several versions have been handed down to us, all of them variations on the same basic theme. The essential plot goes something like this: The German town of Hamelin is infested with rats, which eat food supplies, attack people and domestic animals, and generally cause an almighty nuisance. Unable to cope, the local authorities hire the services of a specialist in the form of a fancily dressed rat-catcher, who uses a magic pipe to lure the rats out of the town and into the nearby river, where they drown. Afterward, the miserly mayor refuses to fulfill his side of the deal, and offers the rat-catcher, aka the Pied Piper, a far lower remuneration than was stipulated in the contract. The Piper says nothing. Instead, he takes his revenge by using his magic pipe again, this time to lure the children of Hamelin away in the same manner he did with the rats. The ending depends on when the narrator lived and how optimistic they were (usually not very). The children are either drowned in the Weser River like the rats, are taken deep into the Koppenberg hills, or (in the most recent and least gloomy rendering) go beyond the hills to a distant land where they found a city. The meaning behind the allegory Curiously, the incident is given a precise date: June 26, 1284. The legend was first recorded in the town chronicles in 1375, after which it was rewritten and retold several times, acquiring extra details and embellishments in the process. Most of the details have clear politic or religious motivations. Some versions focus on the greed of the citizens of Hamelin; others openly demonize the figure of the Piper. We shall skip the medieval prejudices of the day and focus on the basic facts. Attacks on Hamelin The way we see it, Hamelin’s infrastructure comes under attack from unknown malicious actors. They literally devour material assets (grain) and information (legal documents), and threaten the health of local residents. No detailed description of the attack has survived, but it’s likely that the attackers were referred to as “rats” because they used a Remote Access Tool (or Remote Access Trojan), both abbreviated as RAT. In general, such tools/Trojans can be used for all kinds of dirty work, because they give attackers full access to a victim’s system. Hired specialist At first, the town residents try a cat-based solution to protect their endpoints, but when that method proves ineffective, they engage a third-party expert who knows about a vulnerability in the attackers’ RAT. Targeting the vulnerability, he assembles a powerful cyberweapon to take remote control of the RAT operators’ computers, turning them into a kind of botnet. Having penetrated them all, the Piper successfully neutralizes the threat. Targeting civilians After the RAT attack is defeated, the authorities unwisely fail to honor their contract with the specialist. Most versions of the legend mention financial disagreements, but that is impossible to verify, of course. Whatever the case, it turns out the same vulnerability is present in the devices the town’s children use. Regrettably, the tale does not provide technical details to explain why the same threat works against both RAT operators and ordinary members of the public. Let’s assume it was a vulnerability in something ubiquitous (for example, some popular application-level network protocol used for remote access to network resources). Nor is it entirely clear why the so-called adults in the tale are not affected by the vulnerability. Perhaps the word “children” in the story refers not to underage users, but to a new generation of devices with a more recent operating system that developed a vulnerability after a botched update of the aforementioned protocol. Either way, the finale is tragic: The Piper performs the same botnet trick — only not on RAT operators this time, but on the town’s youngsters. The Pied Piper of Hamelin in modern times The preceding is highly reminiscent of the story of the Shadow Brokers hacker group and the EternalBlue exploit leak, which led to the WannaCry outbreak as well as several other ransomware epidemics. If I had read the tale of the Pied Piper of Hamelin only after the EternalBlue leak, no doubt I would have taken it as a report, albeit an allegorical one, on that incident. The storyline is indeed identical: A government organization commissions the development of a powerful cyberweapon that is then unexpectedly used against the inhabitants of that same country. We can attribute this remarkable coincidence to history’s habit of developing in a spiral. Obviously, sixteenth-century German infosec experts were already aware of the problem and tried to warn their descendants (us) of the dangers of government-sponsored cyberweapons programs, which one day might be turned against civilian users — with nasty consequences.

 Malware and Vulnerabilities

Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras.

 Trends, Reports, Analysis

The tactic of data exfiltration and extortion, which has become especially prevalent in ransomware attacks, puts additional pressure on schools to pay hefty ransoms to protect student privacy.

 Threat Intel & Info Sharing

The U.S. government’s malware analysis report includes technical details about how the malware works, indicators of compromise (IoC) and recommendations for securing systems against such threats.

 Malware and Vulnerabilities

The critical Android vulnerability, CVE-2019-2234, which was patched last year, could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.

 Computer, Internet Security

Amazon Web Services (AWS) has made available three new S3 (Simple Storage Service) security and access control features: Object Ownership, Bucket Owner Condition, and Copy API via Access Points.

 Threat Actors

Unit 42 researchers observed a new variant of the Black-T cryptojacking malware, associated with the TeamTNT group, targeting vulnerable Docker daemon APIs.

 Feed

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

 Feed

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

 Feed

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

 Feed

HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE   show more ...

instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.

 Feed

HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake   show more ...

GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.

 Feed

Ubuntu Security Notice 4572-1 - Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 4567-1 - It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters.

 Feed

Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP   show more ...

Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4565-1 - It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service.

 Feed

Ubuntu Security Notice 4564-1 - It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service.

 Feed

Red Hat Security Advisory 2020-4185-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a   show more ...

wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2020-4187-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a   show more ...

wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

 Feed

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI (or Unified Extensible Firmware Interface) containing a malicious implant, making it the second known public case where a UEFI rootkit has been used in the wild. According to Kaspersky, the

 Law & order

Anti-virus veteran John McAfee has been arrested in Spain on US tax evasion charges. According to the US Department of Justice, McAfee is charged with failing to file tax returns despite making millions of dollars promoting cryptocurrencies.

 Business + Partners

Reading Time: ~ 4 min. Like many of the technologies we discuss on this blog—think phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just getting a whole lot better. And that has scary implications for both private citizens and businesses alike. The term “deepfakes,” coined by a Reddit   show more ...

user in 2017, was initially most often associated with pornography. A once highly trafficked and now banned subreddit was largely responsible for developing deepfakes into easily created and highly believable adult videos. “This is no longer rocket science,” an AI researcher told Vice’s Motherboard in an early story on the problem of AI-assisted deepfakes being used to splice celebrities into pornographic videos. The increasing ease with which deepfakes can be created also troubles Kelvin Murray, a senior threat researcher at Webroot. “The advancements in getting machines to recognize and mimic faces, voices, accents, speech patterns and even music are accelerating at an alarming rate,” he says. “Deepfakes started out as a subreddit, but now there are tools that allow you to manipulate faces available right there on your smartphone.” While creating deepfakes used to require good hardware and a sophisticated skillset, app stores are now overflowing with options creating them. In terms of technology, they’re simply a specific application of machine learning technology, says Murray. “The basics of any AI system is that if you throw enough information at it, itcan pick it up. It can mimic it. So, if you give it enough video, it can mimic a person’s face. If you give it enough recordings of a person, it can mimic that person’s voice.” There are several ways deepfakes threaten to redefine the way we live and conduct business online. Deepfakes as a threat to privacy A stolen credit card can be cancelled. A stolen identity, especially when it’s a mimicked personal attribute, is much more difficult to recover. The hack of a firm dedicated to developing facial recognition technology, for instance, could be a devastating source of deepfakes. “So many apps, sites and platforms host so many videos and recordings today. What happens when they get hacked? Will the breach of a social media platform allow a hacker to impersonate you,” asks Murray. Businesses must be especially careful about the data they collect from customers or users, asking both if it’s necessary to collect and if it can be stored safely afterwards. If personal data must be collected, security must be a top priority, and not only for ethical reasons. Governments are starting to enact some strict regulations and doling out some stiff fines for data breaches. Ultimately, Murray thinks those governments may need to weigh in more heavily on the threat of deepfakes as they become even more indistinguishable from reality. “We’re not going to stop this technology. It’s here. But people need to have the discussion about where we’re heading. In the same way GDPR was created to protect people’s data, we’re going to need to have a similar conversation about deepfakes leading to a different kind of identity theft.” Deepfakes as a cybersecurity threat to businesses It’s important to note the ways in which deepfakes can be used to target businesses, not just to spoof individuals. “These business-related instances aren’t too common yet,” says Murray. “But we’re at the beginning of a wave right now in terms of AI-enabled threats against businesses. A late 2019 attack against a U.K. energy firm could be a sign of scary things to come. Rather than video, this attack took advantage of voice-spoofing technology to pose as an executive’s manager, insisting he wire nearly $250 thousand to a “supplier” immediately. In the aftermath of the scam, the victim reported being convinced by both the accent and the rhythm of the fake speech pattern. To safeguard against what could be a rising attack method, Murray recommends businesses understand what deepfakes are capable of and follow best practices for avoiding fraud, no matter the technology. “Have well-defined protocol for changing account details and signing off on any invoices,” he advises “Train financial and accounting teams especially rigorously on these protocols and encourage them to pick up the phone and double-check when anything seems strange or off. In these days of increased working from home it’s also tougher for financial staff to walk up to other finance or sales colleagues and make informal double checks.” Deepfakes and misinformation campaigns Soon after deepfakes went mainstream, implications for politics and the weaponization of misinformation became clear, prompting the U.S. Senate to address the issue in 2018. While initially used to humiliate or extort people, mostly women, malicious actors began to see them as a way to sway public opinion or sow chaos. Deeptrace, a company dedicated to uncovering deepfakes, has noted instances where manipulated video was used to promote social discord and scandal across the globe. “Deepfakes further undermine our ability to believe what we read, and now even watch, on the internet,” says Murray. This leads to widespread distrust, especially on issues where understanding is crucial, like the coronavirus pandemic, where misinformation is bountiful. To combat misinformation, Murray advises to keep in mind how much of it is out there. Always consider the source of the information you’ve received before acting on it, especially if it makes you angry or elicits some other strong emotional response. Deepfakes will likely make the internet even more difficult to rely on as a source of information in the years to come. But reducing their impact starts with understanding how far they’ve come and what they’re capable of. To learn more on Deepfakes and misinformation, listen to the podcast. The post It’s Time to Talk Seriously About Deepfakes and Misinformation appeared first on Webroot Blog.

2020-10
Aggregator history
Tuesday, October 06
THU
FRI
SAT
SUN
MON
TUE
WED
OctoberNovemberDecember