Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cybersecurity errors ...

 Business

Many families spend the holidays watching favorite movies together, in lots of cases the same ones year after year, making Christmas and New Year’s traditions. Some people love Christmas comedies, others favor melodramas. As for me, my favorite Christmas movie is Die Hard. After all, 60% of John McClane’s   show more ...

encounters with terrorists take place on Christmas Eve, and I’m far from the only person associating the action classic with the holiday. Sure, with Live Free or Die Hard (aka Die Hard 4.0), we got a plot really focused on critical infrastructure cybersecurity — and we’ll come to that in due course — but look closely and you’ll see plenty of examples of both good and shocking cybersecurity in the first movie as well. After all, the Nakatomi Corporation uses the most cutting-edge technologies of the day: a mainframe that synchronizes with Tokyo-based servers, a computerized lock on the vault, and even a touch-screen information terminal in the lobby (don’t forget, we’re talking 1988 here). Physical security at Nakatomi Plaza Security issues jump out right from the start. John McClane, our protagonist, enters the building and addresses the security guard, mentioning only the name of his wife, whom he came to see. He never says his own name or shows any form of ID. Even providing his wife’s name shouldn’t get him in, though; their marriage is on the rocks and she’s reverted to using her maiden name at work. Instead of challenging the intruder, the careless guard simply points him in the direction of the information terminal, then the elevators. So, basically anyone can enter the building. What’s more, as the action progresses, we repeatedly see non-password-protected computers in the building, all open to evil-maid attacks. Access to engineering systems It is not long before criminals enter the building, kill the guards (just two are on watch Christmas eve), and take control of the building. Naturally, all of the engineering systems in Nakatomi Plaza are controlled from one computer, which is in the security room, right next to the entrance. The sole hacker among the terrorists, Theo, taps a few keys and bam, the elevators and escalators stop working and the garage is blocked off. The computer is already on (although the room is empty) and has no protection against unauthorized access — the screen isn’t even locked! For a company employee (in the security department) to leave the screen unlocked is simply unforgivable. Network security The first thing that the terrorists demand from the president of Nakatomi Trading is the password for the company’s mainframe. Takagi, thinking the villains are after information, drops an interesting tidbit about the company’s security practices: Come morning in Tokyo, he says, any data the attackers gain access to will be changed, undermining blackmail attempts. We can draw two conclusions from that: Nakatomi’s information systems in Tokyo keep track of who gains access to what and when. That is a fairly well-implemented security system. (Of course, it’s possible Mr. Takagi is bluffing.) Moreover, Takagi seems to have absolutely no knowledge of time zones. In Los Angeles, night has just fallen (the intruders enter the building at dusk, and during the conversation in question, we can see through the window that it’s dark out). Therefore, it’s got to be at least 10:30 the next morning in Tokyo. Nakatomi’s workstation security The gangsters explain that they aren’t exactly terrorists, and they’re interested in access to the vault, not information. Takagi refuses to give the code, suggests the villains fly to Tokyo to try their luck there, and dies for his efforts. Murder aside, the interesting bit lies elsewhere. A close-up of Takagi’s workstation reveals that its operating system, Nakatomi Socrates BSD 9.2 (clearly a fictional descendant of the Berkeley Software Distribution), requires two passwords: Ultra-Gate Key and Daily Cypher. As the names suggest, one is static and the other changes daily. Right here is a shining example of two-factor authentication, at least by 1988 standards. Access to the vault Seven locks protect the vault. The first is computerized, five are mechanical, and the last is electromagnetic. If hacker Theo is to be believed, he’ll need half an hour to crack the code of the first lock, then two to two-and-a-half hours to drill through the mechanical ones. The seventh automatically activates at that point, and its circuits cannot be cut locally. Leaving aside that highly dubious notion (my physics may be rusty, but electricity is usually supplied through wires, which can always be cut), let’s move on to the next glaring flaw: If the vault security system can send a signal to activate a lock, why can’t it notify the police about an unauthorized entry attempt? Or at least sound an alarm? Sure, malefactors cut the telephone lines, but the fire alarm manages to transmit a signal to 911. Ignoring that, it’s quite interesting to watch how Theo cracks the code. Inexplicably, on the first computer he tries, he gains access to the personal file of the (unnamed) chairman of the investment group, including information about his military service. Remember that in 1988, the Internet as we know it does not exist, so the information is likely stored on Nakatomi’s internal network, in a shared folder. According to information in the file, this unnamed military man served in 1940 on the Akagi (a real Japanese aircraft carrier) and took part in several military operations including the attack on Pearl Harbor. Why would such information be stored publicly on the corporate network? Weird — especially because the aircraft carrier also serves as a hint for the password to the vault! The same computer helpfully translates Akagi into English as Red Castle, and wouldn’t you know it, that’s the password. Maybe Theo did a ton of homework and got lucky, but even in theory, the process went awfully quickly. It’s not clear how he knew in advance that he could do it in half an hour. Here, the scriptwriters must have forgotten about Daily Cypher, the regularly changed, and thus more interesting, second password. The lock opens without it. Social engineering The criminals occasionally employ social-engineering techniques on the guards, fire department, and police. From a cybersecurity perspective, the call to 911 warrants particular attention. McClane triggers the fire alarm, but the intruders preemptively call the rescue service, introduce themselves as security guards, and cancel the alarm. A little later, information about Nakatomi Plaza — in particular, telephone numbers and a code presumably for canceling the fire alarm — appears on a 911 computer screen. If the attackers were able to recall the fire-fighting crew, they got that code from somewhere. And the guards were already dead, so the code must have been written down and kept somewhere nearby (judging by the promptness of the recall). That’s not recommended practice. Practical takeaways Don’t let strangers in, even on Christmas Eve, and especially if the building is full of computers holding valuable information. Periodically remind employees to lock their computers. Better still, set systems to lock automatically after a short duration. Taking part in a cybersecurity awareness course is also an excellent idea. Don’t share documents containing password hints, or store them in shared locations. Use randomly generated, hard-to-guess passwords for access to highly valuable data. Store passwords (and alarm cancellation codes) securely, not on paper notes. Postscript We were initially going to look at both Christmas movies in the series, but having rewatched Die Hard 2, we concluded that it’s really about a fundamental failure in the airport information infrastructure architecture. The terrorists dig up the conduit lines running under a nearby church and seize control of all airport systems, including the control tower. Back in 1990, some of those systems would not have been computerized at all. Alas, it is not possible to get to the bottom of it without a detailed in-movie explanation, but everyone’s too busy dying (hard or otherwise) to provide one.

image for DHS Looking Into Cyb ...

 Business

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post DHS Looking Into Cyber Risk from TCL Smart TVs   show more ...

appeared first on The Security Ledger. Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVs

image for Update: DHS Looking ...

 Business

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post Update: DHS Looking Into Cyber Risk from TCL   show more ...

Smart TVs appeared first on The Security...Read the whole entry... » Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVs

 Laws, Policy, Regulations

NIS 2 seeks to promote voluntary cyberthreat information sharing by directing Member States to ensure that covered entities can share cyberthreat information among themselves to improve cybersecurity.

 Geopolitical, Terrorism

While the US has not publicly identified the attackers, Reuters reported that "three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack."

 Companies to Watch

"We reached a point where it was time to consider being part of a larger organization that could help our company grow long term," said Base2 co-founders Edward Wright and Michael Curry.

 Govt., Critical Infrastructure

Under the current existing "dual-hat" arrangement, the posts of CYBERCOM commander and NSA director are held by one individual. Right now, that person is General Paul Nakasone.

 Breaches and Incidents

Officials from the City of Ellensburg announced that it was the victim of a cyberattack. The city is now working with both local and federal law enforcement to better understand the issue.

 Malware and Vulnerabilities

Actors are using malicious RubyGems packages in a supply chain attack to steal cryptocurrency from potential victims. Such attempts by cyber adversaries signal growing threats from various software components.

 Expert Blogs and Opinion

New technologies such as cyber fusion are enhancing security automation further by supporting end-to-end orchestration between machines and humans within a single unified environment, with minimal manual intervention.

 Incident Response, Learnings

Google said one of its automated tools used to manage the quota of various resources allocated for services contained a bug that caused error in authentication results, leading to the service outage.

 Feed

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

 Feed

Red Hat Security Advisory 2020-5656-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5664-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include buffer overflow, bypass, and improper authorization vulnerabilities.

 Feed

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.

 Feed

CSE Bookstore version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Alper Basaran in October of 2020.

 Feed

Red Hat Security Advisory 2020-5649-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

 Feed

Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability. A shell upload vulnerability in this version was originally discovered in May of 2020 by Kishan Lal Choudhary.

 Feed

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

 Feed

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the

 Feed

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their

 Security threats

EXMO says that it is the latest in a longer line of cryptocurrency exchanges to have suffered at the hands of hackers, having spotted suspicious activity in the early hours of yesterday morning, where client's accounts were accessed and large amounts withdrawn.

 Business + Partners

Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. That is, when you get it just right. Thanks to the disruptions to “normal” work routines that COVID-19 has brought, launching a company-wide training program to teach end users how   show more ...

to avoid phishing scams and online risks is a big challenge. Unfortunately, COVID-19 has also brought a major acceleration in phishing activity. With so many office employees working outside the safety of corporate network protections, you can see why the need for training has never been more critical. But there’s another issue: training is outside the skillset for most IT admins, and the level of effort to set up and run a program of training courses, compliance accreditations and phishing simulations can be daunting. To help you get started, here are our top 5 recommendations for starting your security awareness program so you can maximize the impact of your efforts. Get buy-in from stakeholders. While you probably already have some combination of security tools in place, such as endpoint protection, DNS or web filtering, etc., the 2020 Verizon Data Breach Investigations Report states that phishing and social engineering are still the primary tactics used in successful cybersecurity breaches. Make sure your stakeholders understand these threats. Send an email introducing the program to management and clearly explain the importance of educating users and measuring and mitigating your risk of exposure to phishing and other social engineering attacks. Start with a baseline phishing campaign.When you run your first phishing campaign, you establish your starting point for measuring and demonstrating improvement over time. (You can also use this real-world data to accurately show the need for improvement to any still-skeptical stakeholders.) Ideally this initial campaign should be sent to all users without any type of forewarning or formal announcement, including members of leadership teams. Make sure to use an option that simply shows a broken link to users who click through, instead of alerting them to the campaign, so you can prevent word-of-mouth between employees from skewing the results. Set up essential security and compliance training.Create training campaigns to cover essential cybersecurity topics including phishing, social engineering, passwords and more. Establish which compliance courses are appropriate (or required) for your organization and which employees need to complete them. Establish a monthly phishing simulation and training cadence.Repetition and relevance are key for a successful security awareness training program. By setting up a regular simulation and training schedule, you can more easily measure progress and keep an eye on any high-risk users who might need extra attention. Using our shorter 4-5-minute modules in between more substantial training is an effective tactic to keep security top of mind while avoiding user fatigue. And if you can’t run phishing simulations monthly, strive for a quarterly cadence. If you get pushback on sending emails to everyone, then we recommend you prioritize testing users who failed the previous round. Communicate resultsA great way to raise awareness and increase the impact of your phishing campaigns is to share the results across the organization. Keep in mind, the goal is to capitalize on collective engagement and share aggregate results, not to call out individuals. (Your “offenders” will recognize themselves anyway – no need to call them out!) The critical piece is that seeing the statistics on where the organization stands as a whole.  After the baseline phishing simulation, send out an email to all employees with the results and the reasoning for the campaign. Communicating these numbers will not only help show improvement over time, it’ll also demonstrate the value of the program overall and reinforce to employees that cyber resilience isn’t just IT’s job – it’s a responsibility we all share. Although there are numerous other tips and tricks that can help ensure the success of your security awareness training program, these are our top five basic pieces of advice to get you on your way. When you follow these steps, it won’t take long to see the very real returns on your training investment. For more detailed tips on how you can put Webroot® Security Awareness Training to work to improve your business’ cyber resilience posture, view our white paper. The post How to Build Successful Security Awareness Training Programs in 2021 and Beyond appeared first on Webroot Blog.

2020-12
Aggregator history
Tuesday, December 22
TUE
WED
THU
FRI
SAT
SUN
MON
DecemberJanuaryFebruary