Cloud computing is creating new challenges

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

According to Mike Kun in an article for threatpost.com:

“Cloud computing is creating new challenges among security professionals as attackers embrace the “as-a-service model”, giving unsophisticated cybercriminals a leg up in carrying out attacks.”

“This evolution creates new challenges for defenders. New technologies are constantly reshaping the business landscape, but business leaders also must consider how these can enable new attacks – or make old mitigations obsolete.

Read more

Top 5 Security Links

 

Dynamic Content Attacks and How to Mitigate them

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

“Most dynamic content attacks are launched against content delivery networks. The attacker uses networks of infected hosts or botnets to request non-cached content from the target. If enough of these requests are made, the server will be overloaded and crash.”

“Taking the right precautions is essential. Here are some steps that you can take to protect your CDN from a dynamic content attack.”

Read more …

Top 5 Security Links

 

Hackers Turn to Python as Attack Coding Language of Choice

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

 

Hackers Turn to Python as Attack Coding Language of Choice

“More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.”

Read more..

 

Top 5 Security links

 

Thousands of breached websites turn up on MagBo Black market

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

Thousands of breached websites turn up on MagBo Black market

The research team said it has shared its findings with law enforcement and victims are being notified.

A newly-discovered underground marketplace has been peddling access to more than 3,000 breached websites, catering to hackers hungry for valuable data and the ability to launch a range of attacks on unsuspecting site visitors.

Advertisements for the Russian-speaking marketplace called MagBo were first posted on a top-tier hacking forum in March, according to researchers at Flashpoint. Upon further investigation, the research team found that details for thousands of breached websites were for sale on MagBo.

“This particular market is populated by a more than a dozen vendors and hundreds of buyers who sell and take part in auctions in order to gain access to breached sites, databases and administrator panels,” said Vitali Kremez, a researcher with Flashpoint in a Wednesday post.

Top 5 Security links

5 tips for better cloud security

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Read more

Blocking cyber attacks; Why you should understand adversary playbooks

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

It’s time to get off the treadmill: Why you should understand adversary playbooks

“Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.”

Read more..

 

Top 5 Security links

Check for the Security-First Mindset Across All Teams

Check for the Security-First Mindset Across All Teams

“Embedding security as a way of life is not a one-time event. It requires ongoing education through a variety of channels. Setting the tone from executive leadership is key, but this must be reinforced by direct management and across peer groups.”

Read more..

 

Top 5 Security links

 

Security is Not a One-Person Job

Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Read more..

 

Top 5 Security links

 

TLS 1.3 – Internet Security Gets a Boost

TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

10. august marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS  is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications.

We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted.

TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet.

An Overview of TLS 1.3 – Faster and More Secure

 

Top 5 Security links

 

BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links