Broken Piggybank

Norsk Hydro lose more than NOK 300-350 millions in a week after attack

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

There’s not much news about what happened last week when Norsk Hydro was attacked by unknown cyber criminals on March 19, but the estimated costs is around NOK 300-350 million. While we don’t know exactly what happened it is confirmed that this was a ransomware virus spreading in their system, encrypting files and taking down critical systems. The ransomware in question is LockerGoga, and was officially first seen in January this year. It is unknown exactly how the virus was introduced in to Hydros systems, as the have not identified any phising-emails.

When LockerGoga has infected a system, it locks out all users from the system it just infected, and starts encrypting files. This means that it can be hard for users to even see the ransom-note that pops up on the desktop. LockerGoga also does not have any instructions on how to pay the ransom, but rather instructs the system-owner to make contact for payment and amount through email addresses.
So far this attack raises a lot of questions, as the modus operandi has never been seen before, with very sophisticated attacking capabilities and no clear agenda.
You can read more about the attack and LockerGoga on threatpost

Top 5 Security News

Change your Facebook password now!

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Oh, feet of clay!

Facebook has just admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ passwords to disk in raw, unencrypted form.

In jargon terms, they’re known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f153­1753a7c43­ab4f4faace­212451, anyone looking at the stored data will see the actual password, right there, just like that.

Like that: 123456789, or that: mypassword99, or that: jw45X$/­6FsT8.

Read more

Top 5 Security News

Why phone numbers stink as identity proof

The European Copyright Directive: What Is It, and Why Has It Drawn More Controversy Than Any Other Directive In EU History?

Extracting bitlocker keys from a TPM

Norwegian phones sent personal information to China

Hackers take down Safari, Vmware and Oracle at Pwn2Own

Flaw in popular PDF creation library enabled remote code execution

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

Password Managers Are Worth the Risk, Readers Say

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Password managers are great. They combine security with convenience by storing all your credentials in one place, allowing you to use strong, complex passwords that you don’t have to remember.” wrote Forbes in an article last week.

Threatpost did a reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

Read more

Top 5 Security News

‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

Multiple threat actors are targeting Elasticsearch Clusters

In the cloud, things aren’t always what they SIEM: Microsoft rolls out AI-driven Azure Sentinel

Dow Jones Watchlist of risky businesses exposed on public server

A Second Life For The “Do Not Track” Setting – With Teeth

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this vulnerability, but would not define any sane default values for the thresholds in question, so installation of the patch itself is not enough. The patch will only enable the options for setting threshold values, it will not set them. Luckily this is only an attack on availability, so you will know when you get attacked, and when the attack is over, a so called Denial of Service (DoS) attack. It will not affect confidentiality of data stored or integrity of the website published.

Read more

Top 5 Security News

 
 

Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

On November 30, 2018. nccgroup disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries.

Read more

Top 5 Security News

Multi-factor authentication time?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

With billions of user credentials being freely distributed online it’s high time to implement multi-factor authentication as the default way to authenticate.

Wired has written an article about the magnitude of leaks:

“Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a patched-together set of breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all.”

Read more

Top 5 Security News

Unprotected Government Server Exposes Years of FBI Investigations

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files.

The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.”

Read more

Top 5 Security News

Give Up the Ghost: A Backdoor by Another Name

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Government Communications Headquarters (GCHQ), the UK’s counterpart to the National Security Agency (NSA), has fired the latest shot in the crypto wars. In a post to Lawfare titled Principles for a More Informed Exceptional Access Debate, two of Britain’s top spooks introduced what they’re framing as a kinder, gentler approach to compromising the encryption that keeps us safe online. This new proposal from GCHQ—which we’ve heard rumors of for nearly a year—eschews one discredited method for breaking encryption (key escrow) and instead adopts a novel approach referred to as the “ghost.”

But let’s be clear: regardless of what they’re calling it, GCHQ’s “ghost” is still a mandated encryption backdoor with all the security and privacy risks that come with it.

Read more

Top 5 Security News

EU launches bug bounty programs for 15 software

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

Read more

Top 5 Security News