Security Software & Tools Tips – August 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Vuls
* Dirhunt
* InsightIDR
* SubDomainizer
* Atomic Red Team

Vuls

Information from the Vuls website:

Vuls is open-source, agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries and Network devices based on information from NVD, OVAL, etc.

Website:

https://vuls.io/

Dirhunt

Information from the Dirhunt website:

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.

Website:

https://github.com/Nekmo/dirhunt

InsightIDR

Information from the InsightIDR website:

Rapid7 InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster, a Cloud SIEM for your modern network.

Website:

https://www.rapid7.com/products/insightidr/

SubDomainizer

Information from the SubDomainizer website:

SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.

Website:

https://github.com/nsonaniya2010/SubDomainizer

Atomic Red Team

Information from the Atomic Red Team website:

Atomic Red Team is a library of simple tests that every security team can execute to test their defenses. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

Website:

https://atomicredteam.io/

Image by vishnu vijayan from Pixabay

Security Software & Tools Tips – July 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* anevicon
* OpenVPN
* HoneyPy
* sqreen
* Dshell

anevicon

Information from the anevicon website:

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers.

Website:

https://github.com/Gymmasssorla/anevicon

OpenVPN

Information from the OpenVPN website:

OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.

Website:

https://openvpn.net

HoneyPy

Information from the HoneyPy website:

A low interaction honeypot with the capability to be more of a medium interaction honeypot.

Website:

https://github.com/foospidy/HoneyPy

sqreen

Information from the sqreen website:

Unified security monitoring and protection for modern cloud environments. Easily enable protections tailored to your stack, get unprecedented visibility into your security and scale it in production.

Website:

https://www.sqreen.com

Dshell

Information from the Dshell website:

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Website:

https://github.com/USArmyResearchLab/Dshell

Photo by Markus Spiske on Unsplash

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.

Have you ever noticed they all had at least one thing in common?

That’s OpenSSH.

Read more

Top 5 Security News

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

VLC media player gets biggest security update ever

Newly-Discovered Malware Targets Unpatched MacOS Flaw

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Tracing the Supply Chain Attack on Android

Security Software & Tools Tips – June 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Attack Surface Analyzer
* Bandit
* Infection Monkey
* NetSpot
* Splunk

Attack Surface Analyzer

Information from the Attack Surface Analyzer website:

Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.

Website:

https://github.com/microsoft/AttackSurfaceAnalyzer

Bandit

Information from the Bandit website:

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Website:

https://github.com/PyCQA/bandit

Infection Monkey

Information from the Infection Monkey website:

The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.

Website:

https://www.guardicore.com/infectionmonkey/

NetSpot

Information from the NetSpot website:

Use NetSpot to visualize, manage, troubleshoot, audit, plan, and deploy your wireless networks.

Website:

https://www.netspotapp.com/

Splunk

Information from the Splunk website:

Splunk turns machine data into answers with the leading platform to tackle the toughest IT, IoT and security challenges. Use Splunk to search, monitor, analyze and visualize machine data.

Website:

https://www.splunk.com/

Image by Pete Linforth from Pixabay

image showing kernel panic text

SACK Panic kernel bug discovered by Netflix

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Engineers at Netflix discovered three new vulnerabilities in Linux and FreeBSD kernels specific to its TCP networking implementation.

The Vulnerabilities can be used by an adversary to perform a Denial Of Service (DOS) attack against Linux and FreeBSD machines, and Redhat classifies one of them as Important and the rest as moderate. CVE-2019-11477 is the most critical of the four, and has been dubbed SACK panic since the bug is located in the way Linux kernel Selective Acknowledgment (SACK) capabilities. This vulnerability can lead to a Linux host ending in a complete kernel panic, effectively stopping all services running on that host. This vulnerability affects all Linux kernel versions from 2.6.29 and up.
All major Linux vendors have released patches for the Vulnerabilities and we strongly urge people to apply the patches as soon as they can. There are also workaround for those systems where patching is not an option, but these can lead to loss in performance.
You can read a more detailed explanation here.

 

Top 5 Security News

RAMBleed, a new side-channel attack enables attackers to read memory not belonging to them

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new side-channel attack that enables an attacker to read out physical memory belonging to other processes, named RAMBleed, is published.

RAMBleed, based on a previous side channel called Rowhammer, violates arbitrary privilege boundaries. The implications of this is numerous, and vary in severity based on the other software running on the target machine. The researchers demonstrated an attack against OpenSSH in which they used RAMBleed to leak a 2048 bit RSA key, but the exploit can read other data as well.

“It is widely assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations. We demonstrate that this assumption is incorrect, by employing Rowhammer as a read side channel.” reads the research paper. “More specifically, we show how an unprivileged attacker can exploit the data dependence between Rowhammer induced bit flips and the bits in nearby rows to deduce these bits, including values belonging to other processes and the kernel.”

Read more

Top 5 Security News

Malformed Certs make DoS on any Windows servers possible

GoldBrute bot-net brute forcing 1.5 million RDP servers

Arbitrary OS command execution vulnerability found in VIM and Neovim

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

BSides Oslo 2019 conference videos published on YouTube

2.3B Files Exposed in a Year: A New Record for Misconfigs

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Amazon S3 cloud bucket misconfigurations however have dropped dramatically.

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday.

A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data exposure. The 2.3 billion number represents an increase of more than 750 million files since 2018 – a more than a 50 percent annual increase.

The team’s research revealed that about half of the customer data, (1.071 billion files, including personal demographic information, passport scans and bank statements, job applications, personal photos, credentials for business networks and more) was exposed via the Server Message Block (SMB) protocol – a technology for sharing files first designed in 1983.

Read more

Top 5 Security News

A million devices still vulnerable to ‘wormable’ RDP hole

WordPress Slick Popup Plugin Contains Vulnerable Support Backdoor

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

AI, the Mandatory Element of 5G Mobile Security

HiddenWasp Malware Stings Targeted Linux Systems

Secretary General gives keynote speech on NATO’s adaption to cyber threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Cyber attacks are becoming more frequent, more complex and more destructive. From low-level attempts to technologically sophisticated attacks. They come from states, and non-state actors. From close to home and from very far away. And they affect each and every one of us.” said the NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference, London yesterday.

Read more

 

Top 5 Security News

UK provided evidence to 16 NATO allies of Russia hacking campaigns

Core Elastic Stack Security Features Now Available For Free Users As Well

Google Stored G Suite Users’ Passwords in Plain-Text for 14 Years

Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours

Tor Browser for Android is available through the Play Store

 

 

Security Software & Tools Tips – May 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
angr
* Brakeman
* Moloch
* OSXCollector
* Zeek

angr

Information from the angr website:

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic (“concolic”) analysis, making it applicable to a variety of tasks.

Website:

https://angr.io/

Brakeman

Information from the Brakeman website:

Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.

Website:

https://brakemanscanner.org/

Moloch

Information from the Moloch website:

Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Moloch stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.

Website:

https://molo.ch/

OSXCollector

Information from the OSXCollector website:

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

Website:

https://yelp.github.io/osxcollector/

Zeek

Information from the Zeek website:

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous many educational and scientific institutions for securing their cyberinfrastructure.

Website:

https://www.zeek.org/

Image by methodshop from Pixabay

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices.
After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again.

Read more

Top 5 Security News

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Severe Linux kernel flaw found in RDS

Thrangrycat

Security Updates Released for Adobe Flash Player, Reader, and Media Encoder

WhatsApp flaw used to install spyware by simply calling the target