Microsoft confirms Outlook.com and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more

 

Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by rawpixel.com from Pexels

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

540 Million Facebook User Records Found On Unprotected Amazon Servers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

It’s been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

…the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Read more

 

Top 5 Security News

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

Windows 10 Insider Build 18362.30 Released to Fix Boot Breaking Bug

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Privacy Is Just the First Step, the Goal Is Data Ownership

Security Software & Tools Tips – March 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Venom
* Nishang
* Kautilya
* Burp Suite
* MISP

Venom

Information from the Venom website:

Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes.

Website:

https://github.com/Dliv3/Venom

Nishang

Information from the Nishang website:

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing,

Website:

https://github.com/samratashok/nishang

Kautilya

Information from the Kautilya website:

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests.

Website:

https://github.com/samratashok/Kautilya

Burp Suite

Information from the Burp Suite website:

Burp Suite is the leading software for web security testing_
Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report. Burp Suite constantly raises the bar of what security testing is able to achieve.

Website:

https://portswigger.net/

MISP

Information from the MISP website:

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.

Website:

https://www.misp-project.org/

Photo by Jordan Harrison on Unsplash

Broken Piggybank

Norsk Hydro lose more than NOK 300-350 millions in a week after attack

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

There’s not much news about what happened last week when Norsk Hydro was attacked by unknown cyber criminals on March 19, but the estimated costs is around NOK 300-350 million. While we don’t know exactly what happened it is confirmed that this was a ransomware virus spreading in their system, encrypting files and taking down critical systems. The ransomware in question is LockerGoga, and was officially first seen in January this year. It is unknown exactly how the virus was introduced in to Hydros systems, as the have not identified any phising-emails.

When LockerGoga has infected a system, it locks out all users from the system it just infected, and starts encrypting files. This means that it can be hard for users to even see the ransom-note that pops up on the desktop. LockerGoga also does not have any instructions on how to pay the ransom, but rather instructs the system-owner to make contact for payment and amount through email addresses.
So far this attack raises a lot of questions, as the modus operandi has never been seen before, with very sophisticated attacking capabilities and no clear agenda.
You can read more about the attack and LockerGoga on threatpost

Top 5 Security News

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

Password Managers Are Worth the Risk, Readers Say

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Password managers are great. They combine security with convenience by storing all your credentials in one place, allowing you to use strong, complex passwords that you don’t have to remember.” wrote Forbes in an article last week.

Threatpost did a reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

Read more

Top 5 Security News

‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

Multiple threat actors are targeting Elasticsearch Clusters

In the cloud, things aren’t always what they SIEM: Microsoft rolls out AI-driven Azure Sentinel

Dow Jones Watchlist of risky businesses exposed on public server

A Second Life For The “Do Not Track” Setting – With Teeth

Security Software & Tools Tips – February 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* IBM QRadar
* Snyk
* Haven
* HashiCorp Vault
* Nikto

IBM QRadar

Information from the IBM Qradar website:

QRadar Community Edition is a free version of QRadar that is based off of our core enterprise SIEM. Users, students, security professionals, and app developers are encouraged to download QRadar Community Edition to learn and become familiar with QRadar.

Website:

https://developer.ibm.com/qradar/ce/

Snyk

Information from the Snyk website:

A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.

Website:

https://snyk.io/

Haven

Information from the Haven website:

Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders, and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act.

Website:

https://guardianproject.github.io/haven/

HashiCorp Vault

Information from the HasiCorp Vault website:

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Website:

https://www.vaultproject.io/

Nikto

Information from the Nikto website:

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Website:

https://cirt.net/Nikto2

Photo by MILKOVÍ on Unsplash

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this vulnerability, but would not define any sane default values for the thresholds in question, so installation of the patch itself is not enough. The patch will only enable the options for setting threshold values, it will not set them. Luckily this is only an attack on availability, so you will know when you get attacked, and when the attack is over, a so called Denial of Service (DoS) attack. It will not affect confidentiality of data stored or integrity of the website published.

Read more

Top 5 Security News

 
 

8 security trends 2019

True to tradition, Basefarm’s Head of Security Operation has looked deep into his crystal ball to see what the new year holds. Here are 8 security trends to look out for in 2019.

1. Workforce gap necessitates different solutions

According to the (ISC)2 organisation, we have a shortage of three million cybersecurity professionals. Without the shortfall, the organisation’s 138,000 membership would be even larger. Europe alone has a workforce gap of 147,000. The shortfall calls for a different approach to meeting security needs, for example, through competence-sharing with other enterprises or security operations centres (SOC).

2. DDoS attacks are becoming less common but more powerful

Distributed Denial of Service (DDoS) attacks is a major worry. Initially, this type of attack was designed to sabotage, but the aim nowadays is often to steal important data and then blackmail the victims. The trend among perpetrators is not to spread their efforts widely, but rather to focus the attacks more aggressively.

3. Cryptojacking less risky for the attackers than DDoS

The downside for the bad guys of DDoS and many other cyberattacks is the risk of discovery. For this reason, many are turning to cryptojacking instead. Cryptojacking involves infiltrating a large number of computers in order to “mine” cryptocurrency. It is a quick way for cybercriminals to earn money, by getting thousands of computers to work for them for free. There’s no obvious damage done and many people are scarcely aware of the extra processing power and electricity used. If the victims discover the intrusion, they will often just be content to block access.

4. IoT made for trouble

The security issues linked to IoT are not new, but the trend is from bad to worse. This is caused, in simple terms, by a steep rise in sales of IoT gizmos. Not only are unit sales increasing, but more manufacturers are also trying to join in the fun. Not all of them take security as seriously as the established big brands. The key concerns here are configuration errors, default passwords and a lack of upgrade options.

5. And you thought GDPR was strict? Now NIS is on the way

GDPR sets a deadline to notify impacted individuals of 72 hours from detection of a data breach. Looking the other way and detecting nothing is not a solution. Businesses therefore need to monitor infrastructure and logs using an in-house or external SIRT (Security Incident Response Team). In certain sectors, breach reporting needs to be done within 24 hours. Key aspects of the NIS Directive apply from November 2018. A lot of businesses will need to get their heads round this.

6. Safer in an unlit back alley than online

According to the UK’s Office for National Statistics, you are 30 times more likely to be robbed online than in ‘real’ life. With people’s purses and wallets containing little more than easily blocked credit cards, street robbery is going out of fashion. Money is moving over to cyberspace, with the thieves hot on its tail.

7. Decryption is sneaking up from down under

The Australian Anti-Encryption Bill was passed on 6 December 2018 and comes into force early in 2019. Under the legislation, the law enforcement authorities can oblige the tech giants like Google, Facebook, WhatsApp, Amazon and Microsoft to grant them access to encrypted data. The measures include removing electronic protection, installing existing decryption software and developing new software. Serious financial penalties await non-compliant companies

8. IT pros and the white hats strike back

Some of the largest and best-known cyberhacks have been down to sloppy IT practices. The black hat hackers are becoming more sophisticated, but so too are the white hat hackers and other infosec professionals aswell/too. Measures that go a long way to protect enterprises include scanning applications and fixing detected vulnerabilities, two-factor/multifactor authentication, more user names and long passwords, patching/installation of security updates and controlling user curiosity about funny-looking emails.

SEE ALSO: Star Wars – good versus evil – white hats against black hats.

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .