The strengths and weaknesses of different VPN protocols

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

VPN history starts back in 1996, when a Microsoft employee started developing the Peer to Peer Tunneling Protocol (PPTP).  In 1999, the specification was published.

Since then, VPN protocol technology has evolved and, at the moment, there are five widely used VPN protocols.

A breakdown of these five VPN protocols complete with their pros and cons is key to understanding VPN protocols in depth.

Read more

Top 5 Security News

‘Highly Critical’ Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

DNS over HTTPS is coming whether ISPs and governments like it or not

‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy

Source Code for CARBANAK Banking Malware Found On VirusTotal

Britain ‘Approves’ Huawei role in building ‘non-core’ parts for 5G Network

Image by Stefan Coders from Pixabay

 

Security Software & Tools Tips – April 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Ghidra
* Angry IP Scanner
* Maltego
* Detectify
* Autopsy

Ghidra

Information from the Ghidra website:

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

Website:

https://github.com/NationalSecurityAgency/ghidra

Angry IP Scanner

Information from the Angry IP Scanner website:

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

Website:

https://angryip.org/

Maltego

Information from the Maltego website:

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Website:

https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php

Detectify

Information from the Detectify website:

Detectify performs automated security tests on your web application and databases and scans your assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfiguration.

Website:

https://detectify.com

Autopsy

Information from the Autopsy website:

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Website:

https://www.sleuthkit.org/autopsy/

Photo by chris panas on Unsplash

Microsoft confirms Outlook.com and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more

 

Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by rawpixel.com from Pexels

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

540 Million Facebook User Records Found On Unprotected Amazon Servers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

It’s been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

…the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Read more

 

Top 5 Security News

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

Windows 10 Insider Build 18362.30 Released to Fix Boot Breaking Bug

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Privacy Is Just the First Step, the Goal Is Data Ownership

Security Software & Tools Tips – March 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Venom
* Nishang
* Kautilya
* Burp Suite
* MISP

Venom

Information from the Venom website:

Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes.

Website:

https://github.com/Dliv3/Venom

Nishang

Information from the Nishang website:

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing,

Website:

https://github.com/samratashok/nishang

Kautilya

Information from the Kautilya website:

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests.

Website:

https://github.com/samratashok/Kautilya

Burp Suite

Information from the Burp Suite website:

Burp Suite is the leading software for web security testing_
Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report. Burp Suite constantly raises the bar of what security testing is able to achieve.

Website:

https://portswigger.net/

MISP

Information from the MISP website:

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.

Website:

https://www.misp-project.org/

Photo by Jordan Harrison on Unsplash

Broken Piggybank

Norsk Hydro lose more than NOK 300-350 millions in a week after attack

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

There’s not much news about what happened last week when Norsk Hydro was attacked by unknown cyber criminals on March 19, but the estimated costs is around NOK 300-350 million. While we don’t know exactly what happened it is confirmed that this was a ransomware virus spreading in their system, encrypting files and taking down critical systems. The ransomware in question is LockerGoga, and was officially first seen in January this year. It is unknown exactly how the virus was introduced in to Hydros systems, as the have not identified any phising-emails.

When LockerGoga has infected a system, it locks out all users from the system it just infected, and starts encrypting files. This means that it can be hard for users to even see the ransom-note that pops up on the desktop. LockerGoga also does not have any instructions on how to pay the ransom, but rather instructs the system-owner to make contact for payment and amount through email addresses.
So far this attack raises a lot of questions, as the modus operandi has never been seen before, with very sophisticated attacking capabilities and no clear agenda.
You can read more about the attack and LockerGoga on threatpost

Top 5 Security News

THE BANK THAT CAN SLEEP WELL AT NIGHT

MedMera Bank was looking for a partner who could take responsibility for the operation of the bank’s payment flow systems and meet extremely high standards of security and availability. The choice fell on Basefarm, which since 2015 has had overall responsibility for operation of the bank’s central payment system.

When in 2015 MedMera Bank saw a need to upgrade its operations environment, it sought a supplier that could meet the very high standards of security, delivery and availability that apply in the payment world.

“We also needed a partner who was proactive and kept up with the constant development of the industry,” says Carita Weiss, CIO of MedMera Bank.

Following a long procurement and evaluation process involving several possible operations providers, the choice finally fell on Basefarm and its PCI DSS hosting platform in Sweden.

Read the whole customer case here – MedMera Bank costumer case

Do you want to know more about about our SOC?

Basefarm Security Operation Center

What is a security operation center and why do you need it?

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

Password Managers Are Worth the Risk, Readers Say

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Password managers are great. They combine security with convenience by storing all your credentials in one place, allowing you to use strong, complex passwords that you don’t have to remember.” wrote Forbes in an article last week.

Threatpost did a reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

Read more

Top 5 Security News

‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

Multiple threat actors are targeting Elasticsearch Clusters

In the cloud, things aren’t always what they SIEM: Microsoft rolls out AI-driven Azure Sentinel

Dow Jones Watchlist of risky businesses exposed on public server

A Second Life For The “Do Not Track” Setting – With Teeth