Thought you deleted your iPhone photos?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Twice a year, an international contest called Pwn2Own – the Olympic Games of competitive hacking, if you like – gives the world’s top bug-hunters a chance to show off their skills.

The word pwn, if you aren’t familiar with it already, is hacker jargon for “own”, as in “owning” someone’s computer – and, with it, their data – by taking control of it behind their back.

In case you’re wondering, pwn is a deliberate mis-spelling, based on the fact that O and P are adjacent on most keyboards. In theory, therefore, it should be read aloud as own, the word it denotes, in much the same way that the word St is read aloud as saint, or Mr as mister. In practice, however, it’s pronounced pone – just treat it as own with a p- added in front.

Like the Olympics, which alternates every two years between summer and winter sports, Pwn2Own alternates between desktop hacking at the start of the year, and mobile device hacking at the end.

Top 5 Security links

258,000 encrypted IronChat phone messages cracked by police

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Police in the Netherlands announced on Tuesday that they’ve broken the encryption used on an cryptophone app called IronChat.

The Dutch police made the coup a while ago. They didn’t say when, exactly, but they did reveal that they’ve been quietly reading live communications between criminals for “some time.” At any rate, it was enough time to read 258,000 chat messages: a mountain of information that they expect to lead to hundreds of busts.

Already, the breakthrough has led to the takedown of a drug lab, among other things, according to Aart Garssen, Head of the Regional Crime Investigation Unit in the east of the Netherlands. He was quoted in the press release:

Top 5 Security links

Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly to prepare and position themselves for possible future of cyber warfare, using Energy and Utilities as important elements.

Typically over the course of several months the attackers patiently use already installed tools on systems, living off the land, to grab documentation and observe operator behaviors. Performing lateral movement to expand access, while take care to not set of common alarm bells.

United States DHS computer emergency readiness team released an alert known as TA18-074A in March 2018 regarding this.

PDF

Top 5 Security links

Half of Execs Feel Unprepared to Respond to a Cyber-Incident.

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

According to Tara Seals in an article for threatpost.com:

“Half of Execs Feel Unprepared to Respond to a Cyber-Incident.”

Nearly half (46 percent) of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event.

Read more

Top 5 Security Links

 

Cloud computing is creating new challenges

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

According to Mike Kun in an article for threatpost.com:

“Cloud computing is creating new challenges among security professionals as attackers embrace the “as-a-service model”, giving unsophisticated cybercriminals a leg up in carrying out attacks.”

“This evolution creates new challenges for defenders. New technologies are constantly reshaping the business landscape, but business leaders also must consider how these can enable new attacks – or make old mitigations obsolete.

Read more

Top 5 Security Links

 

Dynamic Content Attacks and How to Mitigate them

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

“Most dynamic content attacks are launched against content delivery networks. The attacker uses networks of infected hosts or botnets to request non-cached content from the target. If enough of these requests are made, the server will be overloaded and crash.”

“Taking the right precautions is essential. Here are some steps that you can take to protect your CDN from a dynamic content attack.”

Read more …

Top 5 Security Links

 

Hackers Turn to Python as Attack Coding Language of Choice

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

 

Hackers Turn to Python as Attack Coding Language of Choice

“More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.”

Read more..

 

Top 5 Security links

 

Thousands of breached websites turn up on MagBo Black market

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

Thousands of breached websites turn up on MagBo Black market

The research team said it has shared its findings with law enforcement and victims are being notified.

A newly-discovered underground marketplace has been peddling access to more than 3,000 breached websites, catering to hackers hungry for valuable data and the ability to launch a range of attacks on unsuspecting site visitors.

Advertisements for the Russian-speaking marketplace called MagBo were first posted on a top-tier hacking forum in March, according to researchers at Flashpoint. Upon further investigation, the research team found that details for thousands of breached websites were for sale on MagBo.

“This particular market is populated by a more than a dozen vendors and hundreds of buyers who sell and take part in auctions in order to gain access to breached sites, databases and administrator panels,” said Vitali Kremez, a researcher with Flashpoint in a Wednesday post.

Top 5 Security links

5 tips for better cloud security

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Read more

Blocking cyber attacks; Why you should understand adversary playbooks

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

It’s time to get off the treadmill: Why you should understand adversary playbooks

“Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.”

Read more..

 

Top 5 Security links