5 tips for better cloud security

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Read more

Blocking cyber attacks; Why you should understand adversary playbooks

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

It’s time to get off the treadmill: Why you should understand adversary playbooks

“Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.”

Read more..

 

Top 5 Security links

Check for the Security-First Mindset Across All Teams

Check for the Security-First Mindset Across All Teams

“Embedding security as a way of life is not a one-time event. It requires ongoing education through a variety of channels. Setting the tone from executive leadership is key, but this must be reinforced by direct management and across peer groups.”

Read more..

 

Top 5 Security links

 

Security is Not a One-Person Job

Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Read more..

 

Top 5 Security links

 

TLS 1.3 – Internet Security Gets a Boost

TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

10. august marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS  is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications.

We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted.

TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet.

An Overview of TLS 1.3 – Faster and More Secure

 

Top 5 Security links

 

BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links

 

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker.

A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability.

So far, Censys.io has reported more than 170,000 active MikroTik devices infected with the CoinHive site-key used in this campaign (the site-key is the same across infections, indicating a single entity behind the attacks). The campaign is mainly targeting Brazil – but infections are growing internationally, according to Trustwave’s Secure Web Gateway (SWG) team, indicating much larger ambitions.

“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote a posting today. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”

 

Top 5 Security Links

How to defend yourself against SamSam ransomware

Backdoors keep appearing in Cisco’s routers

Reddit breach highlights limits of sms-based authentication

Attacks on industrial enterprises using RMS and Teamviewer

Amnesty International targeted by Nation-state spyware

Photo by Charles Deluvio 🇵🇭🇨🇦 on Unsplash

BF-SIRT Newsletter 2018-26

Gentoo shows off prompt and professional security response after minor breach

A weak administrator password allowed an unknown attacker to gain access to the Gentoo Linux distribution’s GitHub account and lock developers out of it. The GitHub repositories of Gentoo are only downstream mirrors from the self-hosted Gentoo.org infrastructure.

From an organizational standpoint, Gentoo’s handling of the incident was prompt and professional. Gentoo released official statements promptly detailing the nature of breach. This should be considered the standard against which organizations are judged for handling security breaches.

Top 5 Security links

Programmer tried to sell cyberweapon on dark web for $50M: Reminder to secure employees
Gartner Identifies the Top Six Security and Risk Management Trends
UK Banks Told To Show Their Backup Plans For Tech Shutdowns
Google tries to calm controversy over app developers having access to your Gmail
Why LTE and 5G networks could be affected by these new security vulnerabilities

 

(Blogpost image by Charles Deluvio 🇵🇭🇨🇦, “Front-End Development“, “Do whatever you want”-license by Unsplash)

BF-SIRT Newsletter 2018-25

Ticketmaster chat feature leads to Credit-Card Breach

Tens of thousands of people have been caught up in a data breach at Ticketmaster UK, which exposed credit-card and personal information for UK and some international customers.

The ticket-selling giant said that on Saturday it found malware within a customer chat function for its websites, hosted by Inbenta Technologies. Worryingly, the malicious code was found to be accessing an array of information, including name, address, email address, telephone number, payment details and Ticketmaster login details.

The malware managed to stay under the radar for months as well, Ticketmaster said. The breach affects those who purchased, or attempted to purchase, event tickets between September 2017 and June 23 of this year. About 5 percent of its customer base is affected, the company noted, which according to the BBC’s calculations works out to 40,000 or so victims.

Ticketmaster has since disabled the feature, which was running on Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb websites. It also said in a website notice that “forensic teams and security experts are working around the clock to understand how the data was compromised,” and said that it has notified the affected customers.

Top 5 Security links

Top 10 most abused top level domains
Google to Fix Location data leak in Google Home, Chromecast
Marketing firm Exactis leaked a personal info database with 340 million records
Botnets evolving to mobile devices
ANNOUNCING : STARTTLS everywhere: Securing hop-to-hop email delivery

BF-SIRT Newsletter 2018-24

Launching VirusTotal Monitor, a service to mitigate false positives

A new service from VirusTotal enables software developers to privately check and monitor application code against antivirus engines, in a bid to reduce false positives.
 
VirusTotal announced a new Monitor service on June 19 that could help to reduce malware false positives in software.
Since the site was founded in 2004, VirusTotal has enabled developers and antivirus vendors to check files against malware detection engines. With the new VirusTotal (VT) Monitor, software developers can now benefit from a private system where they can upload new files and have them continuously checked to see if they will be flagged as malware. The VirusTotal Monitor service is an attempt to help software developers limit false positive malware detection.

 

Top 5 Security links

“Huge” Browser Bug Enabled Malicious Websites to Retrieve Data from Other Sites You Visited
New North Korea Cyberattack Launches
Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR
New phishing scam reels in Netflix users to TLS_certified sites
Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure