Unprotected Government Server Exposes Years of FBI Investigations

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files.

The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.”

Read more

Top 5 Security News

Give Up the Ghost: A Backdoor by Another Name

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Government Communications Headquarters (GCHQ), the UK’s counterpart to the National Security Agency (NSA), has fired the latest shot in the crypto wars. In a post to Lawfare titled Principles for a More Informed Exceptional Access Debate, two of Britain’s top spooks introduced what they’re framing as a kinder, gentler approach to compromising the encryption that keeps us safe online. This new proposal from GCHQ—which we’ve heard rumors of for nearly a year—eschews one discredited method for breaking encryption (key escrow) and instead adopts a novel approach referred to as the “ghost.”

But let’s be clear: regardless of what they’re calling it, GCHQ’s “ghost” is still a mandated encryption backdoor with all the security and privacy risks that come with it.

Read more

Top 5 Security News

EU launches bug bounty programs for 15 software

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

Read more

Top 5 Security News

What is the Australian Anti-Encryption Bill?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The Australian “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, was passed on the 6th of December, and it’s expected that it becomes law in early 2019. This new bill allows Australian law enforcement to force tech giants such as Google, Facebook, WhatsApp, Amazon and Microsoft to help them access encrypted information.

With this bill, the Australian government and law enforcement agencies will be able to tell tech companies to do to assist in obtaining encrypted data by doing things like remove electronic protection, installing existing software or build new capabilities to decrypt communications. Those companies that would not comply are set to face massive financial penalties.

Read more

 

Top 5 Security News

 

 

4 Industries That Have to Fight the Hardest Against Cyberattacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Security Affairs gives you some insight to which industries that have to fight the hardest against cyberattacks…

“Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees.”

Read more

 

Top 5 Security News

 

Virtual Session from the RSA Conference: The 5 Most Dangerous New Attack Techniques, and What’s To Come

 

DNSpionage and how to mitigate DNS tunneling

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back with the attackers.

The DNS redirection part of the attack was done by compromising nameservers, and then pointing hostnames under the nameservers control to IPs of the attackers choosing. The attacker used LetsEncrypt and was in that way able to set up perfectly valid HTTPS copies of any sites.

DNS tunneling is where data are encapsulated within a DNS query and its reply, often using base64 encoding. As long as a server is able to perform domain name lookups it is able to exfiltrate data in this manner. This can also be used, with some preparation, if you find yourself in an airports WIFI or such, to proxy legitimate traffic and bypass and “signup”-requirement the WIFI might have.

This covert channel can be hard to detect, if the malware minimize the bandwidth used. If used as a proxy for larger amounts of data it will be possible to detect a significant change in the amount of DNS-queries and the size of the queries. A modern IDS or next generation firewall should be able to detect this out of the box today. Another way of mitigating is to use the split horizon DNS concept, resolving internal IPs normally, but external IPs resolving to a proxy server that can have the capability of checking the DNS information further.

Top 5 Security News

Thought you deleted your iPhone photos?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Twice a year, an international contest called Pwn2Own – the Olympic Games of competitive hacking, if you like – gives the world’s top bug-hunters a chance to show off their skills.

The word pwn, if you aren’t familiar with it already, is hacker jargon for “own”, as in “owning” someone’s computer – and, with it, their data – by taking control of it behind their back.

In case you’re wondering, pwn is a deliberate mis-spelling, based on the fact that O and P are adjacent on most keyboards. In theory, therefore, it should be read aloud as own, the word it denotes, in much the same way that the word St is read aloud as saint, or Mr as mister. In practice, however, it’s pronounced pone – just treat it as own with a p- added in front.

Like the Olympics, which alternates every two years between summer and winter sports, Pwn2Own alternates between desktop hacking at the start of the year, and mobile device hacking at the end.

Top 5 Security links

258,000 encrypted IronChat phone messages cracked by police

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Police in the Netherlands announced on Tuesday that they’ve broken the encryption used on an cryptophone app called IronChat.

The Dutch police made the coup a while ago. They didn’t say when, exactly, but they did reveal that they’ve been quietly reading live communications between criminals for “some time.” At any rate, it was enough time to read 258,000 chat messages: a mountain of information that they expect to lead to hundreds of busts.

Already, the breakthrough has led to the takedown of a drug lab, among other things, according to Aart Garssen, Head of the Regional Crime Investigation Unit in the east of the Netherlands. He was quoted in the press release:

Top 5 Security links

Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly to prepare and position themselves for possible future of cyber warfare, using Energy and Utilities as important elements.

Typically over the course of several months the attackers patiently use already installed tools on systems, living off the land, to grab documentation and observe operator behaviors. Performing lateral movement to expand access, while take care to not set of common alarm bells.

United States DHS computer emergency readiness team released an alert known as TA18-074A in March 2018 regarding this.

PDF

Top 5 Security links

Half of Execs Feel Unprepared to Respond to a Cyber-Incident.

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

According to Tara Seals in an article for threatpost.com:

“Half of Execs Feel Unprepared to Respond to a Cyber-Incident.”

Nearly half (46 percent) of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event.

Read more

Top 5 Security Links