Posts

Microsoft confirms Outlook.com and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more

 

Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by rawpixel.com from Pexels

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this vulnerability, but would not define any sane default values for the thresholds in question, so installation of the patch itself is not enough. The patch will only enable the options for setting threshold values, it will not set them. Luckily this is only an attack on availability, so you will know when you get attacked, and when the attack is over, a so called Denial of Service (DoS) attack. It will not affect confidentiality of data stored or integrity of the website published.

Read more

Top 5 Security News

 
 

Unprotected Government Server Exposes Years of FBI Investigations

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files.

The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.”

Read more

Top 5 Security News

DNSpionage and how to mitigate DNS tunneling

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back with the attackers.

The DNS redirection part of the attack was done by compromising nameservers, and then pointing hostnames under the nameservers control to IPs of the attackers choosing. The attacker used LetsEncrypt and was in that way able to set up perfectly valid HTTPS copies of any sites.

DNS tunneling is where data are encapsulated within a DNS query and its reply, often using base64 encoding. As long as a server is able to perform domain name lookups it is able to exfiltrate data in this manner. This can also be used, with some preparation, if you find yourself in an airports WIFI or such, to proxy legitimate traffic and bypass and “signup”-requirement the WIFI might have.

This covert channel can be hard to detect, if the malware minimize the bandwidth used. If used as a proxy for larger amounts of data it will be possible to detect a significant change in the amount of DNS-queries and the size of the queries. A modern IDS or next generation firewall should be able to detect this out of the box today. Another way of mitigating is to use the split horizon DNS concept, resolving internal IPs normally, but external IPs resolving to a proxy server that can have the capability of checking the DNS information further.

Top 5 Security News

Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly to prepare and position themselves for possible future of cyber warfare, using Energy and Utilities as important elements.

Typically over the course of several months the attackers patiently use already installed tools on systems, living off the land, to grab documentation and observe operator behaviors. Performing lateral movement to expand access, while take care to not set of common alarm bells.

United States DHS computer emergency readiness team released an alert known as TA18-074A in March 2018 regarding this.

PDF

Top 5 Security links

Dynamic Content Attacks and How to Mitigate them

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

“Most dynamic content attacks are launched against content delivery networks. The attacker uses networks of infected hosts or botnets to request non-cached content from the target. If enough of these requests are made, the server will be overloaded and crash.”

“Taking the right precautions is essential. Here are some steps that you can take to protect your CDN from a dynamic content attack.”

Read more …

Top 5 Security Links

 

5 tips for better cloud security

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Read more

Blocking cyber attacks; Why you should understand adversary playbooks

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

It’s time to get off the treadmill: Why you should understand adversary playbooks

“Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.”

Read more..

 

Top 5 Security links

Security is Not a One-Person Job

Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Read more..

 

Top 5 Security links