Feed aggregator

Infocon: green

ISC Stormcast For Wednesday, May 22nd 2019 https://isc.sans.edu/podcastdetail.html?id=6508
Categories: Security Posts

Automotive Ethernet—Full-Stack Conformance Testing

BreakingPoint Labs Blog - 1 hour 15 min ago
Ethernet is the evolved communication layer for automobiles To overcome in-car network speed…
Categories: Security Posts

Exploiting PHP Phar Deserialization Vulnerabilities - Part 1

BreakingPoint Labs Blog - 1 hour 15 min ago
Understanding the Inner-Workings INTRODUCTION Phar deserialization is a relatively new vector for…
Categories: Security Posts

What is ‘Metadata’ and why does it matter?

BreakingPoint Labs Blog - 1 hour 15 min ago
In the information technology world, metadata is a term you’ll often hear thrown around in many…
Categories: Security Posts

Subscriber-Aware Session Monitoring: The ABCs of Network Visibility

BreakingPoint Labs Blog - 1 hour 15 min ago
This blog is another in a series devoted to exploring critical aspects of network visibility. The…
Categories: Security Posts

Technology Changes Are Creating Significant Challenges for Higher Education

BreakingPoint Labs Blog - 1 hour 15 min ago
The education sector is undergoing significant change. National enrollment for higher education has…
Categories: Security Posts

What to do when traffic overwhelms your monitoring tools

BreakingPoint Labs Blog - 1 hour 15 min ago
Growing traffic volume is a challenge for NetOps and SecOps as they work to ensure high-quality…
Categories: Security Posts

The Best Way To Optimize Load Balancing for Inline Security Appliances

BreakingPoint Labs Blog - 1 hour 15 min ago
In today’s 24x7, “always on” world, the company’s data network must be as reliable as possible.…
Categories: Security Posts

What is Port Scanning?

BreakingPoint Labs Blog - 1 hour 15 min ago
Port scanning is the one of the oldest mechanisms used in network security scanning, service…
Categories: Security Posts

Mirai is still alive and using multiple old exploits on home routers

BreakingPoint Labs Blog - 1 hour 15 min ago
Ixia’s Application Threat Intelligence (ATI) security researchers continue to hunt for the latest…
Categories: Security Posts

Key Findings of the Ixia Security Report

BreakingPoint Labs Blog - 1 hour 15 min ago
Ixia just released its third annual security study—the Ixia 2019 Security Report. This report…
Categories: Security Posts

ISC Stormcast For Wednesday, May 22nd 2019 https://isc.sans.edu/podcastdetail.html?id=6508, (Tue, May 21st)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Talos releases coverage for 'wormable' Microsoft vulnerability

Cisco Talos - Tue, 2019/05/21 - 23:25
Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708.

The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — formerly known as Terminal Services.

The vulnerability requires no user interaction and is pre-authentication. Microsoft specifically warned against this bug because it is "wormable," meaning future malware that exploits this vulnerability could spread from system to system. One of the most infamous examples of a worm was the WannaCry malware, which disabled major services across the globe in May 2017. An attacker could exploit this vulnerability by sending a specially crafted request to the target system's Remote Desktop Service via RDP.

Snort rule 50137 covers indicators associated with this vulnerability. You can learn more about this release at the Snort blog here.
Categories: Security Posts

Beers with Talos Ep. #53: Shiny happy election security (and ninjas)

Cisco Talos - Tue, 2019/05/21 - 23:24


Beers with Talos (BWT) Podcast Ep. #53 is now available. Download this episode and subscribe to Beers with Talos:
If iTunes and Google Play aren't your thing, click here.
Recorded May 10, 2019 — Election security has been a dominant headline for some time, so it’s high time we take a look at what that landscape looks like — where we are today, and how we got there in the first place. (Hint: there were deeper unintended consequences than Shiny Happy People on REM’s “Out of Time” album.) We anticipate gathering some first-time listeners due to the topic of this podcast... to you we say welcome, and yes, it’s always like this.

Matt kicks us off today discussing the greatest nerd rock band of all time: Ninja Sex Party. If you haven’t heard of them, you are in the wrong and should fix that quickly.
The timeline:
  • 00:45 — Roundtable: The Dark Times are here, so we present to you, Ninja Sex Party.
  • 16:15 — Election Security background: Let’s start with secret restaurants and smoking pineapples
  • 22:30 — Thanks, Stipe. How REM set us up to fail, and what’s under the hood of the US voting system
  • 38:00 — Where we are now versus even a couple years ago
  • 53:40 — Closing thoughts and parting shots
Some other links:==========

Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).

Hosted by Mitch Neff (@MitchNeff).

Subscribe via iTunes (and leave a review!)
Check out the Talos Threat Research Blog
Subscribe to the Threat Source newsletter
Follow Talos on Twitter
Give us your feedback and suggestions for topics: beerswithtalos@cisco.com

Categories: Security Posts

Google Has Stored Some Passwords in Plaintext Since 2005

Wired: Security - Tue, 2019/05/21 - 23:14
On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.
Categories: Security Posts

Windows 10 May 2019 Update now rolling out to everyone… slowly

ArsTechnica: Security Content - Tue, 2019/05/21 - 22:50
Enlarge (credit: David Holt / Flickr) To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate and a much less aggressive rollout to Windows Update. That rollout starts today. While you previously needed to be in the Insider Program (or have a source such as an MSDN subscription) to download and install version 1903, it's now open to everyone through Windows Update. However, Windows users are unlikely to see the update automatically installed for many months. Initially, only those who explicitly visit Windows Update and click "Check for Updates" will be offered version 1903, and even then, they'll have to explicitly choose to download and install the update. This is part of Microsoft's attempt to make Windows Update less surprising: feature updates are offered separately from regular updates because feature updates take a long time to install and regular updates don't (or at least, they shouldn't). This installation experience requires the use of version 1803 or 1809, and it also requires the most recent monthly patch, which is also released today. Read 3 remaining paragraphs | Comments
Categories: Security Posts

Network Flow Monitoring: The ABCs of Network Visibility

BreakingPoint Labs Blog - Tue, 2019/05/21 - 19:46
This is another in a series of blogs on the important concepts of network managment. Today's topic…
Categories: Security Posts

Veracode Announces New DevOps Penetration Testing Service

Zero in a bit - Tue, 2019/05/21 - 15:45
DevSecOps can be challenging for many organizations when you consider all the areas of the DevOps process that require security testing. Organizations that begin to shift security “left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to most organizations and are more recently starting to become “mainstream.” For example, we’re seeing more customers adopting microservices, utilizing cloud storage through Amazon S3, MongoDB, and Elasticsearch, deploying applications using containers, and managing those containers with newer orchestration technology like Kubernetes. These new technologies allow faster development, but also come with the side effect of introducing a new attack surface and different types of vulnerabilities. Like any new technology, systems within a DevOps environment are often deployed insecurely and misconfigured. This makes the requirement to conduct security testing on the DevOps environment more important than ever. Moreover, what about the developers themselves from a security awareness perspective? What might they be discussing with peers on online forums, leaving in code repositories, or other areas on the Internet that may make their applications and the organization more susceptible to targeted phishing attacks, data leaks, and breaches that we hear about in the news on almost a daily basis? What Is Veracode DevOps Penetration Testing? Automating security testing is a key concept when building out a DevOps process and should not be overlooked. However, there is still a need for penetration testing in a DevOps environment. Penetration testing provides something that automation cannot -- the attacker’s perspective. Building upon our strong application penetration testing service and highly skilled team, Veracode DevOps Penetration Testing provides testing above and beyond the application to include the operations and infrastructure components of applications. Technologies that can be in scope for this type of testing include, but are not limited to:
  • Containers like Docker and Kubernetes orchestration
  • Microservices and related interactions
  • CI tool environments like Hudson and Jenkins
  • Cloud infrastructure (AWS, Azure) and cloud storage databases
  • Network infrastructure related to application deployment and configuration management
The Importance of Open Source Intelligence and DevOps Veracode DevOps Penetration Testing also provides Open Source Intelligence (OSINT) analysis as part of every DevOps Penetration Test we perform. This analysis identifies misconfigured cloud storage databases such as AWS S3 buckets, Elasticsearch, MongoDB instances, and others. If you haven’t been paying attention to the news, misconfigured cloud storage databases are some of the largest sources of data leaks and breaches we see today*. In addition, we also leverage OSINT techniques to find vulnerabilities in the infrastructure that may leave your organization and applications exposed. As part of this process, testers will also look into the activities of the developers themselves. Our testing checks to see if developers are practicing proper security measures. For example, we will analyze GitHub repositories looking for exposed credentials, locating sensitive data related to app development, and seeing what’s being discussed about an organization’s applications within popular public developer forums like Stack Overflow. DevOps and Security Compliance Security compliance does not magically go away when organizations “shift left.” That’s why Veracode DevOps Penetration Testing can be used to meet compliance requirements for PCI DSS 11.3 as well as GDPR Article 32 in the European Union. This requirement is also important for those organizations that need to comply with GDPR outside of the EU. GDPR Article 32 covers “Security of processing,” which requires that the data controller and processor implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” **. Penetration testing can help meet this new compliance requirement. Veracode Is a Complete DevOps Testing Solution Veracode DevOps Penetration Testing combined with Veracode’s static, dynamic, SCA, and application penetration testing provides the most comprehensive testing available for a DevOps environment in the market today. Contact your Veracode Sales or Services representative for more details on how to get started with your first Veracode DevOps Penetration Testing engagement. Learn more about Veracode DevOps Penetration Testing here.   * https://www.zdnet.com/article/unsecured-server-exposes-data-for-85-percent-of-all-panama-citizens/ https://www.hipaajournal.com/misconfigured-secure-cloud-storage-services/ https://www.scmagazine.com/home/opinions/data-breaches-caused-by-misconfigured-servers/ ** http://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm
Categories: Security Posts

Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage

Cisco Talos - Tue, 2019/05/21 - 15:00















Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two critical advisories: one covering Microsoft Live accounts and another addressing updates to Adobe Flash Player.

This month’s security update covers security issues in a variety of Microsoft’s products, including the Scripting Engine, the Microsoft Edge web browser and GDI+. For more on our coverage of these bugs, check out the Snort blog post here, covering all of the new rules we have for this release.

Critical vulnerabilitiesMicrosoft disclosed 22 critical vulnerabilities this month, seven of which we will highlight below.

CVE-2019-0884, CVE-2019-0911 and CVE-2019-0918 are memory corruption vulnerabilities that exist in the scripting engine when it handles objects in memory in Microsoft browsers. These bugs could corrupt memory in a way that an attacker could gain the ability to remotely execute code in the context of the current user. An attacker could exploit these vulnerabilities by either tricking the user into opening a specially crafted web page while using a Microsoft web browser, or by embedding an ActiveX control marked "safe for initialization" in a specific application or Microsoft Office document that utilizes the browser rendering engine.

CVE-2019-0903 is a remote code execution vulnerability in the GDI+ API. An attacker could use the vulnerability to take complete control of the system and execute, install and delete programs in the context of the current user. An attacker could exploit this bug by tricking a user into visiting a specially crafted, malicious web page or by convincing them to open a malicious email attachment.

CVE-2019-0926 is a memory corruption vulnerability in Microsoft Edge that exists when the web browser improperly accesses objects in memory. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted web page in Edge. This would eventually allow the attacker to corrupt memory in a way that they could then remotely execute code in the context of the current user.

CVE-2019-0929 is a memory corruption vulnerability in Microsoft Internet Explorer that exists in the way the web browser handles objects in memory. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted web page in Internet Explorer. This would eventually allow the attacker to corrupt memory in a way that they could then remotely execute code in the context of the current user.

CVE-2019-0708 is a remote code execution vulnerability in Remote Desktop Services – formerly known as Terminal Services. The vulnerability requires no user interaction and is pre-authentication. Microsoft specifically warned against this bug because it makes the vulnerability "wormable," meaning future malware that exploits this vulnerability could spread from system to system. An attacker could exploit this vulnerability by sending a specially crafted request to the target system's Remote Desktop Service via RDP. Snort rule 50137 coverages indicators associated with this vulnerability.

The other critical vulnerabilities are:
Important vulnerabilitiesThis release also contains 55 important vulnerabilities, one of which we will highlight below.

CVE-2019-0885 is a remote code execution vulnerability in Windows OLE that exists when OLE fails to properly validate user input. An attacker could exploit this bug in a way that would allow them to execute malicious code on the system. This bug can be exploited when a user opens a specially crafted file or program, leading Windows to execute the desired code.

The other important vulnerabilities are:
Moderate vulnerabilityThere is one moderate vulnerability, CVE-2019-0971, an information disclosure vulnerability in Azure DevOps.
Coverage In response to these vulnerability disclosures, Talos is releasing the following SNORTⓇ rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

Snort rules: 50068 - 50091, 50115 - 50119, 50120 - 50122, 50137
Categories: Security Posts

M0d2377ba4f5077062407de4a743baf673

AlienVault Blogs - Tue, 2019/05/21 - 15:00
M1d2377ba4f5077062407de4a743baf673
Categories: Security Posts
Syndicate content