Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
on September 27, 2020 at 5:00 am
Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us.
Microsoft Windows XP Source Code Reportedly Leaked Online
on September 26, 2020 at 6:23 pm
Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first
Bug Bounty FAQ: Top Questions, Expert Answers
on September 26, 2020 at 10:01 am
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.
Weekly Update 210
on September 26, 2020 at 8:26 am
Presently sponsored by: Join the Microsoft Reactor community for workshops, panels and events to expand your skillset across a range of technologies and topic areasWow, 4 years already. Regardless of where I've been in the world or the stresses that have been going on in my personal life, every single week without exception there's been a video. This makes 210 of them now, and these days they're live from a much more professional setup
What came first, the Golden Chickens or more_eggs? [Research Saturday]
on September 26, 2020 at 5:00 am
Throughout March and April, QuoIntelligence (QuoINT) observed four attacks (i.e. sightings) utilizing various tools from the Golden Chickens (GC) Malware-as-a-Service (MaaS) portfolio – they recently declassified their findings, after first notifying their clients. Further, during their analysis of the sightings, QuoIntelligence confirmed the GC MaaS Operator, Badbullzvenom, released improved variants with code updates to three tools in the service portfolio. Joining us in this week's Research Saturday to discuss the research is QuoIntelligence's Vice President of Threat Intelligence, Chaz Hobson. The research can be found here: Latest Golden Chickens MaaS Tools Updates and Observed Attacks
FortiGate VPN Default Config Allows MitM Attacks
on September 25, 2020 at 9:10 pm
The client's default configuration for SSL-VPN has a certificate issue, researchers said.
6 Things to Know About the Microsoft 'Zerologon' Flaw
on September 25, 2020 at 9:05 pm
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
Industrial Cyberattacks Get Rarer but More Complex
on September 25, 2020 at 8:17 pm
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
on September 25, 2020 at 7:37 pm
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
on September 25, 2020 at 7:20 pm
Facebook takes down three Russian networks for coordinated inauthenticity: a lot of activity but not much evident ROI. Russia calls for confidence-building measures in cyberspace. CISA detects a successful incursion into an unnamed Federal agency. Governments warn of heightened rates of cyberattacks against medical organizations. Mike Benjamin from Lumen joins us with details on Alina malware. Our guest is James Dawson with insights on how to best calibrate your security budget. And there’s a not-guilty plea in the case of the attempted bribery of a Tesla insider. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/187
Ring’s Flying In-Home Camera Drone Escalates Privacy Worries
on September 25, 2020 at 6:41 pm
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
on September 25, 2020 at 6:00 pm
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
Getting Over the Security-to-Business Communication Gap in DevSecOps
on September 25, 2020 at 5:55 pm
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
COVID-19: Latest Security News & Commentary
on September 25, 2020 at 5:10 pm
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
Blast from the past! Windows XP source code allegedly leaked online
on September 25, 2020 at 3:39 pm
Windows XP source code! Fair game to take a peek, or best to look away?
Preventing fraud during a global pandemic
on September 25, 2020 at 3:38 pm
Amongst the many challenges that Covid-19 has created and exacerbated within the business landscape, fraud has been one of the most widespread. Recent weeks have proved that scams don’t diminish during a pandemic. In fact, during this time of crisis, many fraudsters have taken advantage, targeting individuals whilst they are at their most vulnerable and The post Preventing fraud during a global pandemic appeared first on IT Security Guru.
Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks
on September 25, 2020 at 3:26 pm
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations
on September 25, 2020 at 3:01 pm
Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also
RASP 101: Staying Safe With Runtime Application Self-Protection
on September 25, 2020 at 2:40 pm
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
WannaCry Has IoT in Its Crosshairs
on September 25, 2020 at 2:00 pm
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
BrandPost: Customers Across Industries Simplify and Secure Branch Networks
on September 25, 2020 at 1:41 pm
As organizations expand their footprints in branches, stores, home offices, and a variety of other locations, they are evolving the way they manage and secure their distributed network infrastructure. At the remote edges, many companies are already using Fortinet Secure SD-WAN to deliver cost-effective, optimized wide area network (WAN) performance while ensuring enterprise-level threat protection. To help protect the internal network, access control and identity management tools continue to proliferate, increasing cost and complexity. To read this article in full, please click here
Who is Tech Investor John Bernard?
on September 25, 2020 at 1:21 pm
John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.
Town Sports International Data Breach Exposed Personal Information of 600,000 Members
on September 25, 2020 at 12:50 pm
An unsecured server belonging to the popular Town Sports fitness chain has exposed over 600,000 customers and staff members’ personal information. Customer and employee records were stored in an unsecured Amazon S3 bucket, and included: • Full names• Street addresses• Phone numbers• Email addresses• Last four digits of credit cards• Credit card expiration dates• Billing
The Windows XP and Windows Server 2003 source code leaks online
on September 25, 2020 at 12:35 pm
Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online. Do they pose a risk?
Seven out of ten CISOs fear that cyberwarfare is an impending threat
on September 25, 2020 at 11:25 am
A global report by Bitdefender recently found that seven out of ten CISOs (71%) fear that cyberwarfare is an impending threat to their organisation, while more than a fifth (22%) of these CISOs confess to not having a plan in place to defend against such risks. These findings are incredibly alarming, especially after the recent The post Seven out of ten CISOs fear that cyberwarfare is an impending threat appeared first on IT Security Guru.
Facebook takes down accounts linked to Russian interference in US election
on September 25, 2020 at 11:05 am
Facebook has removed three networks of fake accounts, suspected to be linked to Russian intelligence organisation leaking documents in the effort to meddle in the US election. Facebook has said the accounts were suspended for using fake identities as well as beaching other inauthentic behaviours. These accounts have been linked to Russian intelligence organisation in The post Facebook takes down accounts linked to Russian interference in US election appeared first on IT Security Guru.
Israeli intelligence helps deter hacking attempts in UAE
on September 25, 2020 at 11:01 am
On Tuesday the UAE Head of NCSC Muhammad Al-Kuwaiti reported that the intel that Israel are sharing has helped to deter and amend any hacking attempts. For the first time the Israeli and UAE cyber chiefs, al-Kuwaiti and Israel National Cyber Directorate (INCD) Chief Yigal Unna, appeared at a virtual conference at Tel Aviv University. The post Israeli intelligence helps deter hacking attempts in UAE appeared first on IT Security Guru.
Preventing insider threats: What to watch (and watch out) for
on September 25, 2020 at 10:00 am
September is officially National Insider Threat Awareness Month (NIATM) and the theme of this year’s NIATM is resilience. Of all the digital threats facing organizations, the insider threat can be the most vexing to tackle given how uncomfortable it can feel to suspect one’s own colleagues of wrongdoing. It’s challenging to set up systems and processes that might catch well-regarded peers or superiors in a harmful act.To read this article in full, please click here(Insider Story)
ISC StormCast for Friday, September 25th 2020
on September 25, 2020 at 2:40 am
Party in Ibiza with PowerShellhttps://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/ Microsoft Tracking Zerologon Exploitshttps://twitter.com/MsftSecIntel/status/1308941504707063808 Apple Patcheshttps://support.apple.com/en-us/HT201222 Instagram for Android Vulnerabilityhttps://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
Malware Attacks Declined But Became More Evasive in Q2
on September 24, 2020 at 10:40 pm
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
on September 24, 2020 at 9:55 pm
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
Feds Hit with Successful Cyberattack, Data Stolen
on September 24, 2020 at 8:47 pm
The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.
Cisco Patch-Palooza Tackles 29 High-Severity Bugs
on September 24, 2020 at 8:21 pm
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.
Critical Instagram Flaw Could Let Attackers Spy on Victims
on September 24, 2020 at 8:20 pm
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
on September 24, 2020 at 7:40 pm
Zerologon is being actively exploited in the wild. The OldGremlin ransomware gang picks on Russian targets. Thought Fancy Bear was done with NATO? (Think again.) The US Treasury Department sanctions more organizations and individuals for malign influence operations. Betsy Carmelite from BAH on vaccine laboratory cybersecurity. Our guest is Shena Tharnish from Comcast Business with insights for small businesses concerned with COVID-19 related phishing. And four of the defendants indicted in the eBay cyberstalking case have chosen their pleas. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/186
SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!
on September 24, 2020 at 6:59 pm
If you got someone else's "free offer" in what looked like a misdirected message, would you take a peek?
Free Apple iPhone 12? Chatbot Scam Spreads Via Texts
on September 24, 2020 at 6:11 pm
Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device.
Solving the Problem With Security Standards
on September 24, 2020 at 6:00 pm
More explicit threat models can make security better and open the door to real and needed innovation.
Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw
on September 24, 2020 at 5:00 pm
Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft's warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.
CrowdStrike Agrees to Acquire Preempt Security for $96M
on September 24, 2020 at 4:40 pm
CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.
CrowdStrike Agrees to Acquire Preemptive Security for $96M
on September 24, 2020 at 4:40 pm
CrowdStrike plans to use Preemptive Security's conditional access technology to strengthen its Falcon platform.
Microsoft Warns of Attackers Now Exploiting 'Zerologon' Flaw
on September 24, 2020 at 4:15 pm
The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild.
Alien Android Banking Trojan Sidesteps 2FA
on September 24, 2020 at 3:46 pm
A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.
Why an increase in remote worker VPN use risks enterprise security
on September 24, 2020 at 2:48 pm
For many of us, our home has become our workplace over the past few months, and a full return to the office still appears a remote prospect. The COVID-19 pandemic has proved that employees from across different industries can work efficiently from home. A recent PwC Survey found that 84% of employees feel able to The post Why an increase in remote worker VPN use risks enterprise security appeared first on IT Security Guru.
Microsoft warns hackers are actively targeting Zerologon vulnerability. Patch pronto!
on September 24, 2020 at 2:02 pm
If there are active attacks in the wild, if the DHS is ordering federal agencies to defend themselves, and if Zerologon is so easy to exploit, don't you think your business should be patching itself as soon as possible?
Since Remote Work Isn't Going Away, Security Should Be the Focus
on September 24, 2020 at 2:00 pm
Instagram photo flaw could have helped hackers spy via users’ cameras and microphones
on September 24, 2020 at 12:22 pm
A critical vulnerability in Instagram's Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. Read more in my article on the Tripwire State of Security blog.
Government Services Firm Tyler Technologies Hit by Ransomware
on September 24, 2020 at 12:03 pm
Tyler Technologies, the self-proclaimed largest provider of US public sector software and technology services, is struggling with a cyberattack that disrupted many of its operations. As of yesterday, the official website tylertech.com is offline, and a maintenance notice greets users accessing the page: “Our Tyler Technologies corporate website is temporarily unavailable. We are aware of
SAP ASE leaves sensitive credentials in installation logs
on September 24, 2020 at 12:00 pm
SAP users should deploy the patches for Adaptive Server Enterprise (ASE) released last month because the server fails to clear credentials from persistent installation logs. Even though the credentials are encrypted or hashed, researchers warn that attackers can easily decrypt them to gain full access to a sensitive monitoring component.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]Previously known as Sybase SQL Server, the SAP Adaptive Server Enterprise (ASE) is a high-performance relational database with on-premise and cloud deployment options. The product is used by over 30,000 organizations worldwide, including over 90% of the world's top 50 banks.To read this article in full, please click here
Facebook removes over 150 accounts linked to Philippine military
on September 24, 2020 at 11:02 am
Facebook has removed several accounts linked to the Philippines military and police for breaching the social media platform’s government interference guidelines. A full investigation of these accounts was brought to Facebook’s attention after information was brought to them by Rappler, an independent news sources in the Philipines. The operation has been linked back to those The post Facebook removes over 150 accounts linked to Philippine military appeared first on IT Security Guru.
Have more RSS feeds to add to the list? Contact me. Thanks!