A picture is worth a thousand words
For More Information:
Thursday, July 30, 2015
Expert v/s Non-Expert Advice to stay safe online - In one single graph
A picture is worth a thousand words
For More Information:
TOR needs a fix - New vulnerability can help attacker to ID the website and servers the user is accessing
I hope they fix it soon.
From the Article:
An attacker can figure out which dark web site a user is trying to access by passively monitoring Tor traffic, and even reveal the identity of servers hosting sites on the Tor network.
The attack doesn’t require the decryption of any traffic—only that it be monitored —and the exploit only requires control of a node where users enter the Tor network.
When you use Tor, your connection gets encrypted and routed through three hops which form a path called a “circuit.” A circuit starts with an entry point called a “guard,” before going back into the regular internet via what are called “exit nodes.” The guard sees your IP address, and the exit node sees where the traffic’s going.
Without controlling an exit node. 88 percent of the time, the researchers were also able to identify which hidden service the user was trying to access.
For More info:
http://motherboard.vice.com/en_uk/read/researchers-unveiled-a-new-serious-vulnerability-in-tor
Wednesday, July 29, 2015
HammerToss Espionage Tool - Using Twitter + Steganoraphy
Hackers always amaze me,
Their ability to adapt and innovate is unbelievable
From the article:
Once APT29 has access to a target network and deems it worthy, it deploys Hammertoss, which communicates through URLs seeded in social media accounts—Twitter in particular—and makes use of steganography in images stored on GitHub or compromised websites to retrieve encrypted instructions.
“It’s unique in its ability to lay low, and thwart defenses.”
“When you look at the flow, from Twitter to GitHub to cloud storage, from a defender’s perspective, that’s not going to look malicious,” said Jordan Berry, threat intelligence analyst at FireEye.
“In this case, there’s no compromised infrastructure to look for and block because they created their own workaround.”
For more info:
https://threatpost.com/new-hammertoss-espionage-tool-tied-to-miniduke-gang/113996
Tuesday, July 28, 2015
Good Article on PKI Trust Models
A Good document on PKI Trust Model from SANS Reading Room
LINK:
https://www.sans.org/reading-room/whitepapers/vpns/pki-trust-models-trust-36112
Oh! now we have "Malicious" text messages and that can affect 950 million Android phones.
One thing common these days whether it is about data breach or jeeps or devices is that they affect millions (users,devices, automobiles)
From the Article
The vulnerability resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format.
All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss
For more info:
Friday, July 24, 2015
"homograph “spoofing" - ???
Techniques in which the attackers purchase domains and create emails that are similar to the victim and their correspondent. In some cases, the emails may differ by only one letter.
This article is about how Nigerian Scammers work?
Interesting to find out how thorough their planning and executions are.
It is not easy
From the article
To select their victims, the group of fraudsters peruses sites such as Alibaba in an effort to identify potential victims who reside in countries in which they already have existing bank accounts
he scammers also tend to target users who have registered accounts with free email providers, such as Yahoo!, Google and Hotmail.
Once a victim has been chosen, the fraudsters must figure out a way to deliver to them remote access tools (RATs) and other exploits.
For more details:
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-four-cs-of-a-nigerian-payment-diversion-scam/
Smartwatches - Not so-smart when it comes to security
No surprise here, the vendors are in business of selling watches so, why bother about security
From the article:
“We found that smartwatch communications are easily intercepted in 90 percent of cases, and 70 percent of watch firmware is transmitted without encryption,”
All of the watches that HP evaluated collected personal data in the form of names, addresses, birth dates, weight, gender and heart rate. Yet not one of them had adequate controls in place for ensuring the privacy and security of the collected data either while on the device or in transit.
For instance, every smartwatch that HP tested was paired with a mobile interface that lacked two-factor authentication. None of the interfaces had the ability to lock out accounts after multiple failed login attempts. A significant 40 percent of the tested products used weak cyphers at the transport layer while a full 70 percent had firmware related insecurities.
For more details:
http://www.darkreading.com/endpoint/smartwatches-could-become-new-frontier-for-cyber-attackers/d/d-id/1321452
Thursday, July 23, 2015
Did you know - A famous Computer company was formed by Two Housewives
Late 70s - Vector Graphic (rings a bell ???)
One thing sad is that the management did not listen to the design engineer,
From the Article:
Lore Harp and Carole Ely started Vector with $6,000 in capital.
In April 1977, when the Vector 1 and Apple II both launched at the West Coast Computer Faire.
More info here:
http://www.fastcompany.com/3047428/how-two-bored-1970s-housewives-helped-create-the-pc-industry
I did not know this - Windows "Disk Cleanup" now includes option to remove outdated Windows Update
IMPORTANT:
Search for "disk cleaner" and make sure you choose "run as administrator"
Something new to learn everyday.
Some use "cccleaner" but this one is part of the OS and gets an nice upgrade
Details on How to do it:
http://blogs.technet.com/b/askpfeplat/archive/2013/10/07/breaking-news-reduce-the-size-of-the-winsxs-directory-and-free-up-disk-space-with-a-new-update-for-windows-7-sp1-clients.aspx
Monday, July 20, 2015
Screen Recording tool in Windows 10
Nice to know
Hit the Windows key and G, and a popup will appear asking if you would like to open Game bar -- there are no Yes and No buttons, but check the 'Yes, this is a game' box (you will have to do this the first time you access the screen recorder in any application).
For More info:
http://betanews.com/2015/07/19/windows-10-secret-screen-recording-tool/
Workaround for a Critical Vulnerability in Windows -CVE-2015-2426
OpenType Font Driver Vulnerability - CVE-2015-2426
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
The following workarounds may be helpful in your situation:
Follow this link to implement the workaround:
https://technet.microsoft.com/library/security/MS15-078
How-To: Use Autoruns and Sigcheck with VirusTotal
We know SysInternals has a wonderful set of free tools.
The following two links show how to use two of them along with VirusTotal
Autoruns:
Shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys.
Sigcheck:
Shows file version number, timestamp information, and digital signature details, including certificate chains
How-To links from SANS:
Wednesday, July 15, 2015
Shared credentials - The Inconvenient Truth
"Credential Sharing" is one thing that really scares IT Security folks.
Even though privilege account monitoring has been around for some time, it has not been widely adopted.
Hopefully, Multi-factor authentication should provide some solace.
From the article
- Conducted among 200 of these (IT) decision-makers, the survey found that 52 percent of US-based IT employees shared credentials with contractors.
- 74 percent of those surveyed in the US reported that their organization needed to do a better job monitoring who is accessing data.
- 62 percent believe their organization has too many privileged users
For more info:
Tuesday, July 14, 2015
Free tool to keep up with the everlasting patch cycles (for home users)
We have seen non-stop release of Adobe Patches . Now, we have Microsoft and Oracle releasing patches.
How do we keep up with them.
I use a free software called "PatchMyPC.exe" .
The good news is that this is a stand-alone EXE and it does a decent job.
This tool allows software that can be exempted from Patching.
I normally exclude Chrome, Firefox and Malwarebytes (as they can be updated from within the App).
It is not a perfect solution but it can list a range of products for which patch is available and will patch them for you.
One downside is that it sometimes downloads the entire package and re-installs (instead of just the updates)
I generally run this every alternate day just to know, what tools have new updates/patches
Give it a shot.
You can get it from:
https://patchmypc.net/download
How do we keep up with them.
I use a free software called "PatchMyPC.exe" .
The good news is that this is a stand-alone EXE and it does a decent job.
This tool allows software that can be exempted from Patching.
I normally exclude Chrome, Firefox and Malwarebytes (as they can be updated from within the App).
It is not a perfect solution but it can list a range of products for which patch is available and will patch them for you.
One downside is that it sometimes downloads the entire package and re-installs (instead of just the updates)
I generally run this every alternate day just to know, what tools have new updates/patches
Give it a shot.
You can get it from:
https://patchmypc.net/download
Quad-core phones better than Octa-Core?
This is common knowledge for those who have followed server technology. Adding more processors does not mean increase in performance.
From the article:
As cores shut off, overall performance rises, particularly at the dual-core mode. With most of the chip offline, performance jumps. One potential conclusion that would explain these results is that applications are poorly threaded, which prevents them from taking advantage of higher core counts. But the fact that performance increases at the two core mark suggests something more fundamental at work — the chips in question are hitting their thermal trip points unless more cores are shut down.
As things stand, there are some benefits to quad-core devices and virtually no gains from octa-core. In a few cases, moving to more cores actually makes things worse.
For more info:
Friday, July 10, 2015
New event (that could have) happened at a ZOO near you - Credit Card Breach
Just be careful (I am not talking about the wild animals here)
From the article:
Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems.
If a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised.”
At least two dozen cities, including:
Birmingham, Ala.
Tucson, Ariz.
San Francisco, Calif.
Fresno, Calif.
Sacramento, Calif.
Colorado Springs, Colo.
Palm Desert, Calif.
Miami, Fla.
Honolulu, HI
Boise, Id.
Fort Wayne, Ind.
Louisville, Ky.
Baltimore, Md.
Battle Creek, Mich.
Apple Valley, Minn.
Cincinnati, Ohio
Tulsa, Okla.,
Pittsburgh, Penn.
Columbia, SC
Dallas, Texas
El Paso, Texas
Houston, Texas
Nashville, Tenn.
Salt Lake City, Utah
For more info:
93 PERCENT OF CLOUD SERVICES IN HEALTHCARE ARE MEDIUM TO HIGH RISK
What else to say?
From the article:
- Only 7.0% of cloud services are enterprise ready
- Undetected Insider Threats
- Employee Passwords on the Loose - 14.4% of all healthcare employees have a login credential for sale online, exposing 89.2% of organizations
- The Most Prolific Cloud User - The average employee uses 26 cloud services, but the most prolific cloud user actually employs an impressive 444 cloud services including 97 collaboration services and 74 social media services. A surprising 30.6% of these services were high-risk – much greater than the industry average of 5.6%.
For more info:
Thursday, July 9, 2015
8 FREE TOOLS FOR PENTESTING
For those in IT Security, this is not new.
For the rest, this is a small and concise article
- Metasploit
- Nessus Vulnerability Scanner
- Nmap
- Burp Suite
- OWASP ZAP
- SQLmap
- Kali Linux
- Jawfish
For More Info:
http://www.csoonline.com/article/2943524/data-protection/8-penetration-testing-tools-that-will-do-the-job.html#tk.rss_dataprotection
Sunday, July 5, 2015
Hackers Hacked - Confused?, A company that sells hacking tools has been hacked
Apparently, they know how to create hacking tools for government but, somehow failed to protect their data.
400 GB of data uploaded in torrent!!
From the article:
Hacking Team is now learning how it feels to have their internal matters exposed to the world.
Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.
Hacking Team's customers include South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia.
One such item is this invoice for 58,000 Euro to Egypt for Hacking Team's RCS Exploit Portal.
An invoice leaked with the Hacking Team cache shows that Ethiopia paid $1,000,000 Birr (ETB) for Hacking Team's Remote Control System, professional services, and communications equipment.
For more info.
Saturday, July 4, 2015
Harward University - Data Breach
Best business school does not automatically mean best security.
From the Article
Anne Margulies, Harvard’s vice president and chief information officer, sent a memo to students and faculty late Wednesday night that eight schools and administrative organizations may have been implicated in a June 19 breach.
As the breach appears to be largely email based the school is calling on certain students and faculty – anyone involved with the compromised schools – to change passwords associated with their @fas.harvard.edu accounts.
For more info:
https://threatpost.com/june-harvard-breach-hit-multiple-schools/113601
Thursday, July 2, 2015
Windows 10 - Has WiFi Sense
Makes life little easier for users but, how secure will it be?
My concern is that it is enabled by default, I prefer the opposite.
From the Article:
If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network
Wi-Fi Sense doesn’t reveal the plaintext . The password must be stored centrally by Microsoft, and is copied to a device for it to work.
The password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect.
For More information:
Subscribe to:
Posts (Atom)