Your Mobile Device knows more about you than you know about yourself so, do you wipe it carefully before getting rid of it?

Information stored on Mobile devices can include can information

• Where you live, work, and places you frequently visit
• The contact details for everyone in your address book and applications, including family, friends, and coworkers
• Call history, including inbound, outbound, and missed calls
• SMS (texting), voice, and multimedia messages
• Chat sessions within applications like secure chat, games, and social media
• Location history based on GPS coordinates or cell tower history
• Web browsing history, search history, cookies, and cached pages
• Personal photos, videos, audio recordings, and emails
• Stored passwords and access to personal accounts, such as your online bank or email
• Access to photos, files, or information stored in the Cloud
• Any health-related information, including your age, heart rate, blood pressure, or diet

How do you get rid of this before disposing?

Check Below

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201612_en.pdf

Few Security Tutorials from Varonis - Good for end users

There are 7 short and simple videos

1. Internet Security Basics
2. How to choose a good password
3. How to know when to trust a website
4. Why we need all those software updates
5. How to protect your phone from hackers
6. How to protect your home from the Internet of Things (IoT)
7. 5 ways to protect yourself online

Check it here:

https://www.youtube.com/playlist?list=PLYEr6kVanyrPu1qZ5g6iOr0v4ImpOOCSH

Don't forget to upgade Google chrome - 12 high severity flaws have been fixed

My  Philosophy

1.  If you don't patch your PC then it is bad
2.  If you don't patch your Browser then it is worse.

For banking and other important activities. Use a different browser in  a new Private window and NEVER use that browser to access any other sites.





For More info:
https://threatpost.com/google-fixes-12-high-severity-flaws-in-chrome-browser/122223/

Tracking you with audio signals your phone can hear, but you can’t???

The technology, called ultrasonic cross-device tracking, embeds high-frequency tones. 

These ultrasound “beacons” emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you’ve seen, what sites you’ve perused, and even where you’ve been

For More Info:
http://arstechnica.com/security/2016/11/how-to-block-the-ultrasonic-signals-you-didnt-know-were-tracking-you/

Do you have an android phone - You might be vulnerable to Drammer.(deterministic Rowhammer)

It is a DRAM related vulnerability
and 
There is a  partial fix for the flaw (CVE-2016-6728)


From the article:

The name Drammer is short for deterministic Rowhammer

The vulnerability, dubbed Drammer, could give an attacker root access to millions of Android handsets including Nexus, Samsung, LG and Motorola.

The attack method employs an existing PC-based hack known as Rowhammer, a technique that targets rows of cells of memory in DRAM devices to induce cells to flip from one state to another.

“Drammer is the first Android root exploit that relies on no software vulnerability and is an instance of the Flip Feng Shui exploitation technique,” 

The Android Security team said it would issue a partial fix for the flaw (CVE-2016-6728) with its November security bulletin. However researchers point out, Google’s patch will make it much harder for an attacker to launch a Drammer attack, it does not eradicate it. “We hope to see a more sophisticated fix soon,” according to researchers.

For more details:
https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/

IoT is the new frontier - Can the IoT vendors learn anything from a Electric Saw Company?

Good ideas are everywhere. The question is are we looking for them?



From the article:

This is how we need to think from a security perspective.

Safety Cover: There is a plastic safety cover that protects the entire rotating blade. The only time the blade is actually exposed is when you lower the saw to actually cut into the wood. The moment you start to raise the blade after cutting, the plastic cover protects everything again. This means to hurt yourself you have to manually lower the blade with one hand then insert your hand into the cutting blade zone.

Power Switch: Actually, there is no power switch. Instead, after the saw is plugged in, to activate the saw you have to depress a lever. Let the lever go and saw stops. This means if you fall, slip, blackout, have a heart attack or any other type of accident and let go of the lever, the saw automatically stops. In other words, the saw always fails to the off (safe) position.

Shadow: The saw has a light that projects a shadow of the cutting blade precisely on the wood where the blade will cut. No guessing where the blade is going to cut.

Safety is like security, you cannot eliminate risk. But I feel this is a great example of how security can learn from others on how to take people into account.


For more info:
https://securingthehuman.sans.org/blog/2016/10/18/what-iot-and-security-needs-to-learn-from-the-dewalt-mitre-saw

VPN is good - No it could send you to Jail and a 545K fine

UAE (F)Law:
Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery, shall be punished by temporary imprisonment and a fine of no less than Dhs 500,000 and not exceeding Dhs 2,000,000, or either of these two penalties.

For more info:
http://www.theregister.co.uk/2016/07/28/vpn_users_in_uae_face_544k_fine/

Do you what "Bunker Buster" means? (Hint - it is software Bug)

Put into plain English, this means that the security checks used by the host to stop guests messing with each other’s memory didn’t always work. Full security checks were slowing things down, so a shortcut was programmed that turned out to be inadequate, introducing a loophole for attackers.

In this case, the bug wan’t just a guest-to-guest problem, but a guest-to-host bug. In other words, the guest could mess with the entire server, and thus implicitly with any other guest as well.

For more info:
https://nakedsecurity.sophos.com/2016/07/28/the-xen-bunker-buster-bug-what-you-need-to-know/

"Think before you Click" - will save us from a lot of trouble but, can we?

Why Phishing still succeeds?

Check out below

Attackers generally take advantage of a combination of five factors when constructing and distributing phishing emails:

1.Timing

Seasonal attacks can be very effective as recipients are likely to be expecting to receive particular messages

2. Emotional status of the target

Attacker might not know which employee is currently under negative stress, there is a good chance that at least one will respond differently due to their level of stress when targeted.

3. Tone of the language used in the email

Specifically design emails to cause alarm but to not give away too much information, hoping instead to prompt the recipient to open the message and follow the instructions within

4. Social media exposure

Many people expose far too much of their personal and professional lives via social networking sites, to the extent that attackers can easily construct a highly convincing message

5. State of mind

Working conditions that lead to exhaustion and/or anxiety can make employees far more susceptible

For More info:

http://www.scmagazine.com/phishing-what-makes-people-click/article/509451/

Can you be arrested for sharing a password?

EFF said language around "authorization" or "ownership" in the ruling opens the possibility that even spouses who use their partner's credentials to access a bank account, or a child using a parent's password to login to Hulu or Amazon, could be swept up by an over-reaching prosecutor.

For more info:
http://www.scmagazine.com/ninth-circuit-ruling-upholds-password-sharing-risk/article/508859/

Python Cheat Sheet from SANS

For those who don't know Python 

SANS has a PDF

https://pen-testing.sans.org/blog/2016/07/05/python-2-7-cheat-sheet-pywars-sec573/?utm_medium=Social&utm_source=Twitter&utm_content=SANSPenTest+BLOG+Python+Cheat+Sheet+SEC573&utm_campaign=SANS+Pen+Test

99 Tech Life Hacks You Should Know

Just a few from the article:

• If you save your Powerpoint presentation in .PPS instead of .PPT, your file goes into slideshow mode when you open it.
• 
  
• Want a quick way to unfreeze a frozen phone? Plug it into its charger.
• 
  
• When booking flights or hotels online, clear cookies before you start looking, or shop in Incognito mode, for lower prices.
• 
  
• Saving an Excel file as an .XLSB will shrink the size by half or 75%.
• 
  
• Someone’s incessant morning alarm is going off but the owner is refusing to get up and turn it off? Call the phone to turn it off for them
• 
  
• Find yourself in a hotel without your charger? Check the TV for a USB plugin.

Check this out
http://www.hongkiat.com/blog/tech-life-hacks/

Three Things You Should Avoid on Public Wi-Fi

Sweet and Simple

1. Personal Banking
2. Credit Card Transactions
3. Anything Involving Personal Information

For More info:
http://www.getcybersafe.gc.ca/cnt/blg/pst-20160630-en.aspx

Fact is stranger than fiction - One in Ten corporate shared folder contains Malware

A new study finds that of all the corporate files and folders tested, around one in 10 of them  contain some form of malware infection.

Netskope’s data in this instance comes from millions of users over the three full months of the second quarter

The only silver lining to this news, is that only around a quarter of the files and folders found to contain some form of malware had actually been shared between different people and companies, so the infections aren’t spreading like wildfire on cloud platforms.

For more info:

https://www.yahoo.com/tech/researcher-finds-corporate-shared-folders-164026594.html

How secure is the Internet>? - few facts that could shed some light

Food for thought

Seventh most common TCP/IP protocol is telnet, and there are 15 million “good old, reliable, usually unencrypted telnet nodes out there, offering shells to anyone who cares to peek in on the clear text password as it's being used,”

There are 11.2 million nodes appearing to offer direct access to relational databases, and 4.5 million apparent printer services. Rapid7 also counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems. And 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP.

About 75% of the servers offering SMB/CIFS services—a (usually) Microsoft service for file sharing and remote administration for Windows machines—reside in just six countries: The United States, China, Hong Kong, Belgium, Australia and Poland.”

For more info:
http://www.infosecurity-magazine.com/news/internet-rife-with-unencrypted/

Ladies and Gentlemen we have a new Crysis

Crysis has been silently and quickly gaining momentum, and is currently even more prevalent than Locky

Crysis encrypts virtually all file types – including those with no extension – on fixed, removable and network drives

Crysis can even run with administrator privileges, giving its encryption mechanism access to even more files.

 The attackers are typically seeking bitcoins worth between 400 and 900 euros

For more info:

http://www.scmagazine.com/low-profile-crysis-ransomware-suddenly-stealing-the-show/article/501564/

Verizon DBIR 2016 - Top 3 are related to humans

#1 - 40% were Web app attacks  and 817 out of 879 of them resulted from stolen credentials.

#2 - Privilege misuse (intentional)

#3 - Misc Errors (unintentional)

Check Here
https://securingthehuman.sans.org/blog/2016/05/17/2016-verizon-dbir-its-about-people

Be careful with USB device - Ransomware can now spread thru them

REMEMBER:
 Backup is important . More important than that is to ensure that your Backup device is disconnected from your computer (before and after the backup)

Newly spotted ZCryptor ransomware has also the ability to spread like a worm

It encrypts all files that sport one of 88 extension

changes their extensions to .zcrypt

Once it infects a system, it also copies itself on removable drives, in the hopes that the same drives will end up plugged into another system and spread the infection



For more info:
https://www.helpnetsecurity.com/2016/05/27/zcryptor-ransomware-spreads-via-removable-drives/

Fact is stranger than fiction: Most Top executives in banks don't know if they have been hacked

 

• 12 percent of CEOs don’t know if they’ve been hacked in the past two years, the lack of awareness only grows when compared to the next level of executives.   
• Approximately 47 percent of banking executive vice presidents and managing directors reported that they didn’t know if their bank had been hacked.  
• 72 percent of senior vice presidents and directors stated that they didn’t know.

For more info:
https://www.helpnetsecurity.com/2016/05/27/banking-ceos-dont-know/

Another security buzzword "PasteJacking"

This one is not from a hacker but a POC from a security researcher.


From the article:

Researcher-warns-PasteJacking-hack-attacks-targeting-users-clipboards

Researcher Dylan Ayrey explains that some web browsers now allow developers to add content to a user's clipboard under certain circumstances.

Attackers can theoretically exploit this ability to trick users into running commands they otherwise wouldn't want entered on their computers, in order to gain remote code execution. These types of attacks generally make use of HTML/CS


For more info
https://www.grahamcluley.com/2016/05/researcher-warns-pastejacking-hack-attacks-targeting-users-clipboards/

Strange security flaw in Instagram Android App

Block incorrect password guesses after 1000 attempts from the same IP address but allow every other attempt after the 2000th

combine that with Missing Controls

1. weak password policies
2. lack of two-factor authentication

For more Info:
http://www.hotforsecurity.com/blog/20-million-instagram-accounts-were-put-at-risk-through-sloppy-security-hole-13982.html

How to spot a PayPal Phishing Scam works?

Look and feel is nice but, shouldn't the user think why he is entering all this information?
(Remember "There is not substitute for stupidity")


Check this link
http://www.csoonline.com/article/2997190/leadership-management/from-start-to-finish-inside-a-paypal-phishing-scam.html

Change your LinkedIN Password now - 117 million email/passwords are up for sale

From the article:
Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200). The paid hacked data search engine LeakedSource also claims to have obtained the data. Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.




For More Info:
https://motherboard.vice.com/read/another-day-another-hack-117-million-linkedin-emails-and-password

12 million users enticed to download utilities that secretly bundled adware and spyware

Remember

This is clearly "user issue" so , remember "Think Before you Click"


From the article:
“Installed with administrator rights, (Wizz) is able to harvest personal information, and install and launch executables uploaded by the controlling party,”

Researchers found 55 domains used for Tuto4PC’s adware/spyware campaign, each owned by Tuto4PC or a subsidiary. Talos said the domains were used to distribute the Wizz.exe binaries. “The domains had various ‘PC Clean’, ‘Free Game’ and ‘Offer’ style names all questionable to a degree as to how legitimate they are


For more info:
https://threatpost.com/tuto4pc-utilities-silently-install-12m-backdoors-cisco/117704/

Bypass Windows defenses without leaving any trace on the machine.

The strange part is that someone accidentally discovered it and exposed it.
So, I am wondering who else knew about it and has been using it.
Is this a vulnerability or kind of backdoor?

From the Article:
The flaw doesn’t trigger the AppLocker security software, which is supposed to only let users run apps from trusted sources, and it doesn’t leave any traces in the registry, as it doesn’t need administrator access.

Microsoft has not yet provided a fix for the issue, but users can disable the Regsvr program using Windows Firewall.



For More info
http://bgr.com/2016/04/25/windows-10-applocker-security-issue/

Educating Kids on Cyber Safety

Nice article


Check Below for a PDF doc

http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201506_en.pdf

It is time to uninstall QuickTime from your windows PC (ASAP)

Apple has pulled the plug and we did not know it!!


Check here:
http://appleinsider.com/articles/16/04/18/apple-confirms-quicktime-for-windows-end-of-life

A Few mind blowing security suggestions

Actually............... these are just simple but powerful suggestions

1.  Change Default Passwords and DON'T share them
2. Use 2 factor authentication wherever possible and use SMS / Email alerts for all important transactions (Banking, Credit Card)
3. Use a password manager and create a strong password for its use.
4. Pass-phrases are better than passwords
5. Patch / Update all devices that can connect to Internet
6. Always presume free Wi-Fi connections as unsafe so, use HTTPS or VPN
7. Remember  - IRS will communicate only by Postal mail. All other IRS related emails are generally FAKE.
8. "Think Before you Ink" is an old proverb , the new one is "Think before you CLICK".  This applies to both Internet connections and emails.(This will save you from embarrassment  and could save your job)
9. Remember , you are a TARGET to Hackers so, be VIGILANT
10. Remember "Nothing is free" and if something is too good to be true  then it probably is.
11. Backup you data and disconnect your backup device from the computer. This  will help if/when you are hit by Ransomware
12. Do NOT RELY on Anti-Virus, Anti-Malware and other fancy tools as they  can ONLY provide basic protection.

(Here is something that is strange but true)

The best security tool for you, your computer, your home and your job is YOU.

IMPORTANT PHONE NUMBERS AND URLS - For people within USA

I am hoping this would be useful for many people:
The details are US related.

Please send me info on phone numbers and URLs that might be generally useful and I will add them
If you have for other countries then send it to me and I will create a similar page

OR

If you have an existing page, send me the link and I will add it to this page.

IMPORTANT
Poison Center
http://www.poison.org/
1-800-222-1222
Food poison or any other poison related issues


INTERNET
Reporting Computer or Internet related crimes This article provides crime classification and related agencies Link to the Article

FBI - Internet Crime Complaint Center (IC3)
http://www.ic3.gov/default.aspx
IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant


IDENTITY THEFT

IDENTITY THEFT -FTC Site
https://identitytheft.gov/
"Federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process

IRS's Taxpayer Guide to Identity Theft
https://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft

Ever wonder why you never won a lottery ticket (maybe it was hacked)

Are you surpised?

Like someone once said
if it isn't open-sourced, and verified unmodified, it cannot be trusted!

From the article:

For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done.

For more details:
https://www.theguardian.com/technology/2016/apr/08/man-hacked-random-number-generator-rig-lotteries-investigators-say

How to secure your tablet

Old but Gold article

From the doc:

Here are some simple steps for you to consider as you continue to use your tablet

1. Keep your tablet operating system and apps current and running their latest version. Many tablets now automatically update your apps, a feature we encourage you to enable
2. Do not jailbreak or hack into your own tablet. This will bypass and render a tremendous number of security controls useless, making your tablet far more vulnerable to attacks
3. Only download apps you need, and only download them from trusted sources. For iPads, this is simple as only downloading apps from iTunes. These apps are screened by Apple before they are made available. For  Google, we recommend you limit your apps to those found on Google Play. While you can download apps from  other sites, they are usually not vetted and could be created with malicious intent. Finally, regardless of where you got your app, we recommend you remove it from your tablet once you no longer need or actively use it
4. When installing a new app, make sure you review and set the privacy options, just like you did when initially configuring your new tablet. Be careful of what information you allow the app to access, or what you allow the app to do with that information. For example, does the app you just downloaded really need access to all of your contacts
5. Be sure to install or configure software that allows you to remotely track, lock or erase your tablet in case it is ever lost or stolen

Download the PDF here

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201312_en.pdf

"Hacking Team" Hacked - One vulnerability is what was needed

The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom.

For more info:
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896

Ever thought of building your own Router?

Here is your chance

http://news.hitb.org/content/ars-guide-building-linux-router-scratch

Simple way to detect Tax Season SCAM

IRS Spokesperson Mark S. Green stated:

“The IRS DOES NOT initiate contact with taxpayers by email, text, social media or electronic communications to request personal or financial information."

So, anything other than Postal Mail is a scam

How do these SCAMs looks
https://www.zscaler.com/blogs/research/tax-season-scams

If you are still using the default username+password on your router. This article should persuade you

I still wonder why people don't change the default password

The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than 1,400 login combinations, including a list of common passwords.

DNS changes can only be made if the victim accesses a compromised website on their mobile device

To prevent hackers from gaining control of their routers, all consumers need to do is to keep their home networking router’s firmware up to date, and to avoid using the default ID and password provided with the device when it shipped

For more info:
http://www.digitaltrends.com/web/javascript-malware-mobile/

How do you know if you system has been Hacked?

Good article from SANS

1. Your anti-virus program has triggered an alert that your system is infected, particularly if it says that it was unable to remove or quarantine the affected files
2. Your browser’s homepage has unexpectedly changed or your browser is taking you to websites that you did not want to go to
3. There are new accounts on your computer or device that you did not create, or new programs running that you did not install
4. Your computer or applications are constantly crashing, there are icons for unknown apps, or strange windows keep popping up
5. A program requests your authorization to make changes to your system, though you’re not actively installing or updating any of your applications
6. Your password no longer works when you try to log into your system or an online account, even though you know your password is correct
7.  Friends ask you why you are spamming them with emails that you know you never sent
8.  Your mobile device is causing unauthorized charges to premium SMS numbers
9.  Your mobile device suddenly has unexplained very high data or battery 

PDF Link Below

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf

Whaling up by 270% - Don't confuse this with stock value or fishing activity

It is PHISHING attack that has cost more than 2.3 Billion in last 3 years

The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years

From October 2013 through February 2016, law enforcement received reports from 17,642 victims.

(I like this observation)

The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it

For more info:

http://www.infosecurity-magazine.com/news/fbi-ceo-fraud-skyrockets-270/

CyberSecurity Report - PDF file , has some interesting STATS

Get it here
http://www.cloudlock.com/wp-content/uploads/2015/04/Cloud-Cybersecurity-Report-The-Extended-Perimeter-CloudLock.pdf

Interesting article on Cloud Threat

This is another one that keeps growing.



From the article

As we move our critical assets to the cloud and access it from anywhere, and while workers can operate more freely, the borderless environment creates new threat vectors.

1. Findings indicate that the average organization has 12% of files shared organization-wide, while another 10% of files are exposed externally, and 2% are accessible publicly or searchable on the public Web.
2. Another important dimension of cloud applications is that the most successful applications create an ecosystem of third-party apps Organizations must realize is when you authorize these applications to access your identities in the cloud, or the data in the cloud apps, a connection is established between the user and a third-party entity -- your corporate environment. Effectively, their security is now your security,
3. A new threat used today as a new form of malware: Cloud Malware
4. The last threat vector of interest is that as cloud applications are out in the wild, they are being attacked through brute-force password attacks or through attempts to login with stolen credentials under the premise that many users use the same password everywhere.

For More info:
http://www.darkreading.com/vulnerabilities---threats/understanding-the-cloud-threat-surface/a/d-id/1325011

Patch your Nexus - versions 4.4.4, 5.0.2, 5.1.1, 6.0 and 6.0.1.

Like they say "The ball is in your court".
Let's not procrastrinate

SUMMARY
Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices

The elevation of privilege bug exploited by the rooting application

Rooting applications are particularly dangerous because they give their respective payloads system-level persistence.


“It allows for consistent elevation of privilege, so anyone with malicious intentions with code execution already on a device and wants higher code execution, could use it to get access to the microphone or camera, or read email, anything like that,”

Check here for more info:
https://threatpost.com/google-patches-old-flaw-exploited-by-rooting-application/117161/

50 GB of Verizon customer - Accessible through MongoDB client and the IP address (no password needed)

Company response-  it is test data.

Really?

50 GB of Verizon customer data has been discovered, completely unprotected by any password or authentication.

Yet, even after a back-and-forth with Verizon’s director of cybersecurity, Jim Matteo, Verizon did little to fix the issue.

The Verizon PR team claimed that the MongoDB was only a test environment with fictitious customer data, non-sensitive reference material, unique encryption keys and solely used passwords specific to that test environment. 

For more info:

http://www.infosecurity-magazine.com/news/verizon-customer-info-database/

Identity Theft via W-2 Phishing Scams

In this digitally connected world, we being smart is not good enough. Our information is stored and managed by many other organizations and all we need is one of them to make the mistake (Guess who suffers?)

Criminals harvesting W-2 information by spear phishing will probably not exploit them directly. These compromised data sets will probably be sold off on underground, Silk Road-like forums to a number of different small operators who will file fraudulent tax returns in the name of the victims.

For More Info:
http://www.infosecurity-magazine.com/news/55-companies-and-counting-fall-to/

SideStepper - MDM Hack that can fully compromise an iPhone?

The interesting parts are

1. It is a design issue, so hard to fix
2. Apple says "it is a feature"
3. Malware can launch original app (so user has no clue)

Apple has been contacted for comment. However, the pair say they informed the tech giant of their research, and Apple labeled it "a feature, not a bug."

"Apple tried to solve the problem but actually made it worse, because now it is even easier to infect a mobile device."

"We found a way to do a man-in-the-middle attack on an iOS mobile device and replace an original command such as 'query device' with one to install a malicious enterprise certificate application," Bobrov says.

There is also little a typical system administrator can do to detect a handset compromised by the attack. Eagle-eyed staff could report a newly-installed application to IT, foiling the hack, but further attack research makes this scenario even more unlikely.

Separate research by MetaIntell architect Chilik Tamir also showcased at the Singapore hacking conference demonstrates how attackers can install a malicious application that not only looks like a legitimate app, but when tapped, calls and launches the original expected app after it pwns the handsets

For more details:

http://www.theregister.co.uk/2016/03/31/unpatched_stealthy_ios_mdm_hack_spells_ruin_for_apple_tech_enterprises/

Free - Ransomware Vaccine

I am not sure how effective it is but, it is free.

However, always ensure you have a good backup (that is not always connected to your computer)



Get it here:
https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released

Malware that messes with MBR - Ransom is $430

Once upon a time, users were scared of computer virus. Then they expected IT to take care of it.

Now, These scary Ransomware is changing the game 

This time, it is an headache for both user and IT

From the Article:

The malicious program will rewrite the computer’s MBR and and will trigger a critical Windows error that will cause the computer to reboot—a condition known as a Blue Screen of Death (BSOD).

Following this initial reboot, the rogue MBR code will display a fake Windows check disk operation

During this operation, the ransomware actually encrypts the master file table (MFT). 

Petya does not encrypt the file data itself, which would take a long time for an entire hard drive, but by encrypting the MFT the OS will no longer know where the files are located on disk.

After the MFT encryption is done, the rogue Petya MBR code will display the ransom message accompanied by a skull drawn in ASCII characters. The message instructs users to access the attackers’ decryption site on the Tor anonymity network and provides them with a unique code that identifies their computer.

The price for the key required to decrypt the MFT is 0.99 bitcoins (BTC), or around US$430.

Check here for more info:

http://www.pcworld.com/article/3046626/security/petya-ransomware-overwrites-mbrs-locking-users-out-of-their-computers.html

Lesson that we could learn from someone who lost her phone

Plain common sense but, we  all ignore it many times

1. Use a password manager
2. Enable two-factor authentication
3. Get into your accounts immediately after a theft and reset your passwords
4. Clear your remembered devices
5. Make sure you have security software on your Android to help with locating your device and remotely wiping it
6. If you have an iPhone make sure "Find My iPhone" is enabled
7. Keep a backup device enabled
8. Have passwords handy, if possible, and try to change them over secure Wi-Fi connections
9. Use a VPN

And.... iPhone users can now password protect their "notes" (iOS 9.3 onwards)


CLICK HERE FORE MORE DETAILS ABOUT WHAT HAPPENED TO THIS USER
http://www.theverge.com/2016/3/20/11265552/find-stolen-android-phone-track-samsung-galaxy-mexico

SDP for IaaS

SDP (Software-Defined Perimeter)  by itself is a new approach , now it is moving to Cloud

(Keeping my fingers crossed  )

Solution:  is still evolving but the ideas are mentioned in the article.

From the Article:

The problem is that traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over-privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.

For more details:

https://blog.cloudsecurityalliance.org/2016/03/02/the-software-defined-perimeter-and-iaas-a-new-initiative/

Top 10 Security Tools according to ToolsWatch.Org Readers

Not all are free

01 – OWASP ZAP – Zed Attack Proxy Project
02 – Lynis
03 – Haka
04 – Faraday
05 – BeEF – The Browser Exploitation Framework
06 – Burp Suite
07 – PeStudio
08 – Nmap
09 – IDA Pro
10 – OWASP Offensive (Web) Testing Framework


Check here:
http://www.toolswatch.org/2016/02/2015-top-security-tools-as-voted-by-toolswatch-org-readers/

Do you like paying Ransom?

No?

Then don't become a victim of Ransomware.


Here is a simple article that shows the common ways users get tricked
http://it.wvu.edu/security/defend-your-data/ransomware

Simple and easy - Password protection suggestion

Security folks know this.
For ordinary folks , this might help.


http://www.cnbc.com/2016/02/24/8-ways-to-protect-your-passwords-from-identity-theft-online.html

If you use Firefox - This article should help you to better secure the browser

I always liked Firefox and I use a bunch of add-ons.
For those who want to securely use Firefox, the following page will be very helpful



https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security

PC/Laptop Boot Failure - Free Poster with a detailed flowchart

Poster is available here:
http://www.fonerbooks.com/poster.pdf

Cyber Security for your home - Simple SANS Poster

Check Out this link:
https://securingthehuman.sans.org/media/resources/STH-Poster-CyberSecureHome-Print.pdf

New Poster from SANS - For SIFT or REMnux

Check Out this link:
http://digital-forensics.sans.org/media/Poster_SIFT_REMnux_2016_FINAL.pdf

Do you use Chromodo Browser - if so you need to read this

I don't use it but I am still shocked



From the article:

“Chromodo is described as ‘highest levels of speed, security and privacy,’ but actually disables all web security. Let me repeat that, they ***disable the same origin policy***…. ?!?..” Ormandy wrote in an advisory published Tuesday by Google’s Project Zero research team.

“They also hijack DNS settings, among other shady practices,” Ormandy wrote.

Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default.

The same-origin policy is a fundamental tenet of web security, ensuring that scripts access data from a second webpage only if the two pages have the same origin.

For More Info
https://threatpost.com/chromodo-browser-disables-same-origin-policy/116131/

How would you feel if someone stole your money and you don't even know it

 I am pretty sure "ignores is bliss" may not work in this scenario



According the article:
Attackers have begun sending spam emails with poisoned attachments to customers at 14 different Japanese banks, according to Limor Kessem, a cybersecurity evangelist with IBM


(here is the interesting part)
After making off with a victim’s money, in some instances, URLZone hides the transaction line with HTML injections, making it appear like no money was taken.

For More Info:
https://threatpost.com/urlzone-back-targeting-banks-in-japan/116107/

"In Private" Mode might not be "Private" - in EDGE Browser

Any vendor who gives away something free will need to get something back.

That they could use to make money.

From the Article:

Somewhat counterintuitively, Edge actually records browsing history in InPrivate mode. More than this, by examining the WebCache file it is a relatively simple task for someone to reconstruct full browsing history, regardless of whether surfing was performed in regular or InPrivate mode.

Microsoft is aware of the problem, and says:

We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible.

For More Info:

http://betanews.com/2016/01/30/stop-using-microsoft-edges-inprivate-mode-if-you-value-your-privacy/

Java changed the world including Browsers - Now the Browser Plug-in is going to vanish

The product performed magic but could not handle the attacks.

Not to forget that we were forced to use older versions because the Java based applications were not catching up with new release of Java.

Anyway I liked the plug-in

From the Article:

Oracle has announced its intent to nail the coffin shut on the Java browser plugin.

The company confirmed Wednesday that it expects to deprecate the plugin in JDK 9, slated for release in September, and JRE, in a future Java SE release.

For More Info:
https://threatpost.com/oracle-to-kill-java-browser-plugin/116065/

How to avoid the Nagging "Windows 10 Upgrade" Message

Finally, there is a Microsoft document that shows how to suppress the message until you are ready


Check Here:
https://support.microsoft.com/en-us/kb/3080351

Meet Trochilus - Dangerous RAT (not the rodent) that runs only in Memory

New Remote Access Trojan with a twist


From the article:
Named Trochilus, the malware is part of a multi-pronged malware operation that researchers at Arbor Networks are calling the Seven Pointed Dagger (.PDF).

The malware doesn’t leave much of a trace, and is skilled at evading detection, according to a report on the operation published Monday.

“This malware … appears to run only in memory and does not leave a footprint on the disk, except in the form of encoded files that do not execute by themselves and are resistant to static file malware detection processes and static analysis,” the report reads.


For More details
https://threatpost.com/new-rat-trochilus-skilled-at-espionage-evading-detection/115857/

Interesting - Seven factors that contribute to the normalization of deviance:

Normalization of deviance:

Means that people within the organization become so much accustomed to a deviant behavior that they don't consider it as deviant, despite the fact that they far exceed their own rules for the elementary safety)

 By John Banja , for Healthcare industry.

I am sure it can be generally applied

1. The rules are stupid and inefficient!
2. Knowledge is imperfect and uneven.
3. The work itself, along with new technology, can disrupt work behaviors and rule compliance.
4. I'm breaking the rule for the good of my patient!
5. The rules don't apply to me/you can trust me.
6. Workers are afraid to speak up.
7. Leadership withholding or diluting findings on system problems

For more details:

https://www.schneier.com/blog/archives/2016/01/it_security_and.html

Reminder - Support for Internet Explorer 10 and below ends in 2 days so, Upgrade IE or use Firefox (or any other up-to-date browser

Here is a Technet article on benefits of IE 11 (if you are an IE fan)

https://technet.microsoft.com/en-us/browser/mt163707.aspx



IE 11 does have enterprise mode that could be useful for companies that are still using (most of them are) IE

https://technet.microsoft.com/en-us/library/dn640687.aspx

How does human mind treat FACTS and STORIES?

Here is a non-IT  article that discusses how Human Mind reacts to stories.


From the Article:

When a fact is plausible, we still need to test it. When a story is plausible, we often assume it’s true.

 I might refuse money to a man who says that his car broke down; I might question him, ask to see his stalled vehicle, or offer him a ride to a gas station. But I’m unlikely to refuse if the man says that he is trying to make it to his sick child. I can dismiss your hard logic, but not how you feel. 

Give me a list of reasons, and I can argue with it. Give me a good story, and I can no longer quite put my finger on what, if anything, should set off my alarm bells.

Check the link below
http://www.newyorker.com/science/maria-konnikova/how-stories-deceive

if you a TWC customer - Watchout

America's second-largest cable provider says that the FBI tipped it off to a huge cache of customer login credentials that appears to have been gathered by criminals. TWC told us it is notifying those customers whose logins have been scooped.


For More info
http://www.theregister.co.uk/2016/01/07/twc_customer_hack/