Tuesday, October 31, 2017

FREE - Want to know if the website you are visiting is vulnerable , then you should get this Chrome extension



Vulners Web Scanner lets you Scan websites while you surf internet!






Get it here
https://chrome.google.com/webstore/detail/vulners-web-scanner/dgdelbjijbkahooafjfnonijppnffhmd

Good news - Firefox (v58 - Jan 2018) will add a new feature - BLOCK canvas-browser-fingerprinting





Mozilla is testing a new feature in the upcoming version of its Firefox web browser that will grant users the ability to block canvas fingerprinting.


(Canvas fingerprinting is one of a number of browser fingerprinting techniques of tracking online users that allow websites to identify and track visitors using HTML5 canvas element instead of browser cookies or other similar means.)

The permission prompt that Firefox displays reads:

"Will you allow [site] to use your HTML5 canvas image data? This may be used to uniquely identify your computer."


Once you get this message, it's up to you whether you want to allow access to canvas fingerprinting or just block it. You can also check the "always remember my decision" box to remember your choice on future visits as well.

For More:
https://thehackernews.com/2017/10/canvas-browser-fingerprint-blocker.html

Monday, October 30, 2017

Bug in the Bug tracker - I mean the the bug tracking software itself had a bug that kind of messed up google.


Alex Birsan, a software developer and hobbyist bug-hunter, collected more than $15,000 in bounties for finding this bug and two other unrelated flaws in the Issue Tracker. The most critical of the three vulnerabilities allowed him to manipulate a request to the system that would elevate his privileges and provide him access to every detail about a particular vulnerability.


For More:
https://threatpost.com/flaw-in-google-bug-tracker-exposed-reports-about-unpatched-vulnerabilities/128687/

Friday, October 27, 2017

Patch...Patch...Patch is the simplest advise to protect against any Malware - Patch CHROME today



Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released.

Google is not releasing any details surrounding this stack buffer overflow vulnerability (CVE-2017-15396) stating, “access to bug details and links may be kept restricted until a majority of users are updated with a fix.

For More:
https://threatpost.com/google-patches-high-severity-browser-bug/128661/

Android Phone users watchout for DoubleLocker - As you guessed it locks (after encrypting your Android phone) and demands Ransom




The ransomware has been named DoubleLocker because it performs a two-way action to lock the phone, that is, it encrypts all the files and changes the PIN as well so that victims run out of options and give in to the ransom demands of hackers. The ransomware is being distributed as a fake update of Adobe Flash while compromised websites are being used to spread it.

The fake Adobe Flash app requests for Google Play Services activation because it needs to exploit the phone’s accessibility services

It then starts exploiting the permissions by retrieving Windows content, enabling advanced web accessibility for installation of scripts and monitoring the text that the victim types. When permissions are granted, the ransomware is installed as the default Home app. This means when the user will visit Home screen the next time the ransom note will be there.

For more info:
https://www.hackread.com/new-android-ransomware-permanently-changes-pin-demand-ransom/

Tuesday, October 24, 2017

Is this a temp solution for "Bad Rabbit" Ransomware ?



Performing the following step seems to work like a vaccine , some brave person tested it with a ransomware sample.

(Don't know if it is really works)

===========================
Create the following files
%windir%\infpub.dat
%windir%\cscc.dat
%windir%\infpub.dat
%windir%\dispci.exe

- remove ALL PERMISSIONS (inheritance)
===========================

Monday, October 23, 2017

Have you heard of Windows Defender Exploit Guard (Windows 10 IPS functions)



The four components of Windows Defender Exploit Guard are:

Attack Surface Reduction (ASR): A set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office-, script-, and email-based threats

Network protection: Protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen

Controlled folder access: Protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders

Exploit protection: A set of exploit mitigations (replacing EMET) that can be easily configured to protect your system and applications

More details here:
https://blogs.technet.microsoft.com/mmpc/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/

Did you know that Windows 10 has a feature that could protect your system from ransomware



Microsoft has now introduced Controlled Folder Access feature in its Windows Defender Security Center that is available for Windows 10 Fall Creators Update (v1709)

By enabling Controlled Folder Access (CFA) on a folder, it will be possible to continuously monitor the changes in the system in real-time and timely identify any unauthorized access. In case an unauthorized process attempts to access that folder, which has been protected with CFA, it will immediately be blocked, and the user will be notified


Follow this How-To Document:
https://www.hackread.com/microsoft-windows-10-anti-ransomware/

Friday, October 20, 2017

Mac Owners - If you installed Elmedia Player or download manager Folx the you should read this



Eltima Software, confessed today the latest versions of those two apps came with an unwelcome extra – the rather horrid OSX.Proton malware

Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command-line access to commandeer the computer, and can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. Its creator also claims that it'll give full access to iCloud, even if two-factor authentication is used and was put on sale in March for $50,000


For More:
https://www.theregister.co.uk/2017/10/20/a_total_system_os_reinstall_is_the_only_guaranteed_way_to_totally_rid_your_system_of_this_malware_this_is_a_standard_procedure_for_any_system_compromise_with_the_affection_of_administrator_account/

Thursday, October 19, 2017

Do you know - Chrome is getting built-in basic antivirus protection for your Windows computer.



ESET scanning engine now built in

"Our engine scans for and cleans potentially harmful applications, specifically the types that negatively impact or target the Chrome browsing experience," said Juraj Malcho, chief technology officer at ESET.

For what it's worth, Chrome, by default, automatically tries to stop software nasties from being accidentally downloaded onto a machine, by checking website URLs against lists of known dangerous and unsafe sites. If you surf to a website known for distributing malware, er, unwanted software, a big red warning will appear in the browser urging you to stop and go back the way you came.

For More Info:
https://www.theregister.co.uk/2017/10/16/chrome_for_windows_malware/

IoT Security - Not many or concerned, For those who are concerned, here a good essay from Mr. Bruce Scheiner



Our biggest IoT security risks will stem not from devices we have a market relationship with, but from everyone else's cars, cameras, routers, drones

Basically, sellers don't compete on safety features because buyers can't efficiently differentiate products based on safety considerations

More here:
https://www.schneier.com/blog/archives/2017/10/iot_cybersecuri.html

Wednesday, October 18, 2017

BoundHook, GhostHook - These are not fishing terms, these are exploits




BoundHook exploits a feature in all Intel chips  -To  cause an exception in a specific memory location in a user-mode context. Next, it is able to catch the exception and gain control over the thread execution used by a specific application. For example, the technique could allow for the interception of a keyboard event message passed between Windows and a specific service, allowing an attacker to capture or manipulate a victim’s keystrokes

GhostHook - Attack method bypassed Microsoft’s attempts to prevent kernel level attacks (via PatchGuard) and used the hooking approach to take control of a device at the kernel level.

Strange but True:
Microsoft and Intel don’t see either as a vulnerability on their end. Both told CyberArk it will not patch the issue because the attack requires that the adversary already has already fully compromised the targeted system


More Here:
https://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/128517/

Interested in Penetration Testing (I mean Computer related Pen Test ) - Try this site as your starting point


This site has a bunch of

Cheat Sheets
Walk through
Pen Test tools related info


Excellent for Beginers

https://highon.coffee/


Monday, October 16, 2017

I thought one cannot calculate a private Key from public key. I was wrong



In a nutshell, the bug (in Infineon Technology chipset) makes it possible for an attacker to calculate a private key just by having a target’s public key.


The Infineon flaw is tied to a faulty design of Infineon’s Trusted Platform Module (TPM), a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and used for secured crypto processes.

The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable


For More:
https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/

KRACK ATTACK - Welcome to Monday morning mania




The idea behind a key reinstallation attack can be summarized as follows. When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol.

 We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.

If the victim uses either the WPA-TKIP or GCMP encryption protocol, instead of AES-CCMP, the impact is especially catastrophic. Against these encryption protocols, nonce reuse enables an adversary to not only decrypt, but also to forge and inject packets. Moreover, because GCMP uses the same authentication key in both communication directions, and this key can be recovered if nonces are reused, it is especially affected. Note that support for GCMP is currently being rolled out under the name Wireless Gigabit (WiGig), and is expected to be adopted at a high rate over the next few years


For more info:
https://www.krackattacks.com/

Friday, October 13, 2017

To Trust or NOT to Trust is the dilemma



The Facebook scam abuse “Trusted Contacts, ” a Facebook account recovery feature that sends access codes to a selected list of trusted user’s friends in order to help you regain access to their Facebook account in case you forget your password or lost access to your account.


For More
http://securityaffairs.co/wordpress/64276/cyber-crime/facebook-scam-trusted-contacts.html?

Thursday, October 12, 2017

Did you know GDPR Applies to the entire world , not just Europe



GDPR that goes in effect 25 May, 2018, states that any organization that handles the personally identifiable information of any living EU resident must protect that information. If that information is breached, that organization must report the incident and notify those individuals.



Excellent SANS Doc:
https://www.sans.org/reading-room/whitepapers/analyst/preparing-compliance-general-data-protection-regulation-gdpr-technology-guide-security-practitioners-37667#


For More Info:
https://securingthehuman.sans.org/blog/2017/10/10/hey-america-and-world-gdpr-applies-to-you-to

If you are Netflix subscriber , you may want to read this



It begins with a mail purporting to be from the streaming giant, asking for an account update. Once the victim enters their Netflix credentials on a spoofed website, they are redirected to a second screen, which harvests the victim’s credit card credentials. The final step shows a thank-you message, where clicking the “Get Started” button takes visitor to Netflix.com, meaning that they could remain blissfully unaware that they’ve been phished for quite some time.

PhishMe’s analysis found that the email address associated with the campaign has been involved in the use of five different phishing toolkits since June, targeting customers of Chase Bank, Comcast, Netflix, TD Bank and Wells Fargo. But business users can be at risk as well


More Here:
https://www.infosecurity-magazine.com/news/netflix-phish-corporate-dangers?utm_source=twitterfeed&utm_medium=twitter

New Service from Equifax - Free Flash update Offer (Thanks to Hackers)




Equifax website was compromised (again) to deliver Fraudulent Adobe Flash updates.

Data breach not enough, now they have website compromise.



For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers

More Here:
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/


Wednesday, October 11, 2017

What could happen when you misconfigure Amazon S3 buckets? - Data Breach - 150K PHI records exposed


New development in "Data Exfiltration" is that there is an increased data staging within cloud infrastructures prior to exfiltration

Imagine a commercial mover putting your furniture into a moving van,” Mayfield explained. “No shock here, that seems like normal asset movement. But then, an accomplice walks up to the fully loaded van, key in the ignition, and drives away. This is not a perfect analogy, but it gets very close to the data staging and exfiltration that happens with cloud infrastructure


For More:
https://www.infosecurity-magazine.com/news/med-records-for-150k-americans

Very Interesting conversation/debate on PASSWORDS - Highly recommended

Bank Heist - Reminds me of the song Smooth Criminal(s)



Interesting part is  that this Targeted attack includes good coordination at physical and technical levels.

Hussey says his company investigated heists at five different banks in post-Soviet countries. Attackers made off with sums between $3 million and $10 million per bank, for a total of over $40 million



For More:
https://www.bleepingcomputer.com/news/security/bank-cyber-thieves-get-clever-with-new-overdraft-technique/

Microsoft Patch Tuesday - CVE-2017-11826 - patch it ASAP



Microsoft's October Patch Tuesday release covered a wide spectrum of problems with the majority possibly resulting in remote code execution (RCE) and CVE-2017-11826 being publicly disclosed and actively exploited

The early take from cyber industry insiders is CVE-2017-11826, found in Microsoft Office, needs to be immediately addressed

Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” is actively being exploited in the wild,” Jimmy Graham, director of product management at Qualys.


 More Here:
https://www.scmagazine.com/patch-tuesday-microsoft-62-vulnerabilities-28-critical-one-spotted-in-the-wild/article/699296/

Tuesday, October 10, 2017

Did you know - Browsers are intermediaries in an online transaction



By moving the storage of payment card details in the browser, the responsibility of keeping these details safe is moved to the browser and the user.

The Payment Request API also demands that users take greater responsibility for their data security. 

For More:
https://www.grahamcluley.com/browser-credit-cards/

Beware - New Phishing Attack

 Cybercriminals are using a new phishing campaign that impersonates "secure messages" from private financial institutions such as Bank of America and TD Commercial banking to deliver malware to unsuspecting victims


More Here
http://www.ibtimes.co.uk/new-phishing-emails-claiming-be-secure-message-private-banks-secretly-deliver-malware-1641269?utm_content=61324933&utm_medium=social&utm_source=twitter

Thursday, October 5, 2017

5 Tenets of Cyber Security




Sweet and Simple (but , rarely followed)

Your organization does not exist to be secure, it exists to get things done.

Amateurs mitigate risk, professionals manage risk. If you are confused by the difference, you need to read some of Bruce Schneier's books. There are three ways to manage risk: you mitigate it, you accept it or you transfer it

Risk is the likelihood of an incident times the harm of that incident. Likelihood is made up of Threats and Vulnerabilities

Our job is to support the organization's mission. That means when dealing with a cyber security challenge, you may not be the one to make a decision


Managing risk is based on three core areas: Technology, Process and People.
We have hit the point of diminishing returns with Technology but continue to fail in the Process and People side.

For More:
https://securingthehuman.sans.org/blog/2017/10/05/the-five-tenets-of-cyber-security/

Nature of Cyberattacks changing in ways that we did not expect


Like

Use of social media to attempt to influence votes or drive division within a nation via Twitter and targeted Facebook advertising campaigns.

Sony hack by North Korea as a pivotal moment when it came to nation states attempting to attack U.S. interests in unconventional ways.

Another social-fueled criminal trend are the rise of "dark markets"
Dark markets that facilitate all matter of crime, from narcotics trafficking, to illegal firearm sales, to identity theft, child exploitation, and computer hacking

More here:
https://threatpost.com/attackers-redefining-objectives-approaches/128276/

Tuesday, October 3, 2017

October is National Cybersecurity Awareness Month - Need Ideas? - Here is a good resource for Office, Home and even Kids

Ever wondered how Email Tracking works?




Here is a nice article:


Almost all web browsers, in the case of webmail, send third-party cookies with these requests. The email address is leaked by being encoded as a parameter into these third-party URLs.

About 29% of emails leak the user’s email address to at least one third party when the email is opened, and about 19% of senders sent at least one email that had such a leak.
The majority of these leaks (62%) are intentional.[4] If the leaked email address is associated with a tracking cookie.

Most of the top leak recipients, including LiveIntent, Acxiom, Conversant Media, and Neustar, are involved in “people-based” marketing

For More Info:
https://freedom-to-tinker.com/2017/09/28/i-never-signed-up-for-this-privacy-implications-of-email-tracking/

Android keyboard app - It it a Keyboard or a Keylogger?



First, it collected a user's Google email account as well as other important device information and uploaded all that data to its servers.

Second, it can download and execute code from a remote server in violation of its policy. Those snippets of code include plugins marked as adware or potentially unwanted programs (PUPs) by multiple anti-virus engines.

For More:
https://www.grahamcluley.com/go-keyboard-app-data-collection/

Monday, October 2, 2017

5 simple ways to improve your online safety in 5 minutes or less



We all know this but, let's be honest , how many of us follow this



1. Use strong, unique passwords for every site requiring login

2. Keep your operating system up-to-date

3. Only connect to Wi-Fi networks you know and trust

4. Turn off Wi-Fi, Bluetooth, camera, and location services

5. Don’t download from questionable sources

For More Info:
\https://www.getcybersafe.gc.ca/cnt/blg/pst-20170929-en.aspx

Free Azure Interactive Posters

Top 10 phishing email subject lines that launch ransomware (according to KnowB4)





  1. Security Alert – 21% 
  2. Revised Vacation & Sick Time Policy – 14%
  3. UPS Label Delivery 1ZBE312TNY00015011 – 10%
  4. BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  5. A Delivery Attempt was made – 10%
  6. All Employees: Update your Healthcare Info – 9%
  7. Change of Password Required Immediately – 8%
  8. Password Check Required Immediately – 7%
  9. Unusual sign-in activity – 6%
  10. Urgent Action Required – 6%



For More:
https://www.csoonline.com/article/3209086/hacking/top-10-phishing-email-subject-lines-that-launch-ransomware.html?utm_content=61042854&utm_medium=social&utm_source=twitter