Making Sense of Security

Securing your Digital World.

Making Sense of Security

Firmware Weaknesses Can Turn Computer Subsystems into Trojans

Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants. The software that acts as the interface between a computer and its various hardware components can be turned into an espionage-focused implant because the companies that make the components often fail to create a secure mechanism of updating the code, Eclypsium stated in an analysis released today. In its report, the enterprise firmware security company found that major turnkey design and manufacturing firms that supply components — such as Wi-Fi adapters, USB hubs, Read more…


Weekly analysis – 14th March 2020 to 21st March 2020

MillerSmiles provides its weekly phishing analysis for the week of 14th March 2020 to 21st March 2020 * This article was originally published here www.MakingSenseofSecurity.com


xenicoln.ru/login

[CWHQ:19442] Type: PredatorTheThief – IP: 81.177.140.34 * This article was originally published here www.MakingSenseofSecurity.com


Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

In addition, more third parties are discovering the attacks rather than the companies themselves. Organizations are more quickly detecting attackers in their networks and systems, but the majority of attacks are still being found by third parties and not by internal security groups. In 2019, companies needed 56 days, on average, to detect an attacker in their networks, down from 78 days in 2018, FireEye Mandiant stated in its “M-Trends 2020” report, out today. While the improvement is partially due to companies spending more effort and resources on detecting threats and responding to incidents, much of the impetus to Read more…


Public health vs. personal privacy: Choose only one?

As the world turns to technology to track and contain the COVID-19 pandemic, could this sound the death knell for digital privacy? The post Public health vs. personal privacy: Choose only one? appeared first on WeLiveSecurity Article Link: http://feedproxy.google.com/~r/eset/blog/~3/rYoUT1a26mQ/ * This article was originally published here www.MakingSenseofSecurity.com


S2 Ep27: Bluetooth holes, dodgy Chrome extensions and forgotten passwords – Naked Security Podcast

by Alice Violet This week we discuss why Google abruptly pulled more than 500 Chrome extensions from its Web Store, the case of a man held in custody for refusing to decrypt two hard drives, and research detailing a number of security holes in Bluetooth chipsets. Greg Iddon plays host and producer this week and is joined by fellow Sophos experts Paul Ducklin and Peter Mackenzie. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in the podcast. View Original Source Article HERE


Fake Smart Factory Honeypot Highlights New Attack Threats

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


U.S. Gov Agency Targeted With Malware-Laced Emails

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


EC-Council Announces Free Phishing-Protection Solution Amid The COVID-19 Outbreak

OhPhish Helps Remote Workers and Businesses Fight Phishing Attacks – From the Editors at Cybercrime Magazine ALBUQUERQUE, N.M., March 23, 2020 /ECCouncil.org/ As the novel coronavirus (COVID-19) pandemic progresses across the world, cybercriminals are taking advantage of the situation resulting in a spike of phishing scams on remote workforce and corporate systems. While working from home helps the cause of social distancing, it introduces additional risks to the organization. With less protection on home networks, employees are vulnerable to phishing attacks more than ever before. It is imperative that these employees remain vigilant and capable of protecting themselves from Read more…


More COVID-19 Themed Malware, (Sun, Mar 22nd)

Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. Article Link: https://isc.sans.edu/diary/rss/25930 * This article was originally published here www.MakingSenseofSecurity.com


All About SASE: What It Is, Why It’s Here, How to Use It

Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments. Secure access service edge, also known as SASE (pronounced “sassy”), is a term popping up more in security conversations as businesses grapple with the challenge of secure networking in the cloud. SASE combines WAN capabilities with network security functions: secure web gateway, cloud access security broker, firewall-as-a-service, and zero-trust network access. These capabilities are primarily delivered as-a-service and aim to find sensitive data or malware, decrypt content, and monitor risk and the trust level of sessions, Gartner’s Andrew Read more…


Emotet Malware Rears Its Ugly Head Again

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-9327PUBLISHED: 2020-02-21 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. CVE-2020-9329PUBLISHED: 2020-02-21 Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. CVE-2020-7907PUBLISHED: 2020-02-21 In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. CVE-2019-18846PUBLISHED: 2020-02-21 OX App Suite through 7.10.2 allows SSRF. CVE-2012-1093PUBLISHED: 2020-02-21 The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during Read more…


NRC Health Ransomware Attack Prompts Patient Data Concerns

The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed. A Feb. 11 ransomware attack targeting NRC Health has driven concerns about the security of patient data stored on the organization’s servers. NRC Health manages patient survey systems and works with 75% of the 200 largest hospital chains in the United States, CNBC reports. When it learned of the attack, NRC Health shut down its systems and has since been working to restore them, said chief information officer Paul Cooper in a statement. An email to its hospital clients explained how it Read more…


Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Zoom Fixes Flaw Opening Meetings to Hackers

Zoom has patched a flaw that could have allowed attackers to guess a meeting ID and enter a meeting. NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting password” by default, which is a password assigned to Zoom attendees for what is calls a meeting room. If meeting creators do not enable a “meeting password,” the only thing securing the meetings are Meeting Read more…


Adobe fixes critical flaws in Media Encoder and After Effects

by John E Dunn After fixing a fat pile of critical security flaws as part of last week’s Patch Tuesday update, Adobe has come back with two more that need urgent attention. This is what’s called an out of band update, which means that a vulnerability is too risky or likely to be exploited to leave to the next scheduled update. The first is in the Windows and macOS versions of the After Effects graphics software and affects anyone running version 16.1.2 and earlier. Identified as CVE-2020-3765 after being reported to Adobe only days ago, the company offers little Read more…


Microsoft Leaves 250M Customer Service Records Open to the Web

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan. Every year, millions of people make New Year’s resolutions to “get healthy.” Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It’s February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart Read more…


Nearly half of hospital Windows systems still vulnerable to RDP bugs

by Danny Bradbury Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The report, called 2020 Vision: A Review of Major IT & Cyber Security Issues Affecting Healthcare, comes from CyberMDX, which provides cybersecurity systems for hospitals. It says that 22% of a typical hospital’s Windows devices are exposed to BlueKeep. The proportion of Windows devices connected to a network that are vulnerable is far higher, at 45%, it adds. CyberMDX gathers these kinds of metrics via its own Read more…


Analyst Webcast: Women in Cybersecurity: A SANS Survey – March 17, 2020 1:00pm US/Eastern

Tuesday, March 17th, 2020 at 1:00 PM EST (17:00:00 UTC) Heather Mahalik Sponsors You can now attend the webcast using your mobile device! Overview Today, women are entering and rising through the ranks of cybersecurity experts, with more expected to join these ranks in coming years. By the end of 2019, women are expected to represent 20% of the global cybersecurity workforce, up dramatically from 2013, when only 11% of the workforce was female. At this webcast, survey author, forensic examiner and SANS instructor Heather Mahalik discusses key results of the survey of successful women in varied roles within Read more…


OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

By Alexander Elkholy (Threats Analyst) A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems. What is the vulnerability about? Discovered by Qualys Research Labs and disclosed on February 24, 2020, the vulnerability affects all versions of OpenSMTPD prior to 6.6.4. Part of the OpenBSD project, OpenSMTPD facilitates email communications to allow the retrieval and delivery of mail, and implements the Simple Mail Transfer Protocol (SMTP) protocol. Read more…


US charges four Chinese military members with Equifax hack

by Lisa Vaas The US has charged the Chinese military with plundering Equifax in 2017. The Justice Department (DOJ) on Monday released a nine-count indictment that accused four members of the People’s Liberation Army (PLA) of being hackers behind the breach, which was one of the largest in US history. The breach exposed millions of names and dates of birth, taxpayer ID numbers, physical addresses, and other personal information that could lead to identity theft and fraud. Besides the original estimate of 145.5 million Americans who were affected, the breach also hit 15.2 million Brits and some 100,000 Canadians. The Read more…


Threat actors attempt to capitalize on coronavirus outbreak

By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Using the news to try and increase clicks and drive traffic is nothing new for malicious actors. We commonly see actors leveraging current news stories or events to try and increase the likelihood of infection. The biggest news currently is focused on the new virus affecting the world, with a focus on China: the coronavirus. There are countless news articles and Read more…


1.7M Nedbank Customers Affected via Third-Party Breach

A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. Nedbank, one of South Africa’s largest financial institutions, last week disclosed a security incident affecting the personal data of 1.7 million past and current customers. The breach started with a “data security issue” at Computer Facilities, a third-party marketing contractor Nedbank was using to send SMS and email marketing information, the bank said in a statement. Nedbank identified the vulnerability as part of its routine monitoring procedures. Once it was discovered, officials alerted the service provider and launched an investigation. Read more…


Google Sets Record High in Bug-Bounty Payouts

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


New Bill Proposes NSA Surveillance Reforms

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Wawa Breach May Have Affected More Than 30 Million Customers

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Weekly analysis – 14th September 2019 to 21st September 2019

MillerSmiles provides its weekly phishing analysis for the week of 14th September 2019 to 21st September 2019 * This article was originally published here www.MakingSenseofSecurity.com


Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Google forced to reveal anonymous reviewer’s details

by Danny Bradbury It’s a small business’s worst nightmare: someone leaves a review on a popular site trashing your company, and they do it anonymously. That’s what happened to Mark Kabbabe, who runs a tooth whitening business in Melbourne, Australia. Last week, a court forced Google to reveal the details of an anonymous poster who published a bad review of his business. According to the court judgement, the anonymous poster used the pseudonym CBsm 23 to publish a review on Google about a procedure they had undergone at Kabbabe’s clinic. The review said that the dentist made the whole Read more…


Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Suspect who refused to decrypt hard drives released after four years

by John E Dunn The contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release. Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other computers from his home. Based on forensic analysis of his download habits and the testimony of his sister, the police believe they contained child abuse imagery but were unable to prove that without access to the drives. Rawls Read more…


Ring makes 2FA mandatory to keep hackers out of your doorbell account

by Lisa Vaas Leery of losing microseconds of your life by using two-factor authentication (2FA) to keep your stuff safe from hackers? Alas for you, but hurray for security. Bit by bit, the Internet of Things (IoT) is getting a wee bit more secure: last week, Google announced that it would soon begin forcing users of its Nest gadgets to use 2FA, and this week, security came knocking for Amazon’s Ring video doorbells. On Tuesday, Ring president Leila Rouhi said in a blog post that starting immediately, the once-optional authentication is going to be mandatory for all users when Read more…


What’s The Difference Between An Incident And An Actual Loss Of Protected Data?

Information loss leads to devastating financial repercussions and brand reputation – Robert Johnson, III, President & CEO at Cimcor, Inc Chicago, Ill. – Feb. 20, 2020 Inadequate and ineffective technologies are often the culprit behind the failure of compliance mandates and initiatives for many organizations. Vulnerabilities can be a challenge for organizations to manage but identifying the weaknesses and the threats businesses face with information in a state of constant flux is not something to be ignored. Cybersecurity incidents and the threat information associated with them may change as information unfolds, similar to Positive technologies’ latest findings regarding the Citrix Read more…


Fortinet and CyberX

Accelerating IoT and OT Threat Detection and Prevention Donwload the solution brief The post Fortinet and CyberX appeared first on CyberX. Article Link: https://cyberx-labs.com/solution-briefs/fortinet-and-cyberx/ * This article was originally published here www.MakingSenseofSecurity.com


MGM Hotel breach highlights need for sophisticated cloud security

Cybercriminals posted the information of more than 10 million customers on a hacker forum a year after the initial attack on a cloud server. View Original Source Article HERE


92% of Americans would delete an app that sold their personal information

Smartphone users don’t want government encryption backdoors and would rather read “terms and conditions” than watch the movie “Cats.” View Original Source Article HERE


70% of IT leaders say security concerns restrict adoption of public cloud

While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist. View Original Source Article HERE


California Man Arrested for Politically Motivated DDoS

The distributed denial-of-service attacks took a congressional candidate’s website offline for a total of 21 hours during the campaign for office. A man in Santa Monica, Calif., has been arrested for launching a series of attacks on the website of a California congressional candidate. Arthur Jan Dam is charged with one federal count of  intentionally damaging and attempting to damage a protected computer. According to the arrest affidavit, Dam was responsible for four distributed denial-of-service (DDoS) attacks on the candidates’ Web server, taking the site offline for a total of 21 hours during the campaign in 2018. Dam, it Read more…


Text message package scam delivers more than your business bargained for

There’s a text message scam making the rounds that could target your mail room staff, receptionist, or other employees. The FTC has tips on how you can protect your business. Our Consumer Blog describes a text message people are receiving that claims to be a FedEx tracking notice. In variations on the scheme, fraudsters also are falsely invoking the names of UPS and the U.S. Postal Service. According to the text, there’s a “delivery” that needs to be scheduled by clicking on a link. From there, people are taken to an “Amazon” page, which invites them to complete a customer Read more…


The Amazon Prime phishing attack that wasn’t…

by Paul Ducklin Earlier this week, we received a moderately believable Amazon Prime phish via email. The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account. To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t complete the verification process within 24 hours, then our account would be deactivated, not merely suspended. The “good” news, of course, is that verifying our account was as easy as clicking a link in the Read more…


Data of 10.6m MGM hotel guests posted for sale on Dark Web forum

by Lisa Vaas The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. It doesn’t matter that the data isn’t freshly baked: it’s still edible. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as “the right person answered the phone.” The data was first spotted by an Israeli security researcher calling themselves Under the Breach who claims to have “deep relations” with Read more…


Freedom Hosting owner pleads guilty to distributing child abuse images

by John E Dunn The man arrested for running what was once believed to be the largest child abuse hosting provider on the dark web, has pleaded guilty in a US court to the charge of advertising child pornography. That service was Freedom Hosting and the man who operated it from its founding in 2008 until his arrest in Ireland in 2013 was dual US-Irish national, Eric Eoin Marques. Extradited to the US last year, what Marques has admitted to carries a mandatory sentence of 15 years, with up to double that possible when he is sentenced by a Read more…


Facebook’s Twitter and Instagram accounts hijacked

by John E Dunn Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them. Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared: Hi, we are OurMine Well even Facebook is hackable but at least their security better than Twitter. The now deleted message continues by offering the services of OurMine to anyone wanting to improve their account security. The same group’s logo Read more…


Self-driving car dataset missing labels for pedestrians, cyclists

by Lisa Vaas A popular self-driving car dataset for training machine-learning systems – one that’s used by thousands of students to build an open-source self-driving car – contains critical errors and omissions, including missing labels for hundreds of images of bicyclists and pedestrians. Machine learning models are only as good as the data on which they’re trained. But when researchers at Roboflow, a firm that writes boilerplate computer vision code, hand-checked the 15,000 images in Udacity Dataset 2, they found problems with 4,986 – that’s 33% – of those images. From a writeup of Roboflow’s findings, which were published Read more…


5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats

With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud’s many benefits: The cloud, once touted as an IT panacea, has a flip side that we see all too often in headlines when malicious actors take advantage of gaps in security. This cannot be repeated enough: Securing data and networks in a cloud environment is very different than doing so on-premises. Infrastructure elements that were static on-premises are now abstracted to software. Firewalls must be designed to operate in an inherently fluid infrastructure. And in the cloud, you’ll need to focus Read more…


Goblin Panda APT: Recent infrastructure and RAT analysis

  Summary Goblin Panda (also known as Hellsing, Cycledek, and likely other names due to non-standardized naming conventions in security) is a group has been active for the better part of the last decade, and has historically had information theft and espionage related motives that align with Chinese interests. Their targets have primarily been defense, energy, and government organizations located in South/Southeast Asia, with emphasis on Vietnamese targeting. Within this analysis I review artifacts that exhibit behavior consistent with past Newcore RAT samples, which have been attributed to the GoblinPanda APT group.   Analysis While reviewing suspected dropper files, Read more…