Welcome to DISC InfoSec blog | Awareness and education are key in information security, we share InfoSec & compliance related information..to Learn more contact us »
Infection Monkey is an open source Breach and Attack Simulation tool that lets you test the resilience of private and public cloud environments to post-breach attacks and lateral movement, using a range of RCE exploiters.
Infection Monkey was created by Israeli cybersecurity firm Guardicore to test its own segmentation offering. Developer Mike Salvatore told told The Stack: âInfection Monkey was inspired by Netflixâs Chaos Monkey.
âChaos Monkey randomly disables production instances to incentivize engineers to design services with reliability and resilience in mind. We felt that the same principles that guided Netflix to create a tool to improve fault tolerance could be applied to network security. Infection Monkey can be run continuously so that security-related shortcomings in a networkâs architecture can be quickly identified and remediated.â
The company recently added a Zero Trust assessment, as well as reports based on the MITRE ATT&CK framework.
Many organizations have maintained heavy investment in cybersecurity over the last year, even in an unpredictable time when other spending has faltered. Gartner estimates that IT security and risk management spending still grew 2.6 percent even as IT spending as a whole fell by 8 percent.
However, while businesses have continued to fortify their networks against remote invaders, most have overlooked the potential for cyber threats from physical intruders. With very few exceptions such as government facilities, organizations tend to be extremely vulnerable to cyberattacks that involve a threat actor gaining direct access to the infrastructure.
While such attacks are extremely rare in comparison to the endless virtual attacks launched every day, physical security gaps can allow threat actors to circumvent otherwise strong defenses to inflict serious damage. Unlike an ordinary burglary, the threat is not what is stolen by the intruder, but what they leave behind â anything from keyloggers to backdoor malware. Itâs especially important that organizations that are in high-risk sectors such as finance be prepared for such attacks.
Fortunately, however, with the right precautions it is possible to minimize the risk of a physical intruder, and spot incursions based on digital and physical evidence left behind.
Network monitoring is essential for any organization with a network. Requirements may vary, but in general any IT team is going to need a single, comprehensive solution that shows the entire network in context and makes diagnosing network issues fast and easy.
An effective solution should be able to discover every device connected to the network, automatically generate a network map showing connections and give administrators an easy way to run device inventories and determine what should be monitored.
The solution should generate alerts for a myriad of network issues and support customizable thresholds, so the IT team can proactively respond before end users are impacted. It should monitor the entire network infrastructure (physical, virtual and cloud) while also supporting network traffic analysis, network and application performance monitoring, configuration management and log management. As well, the ability to automate common administrative tasks or implement self-healing actions will drastically reduce the workload of the IT team.
The importance of ease-of-use cannot be overstated! The solution also needs to be able to scale to meet future needs and should support widely geographically distributed networks. Integration with 3rd-party systems is also a key requirement, whether by out-of-the-box connectors or via a robust API.
AWS offers multiple services around logging and monitoring. For example, you have almost certainly heard of CloudTrail and CloudWatch, but they are just the tip of the iceberg.
CloudWatch Logs is the default logging service for many AWS resources (like EC2, RDS, etc.): it captures application events and error logs, and allows to monitor and troubleshoot application performance. CloudTrail, on the other hand, works at a lower level, monitoring API calls for various AWS services.
Although listing (and describing) all services made available by AWS is out of scope for this blog post, there are a few brilliant resources which tackle this exact problem:
âLogging in the Cloud: From Zero to (Incident Response) Heroâ are the annotated slides (131 pages!) of a good talk delivered at RSA 2020 by the Secureworks team which tries to answer questions like âWhat Should I Be Logging?â, âHow Specifically Should I Configure it?â, and âWhat Should I Be Monitoring?â. Especially interesting since it doesnât cover only AWS, but also GCP and Azure.
âOverview of AWS Logsâ lists main AWS logging sources with a summary table, format, example and a Grok regex to parse log and ingest into a tool like Elastic Stack (ELK).
In the remainder of this section Iâll provide a summary of the main services we will need to design our security logging platform. Before doing so, though, it might be helpful having a high-level overview of how these services communicate (special thanks to Scott Piper for the original idea)
Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing âend-to-end encryption for things that matter.â
End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits a login form, and only gets stripped off at the far end when the data arrives at its final destination, such as when a website receives the login form with your username and password in it.
End-to-end encryption over the internet doesnât just mean that your data is encrypted while itâs in transit from node to node along its network journey â itâs supposed to be a stronger guarantee than that.
It not only means that your data isnât decrypted while itâs at any ârest stopsâ along the way, such as when an email message is held at your ISP for delivery later on, but also means that your data cannot be decrypted along the way, no matter whether you trust the person operating that ârest stopâ or not.
How are companiesâ legal departments changing to meet the needs of their organization and the needs arising from worldwide changes?
Organizations face much more regulatory compliance and privacy scrutiny than ever before, and everyone is under a constant threat of cyber breach or attack. Legal plays a critical role in ensuring that all compliance obligations are met, and overall risk to the organization is mitigated.
I firmly believe a new strategy is required to deal with these new converging market forces, one that is rooted in data management. What weâve observed over the past couple of years is how you treat data is key to addressing so many of the concerns facing your organization. How an organization collects, stores, uses and secures its data ultimately determines the extent to which that data poses risks, incurs costs and provides value. All of these greater trends have combined to create new business challenges that no longer can be addressed by a single organizational department.
Let me give you an example:
Letâs say your company receives a California Consumer Privacy Act data access request.
First, you must securely validate the requestorâs identity. Then, you must route the request appropriately and act on it promptly. The person or group responsible for the data must locate it, collect it, review it, possibly redact information and then securely deliver this information to the requestor.
You can see how this request quickly crosses conventional divisions and responsibilitiesâitâs not just someone in your Privacy departmentâs responsibility â she will need to work with someone with expertise in e-discovery. And, if that user submits a request for data deletion, things get even more complex, because before deleting anything, you must first confirm that the information can legally be deleted (as it can be subject to retention requirements imposed by regulatory compliance obligations or a legal hold).
In this demanding environment, traditional approaches to enterprise data inventory and management are inadequate.
To help put this process into perspective, we like to ask six simple questions:
1. Do you know where your data is? 2. Do you know who owns your data? 3. Do you know what regulations govern your data? 4. Do you know what third parties have access to your data? 5. Can you forensically prove data integrity throughout all the processes that use your data? 6. Can you easily and quickly respond to requests for your data?
New casinos launch online often and as the choice for these sites grows, so does the variety of payment options. Not long ago, many online casinos were limited to credit/debit cards and very few e-Wallets. Today, there is a broad range of payment options accepted by online casinos.
One payment method, nonetheless, has become quite popular; pay by phone. With more people accessing online casinos from their mobile, itâs easy to see why mobile payments are becoming widespread. Besides, the option has several advantages, as highlighted below.
Play on Credit
When paying using your phone, you can choose to pay through telephone bills. This means that you can add money to your casino even when you donât have money and pay the bill later. Operating more like a credit card, you get a form of credit when you choose this option.
The money is usually credited into your account immediately, yet you will only pay for it when paying your phone bill. The great thing about this is that it gives you float since you donât have to immediately pay for your deposit.
Again, if you donât have money at a particular moment or want to track how much you use in gaming, this option allows you to do this with ease. However, you should note that you will eventually pay the bill, probably at the end of each month.
No Additional Costs
Most phone providers donât charge extra fees to deposit at the casino using a phone bill. Nonetheless, you will incur the usual rates that your provider charges for mobile payments in most cases.
However, it is worth checking with the provider to confirm if additional charges apply. Further, online casinos donât impose any fees on your phone bill deposits. Again, it is essential to confirm this from your specific casino.
The goal is to find a provider and a casino that donât impose extra fees for the service. According to this guide, there are many such casinos that donât charge you for phone deposits. Thus, you wonât have a hard time finding a perfect site that meets your gaming expectations.
High Level of Security
Depositing using your phone is exceptionally safe and secure. The added security level is because you never enter your credit/debit card details or banking information like is the case with some traditional payment options.
Although rare, some sites get hacked, especially those that donât have up-to-date security measures such as SSL data encryption and robust firewalls. If this happens, the information you have shared with your casino can be compromised.
Fortunately, if you choose this option, you will never worry about your bank information being stolen. Besides security, the method also enhances the privacy of your banking information since the casino doesnât have access to your banking details.
Nvidia, the graphics chip company that wants to buy ARM, made a unusual announcement last week.
The company is about to launch its latest GeForce GPU (graphics processing unit) chip, the RTX 3060, and wants its users know that the chip is âtailored to meet the needs of gamers and those who create digital experiences.â
Our GeForce RTX GPUs introduce cutting-edge technologies â such as RTX real-time ray-tracing, DLSS AI-accelerated image upscaling technology, Reflex super-fast response rendering for the best system latency, and many more.
Ray-tracing is an algorithm used in generating synthetic images that are almost unbelievably realistic, correctly modelling complex optical interactions such as reflection, transparency and refraction, but this sort of realism comes at huge computational cost.
You can therefore see why gamers and digital artists might be very keen to get their hands on the latest special-purpose hardware that can speed up the creation of images rendered in this way.
The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group.
Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group âs âEpMeâ hacking tool years before it was leaked online by Shadow Brokers hackers.
In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with sophisticated zero-day malware.
The arsenal of the hacking crew included sophisticated tools that requested a significant effort in terms of development, Kaspersky speculated the Equation Group has also interacted with operators behind Stuxnet and Flame malware.
Based on the evidence collected on the various cyber espionage campaigns over the years, Kaspersky experts hypothesize that the National Security Agency (NSA) is linked to the Equation Group.
Jian used the same Windows zero-day exploit that was stolen from the NSA Equation Group âs arsenal for years before it was addressed by the IT giant.
In 2017, the Shadow Brokers hacking group released a collection of hacking tools allegedly stolen from the US NSA, most of them exploited zero-day flaws in popular software.
One of these zero-day flaws, tracked as CVE-2017-0005, was a privileged escalation issue that affected Windows XP to Windows 8 operating systems,
âIn this blog we show that CVE-2017-0005, a Windows Local-Privilege-Escalation (LPE) vulnerability that was attributed to a Chinese APT, was replicated based on an Equation Group exploit for the same vulnerability that the APT was able to access.â reads the analysis published by CheckPoint. ââEpMeâ, the Equation Group exploit for CVE-2017-0005, is one of 4 different LPE exploits included in the DanderSpritz attack framework. EpMe dates back to at least 2013 â four years before APT31 was caught exploiting this vulnerability in the wild.â
A Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from companies and banks in the U.S. and other countries, federal prosecutors said.
Ramon Olorunwa Abbas, 37, also known as âRay Hushpuppi,â is being accused of helping three North Korean computer hackers steal the funds from companies and banks, including one in Malta, in February 2019, according to the Justice Department.
âNorth Koreaâs operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the worldâs leading bank robbers,â Assistant Attorney General John Demers of the Justice Departmentâs National Security Division said in a statement on Feb. 17.
The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.
âWeâre well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.â
Ethical hacking refers to gaining unauthorized access to a system through different strategies. An ethical hack is carried out by following the footsteps of real hackers who mean harm to the system. By duplicating their strategies ethical hackers can identify vulnerabilities in the system. Once these activities are identified there is a better chance of resolving the issues before actual hackers find a way to gain access to your system or application.
What do Ethical Hackers Do?
Ethical hackers are also known as âwhite hatsâ, they can be thought of as experts who perform security assessments to ensure that an organizationâs security is not at risk. Companies hire teams of ethical hackers who help to identify system vulnerabilities and ensure that the security of the company is not compromised in any way. They generally follow four key protocols listed and explained below:
A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users.
A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.
The Tor mode implemented in the Brave web browser allows users to access .onion sites inside Brave private browsing windows.
When users are inside a Private Window with Tor, Brave doesnât connect directly to a website, instead, it connects to a chain of three different computers in the Tor network.
An anonymous researcher initially reported that the Braveâs Tor mode was sending queries for .onion domains to public internet DNS resolvers, other experts confirmed his findings.
âIf youâre using Brave you probably use it because you expect a certain level of privacy/anonymity. Piping .onion requests through DNS where your ISP or DNS provider can see that you made a request for an .onion site defeats that purpose.â explained the researcher. âAnyhow, it was reported by a partner that Brave was leaking DNS requests for onion sites and I was able to confirm it at the time.â
OneLogin’s recent research into remote working practices shows it is proving to be fertile ground for hackers – Here’s how to stay safe
How to stay secure
Another key step to keep your business safe from breaches is to ensure that your employees are following security best practices. To celebrate Data Privacy Day, weâve provided some practical steps to do this. For example:
Donât share your work computer with friends, housemates or family members: 26% of respondents admitted doing this
Donât download personal applications onto a company device: 23% of respondents admitted doing this
Donât work on a public wifi that is not protected: 22% of respondents admitted doing this
Donât share your corporate password with others: 12% of respondents admitted doing this
Donât leave your corporate devices unattended in a public space:10% of respondents admitted doing this
Do encourage your company to engage with multi-factor authentication (MFA), which gives you multiple layers of protection: Only 36% of respondents suggested that MFA had been implemented
Two-thirds of remote workers risk potentially breaching GDPR guidelines by printing out work-related documents at home, according to a new study from Go Shred.
The confidential shredding and records management company discovered that 66% of home workers have printed work-related documents since they began working from home, averaging five documents every week. Such documents include meeting notes/agendas (42%), internal documents including procedure manuals (32%), contracts and commercial documents (30%) and receipts/expense forms (27%).
Furthermore, 20% of home workers admitted to printing confidential employee information including payroll, addresses and medical information, with 13% having printed CVs or application forms.
The issue is that, to comply with the GDPR, all companies that store or process personal information about EU citizens within EU states are required to have an effective, documented, auditable process in place for the collection, storage and destruction of personal information.
However, when asked whether they have disposed of any printed documents since working from home, 24% of respondents said they havenât disposed of them yet as they plan to take them back to the office and a further 24% said they used a home shredding machine but disposed of the documents in their own waste. This method of disposal is not recommended due to personal waste bins not providing enough security for confidential waste and therefore still leaving employers open to a data breach and potential fines, Go Shred pointed out.
Most concerning of all, 8% of those polled said they have no plans to dispose of the work-related documents they have printed at home, with 7% saying they havenât done so because they do not know how to.
Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords.
The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division at Palo Alto Networks, this crypto-mining botnet has been active since January 2019.
Written in the Go programming language, researchers say they’ve seen WatchDog infect both Windows and Linux systems.
The point of entry for their attacks has been outdated enterprise apps. According to an analysis of the WatchDog botnet operations published on Wednesday, Unit 42 said the botnet operators used 33 different exploits to target 32 vulnerabilities in software such as:
