Welcome to DISC InfoSec blog | Awareness and education are key in information security, we share InfoSec & compliance related information..to Learn more contact us »
MITRE Engenuity has released ATT&CK Workbench, an open source tool that allows organizations to customize their local instance of the MITRE ATT&CK database of cyber adversary behavior.
The tool allows users to add notes, and create new or extend existing objects – matrices, techniques, tactics, mitigations, groups, and software – with new content. It also allows them to share these insights with other organizations.
All the information technology (IT) literature emphasizes the fact that a properly managed organization should have a well-developed IT disaster recovery plan (DRP) to enable it to continue its operations in the event of a disruption and to be able to survive a disastrous interruption to its information systems. To determine the current status of IT disaster recovery plans in the UAE, this research attempts to answer the following research questions:
1) what is the overall level of disaster preparedness of businesses in the United Arab Emirates?
2) To what extent does your business have a formal and documented disaster recovery plan in place?
3) What is the level of employees’ preparedness and awareness of the existence of the DRB and their role in case of a disaster?
4) The most significant physical and logical risks that pose the most threats to drive the development of the DRB?
5) The extent of the controls in place to mitigate, avoid or transfer risk? and
6) what is the frequency of testing and exercising the DRP? To answer these questions, we surveyed the public companies listed on the Abu Dhabi Securities Exchange (ADX).
Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality.
Of course, no one needs to be told that.
Paying up hurts in any number of ways, whether you feel that hurt in your head, in your heart or even just in the pit of your stomach.
“I was happy to pay up for a job well done,” said no ransomware victim ever.
However, it’s easy for people who aren’t looking down the wrong end of the cybercrime barrel to say, “You should never, ever pay. You should let your entire business implode, and let everyone in the company lose their job, because that’s just the price of failure.”
So, if your back’s against the wall and you DO pay up in the hope that you’ll be able to restart a business that has ground to a total halt…
…how well will it all go?
Guess what? You can find out by tuning into a fun but informative talk that we’re giving twice this week.
You need to register, but both events are free to join. (They’re both 100% virtual, given that the UK is still in coronavirus lockdown, so feel free to attend from anywhere.)
We’ll give you a clue by sharing a key slide from the talk:
As you can see, paying up often doesn’t work out very well anyway, even if you have no ethical qualms about doing so, and enough money burning a hole in your pocket to pay without flinching.
And remember that if you lose 1/3 of your data, like 1/2 of our respondents said they did, you don’t get to choose which computers will decrypt OK and which will fail.
Murphy’s law warns you that the laptops you could have reimaged easily enough will probably decrypt just fine, while those servers you really meant to backup but didn’t… probably won’t.
We’re going to try to make the talk amusing (as amusing as we dare be when talking about such a treacherous subject), but with a serious yet not-too-technical side.
We’ll be giving some tips you can use both at work and at home to reduce the risk of getting ransomed in the first place.
No cybersecurity plan will ever be perfect, no defense is impenetrable. With the dangers and costs of a successful ransomware attack on an organization increasing daily, it is important for cybersecurity and business leaders to have a prevention and recovery plan before disaster strikes.
In Ransomware Protection Playbook experienced penetration tester and cybersecurity evangelist Roger Grimes lays out the steps and considerations organizations need to have in place including technical preventative measures, cybersecurity insurance, legal plans, and a response plan. From there he looks at the all important steps to stop and recover from an ongoing attack starting with detecting the attack, limiting the damage, and what’s becoming a trickier question with every new attack – whether or not to pay the ransom.
No organization with mission-critical systems or data can afford to be unprepared for ransomware. Prepare your organization with the Ransomware Protection Playbook.
TOR Anonymity Network 101 If you have been searching for how to access the most private and secure part of the internet, then look no more! The TOR Anonymity Network 101 – An Introduction To The Most Private Part Of The Internet has everything you’ve ever wanted to learn about how to be completely anonymous online. We live in an age where despite our best intentions, everything we do online is open to monitoring or attack. Our own advances in technology which were supposed to make our lives easier can be twisted and used against us. Knowing how to protect our own best interests is a vital skill that everyone should be aware of. The TOR Anonymity Network 101 includes: * How to maintain your anonymity online * The key to networking 101 * An introduction to the most private parts of the internet & much more! TOR doesn’t stop you from being seen on the internet, but it will prevent people from learning your location and using that information against you. If you value your privacy, then you need to check out TOR Anonymity Network 101 – An Introduction To The Most Private Part Of The Internet for yourself!
Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility…
“The technology controlling United States nuclear weapons predates the Internet. Updating the technology for the digital era is necessary, but it comes with the risk that anything digital can be hacked. Moreover, using new systems for both nuclear and non-nuclear operations will lead to levels of nuclear risk hardly imagined before. This book is the first to confront these risks comprehensively. With Cyber Threats and Nuclear Weapons, Herbert S. Lin provides a clear-eyed breakdown of the cyber risks to the U.S. nuclear enterprise. Featuring a series of scenarios that clarify the intersection of cyber and nuclear risk, this book guides readers through a little-understood element of the risk profile that government decision-makers should be anticipating. What might have happened if the Cuban Missile Crisis took place in the age of Twitter, with unvetted information swirling around? What if an adversary announced that malware had compromised nuclear systems, clouding the confidence of nuclear decision-makers? Cyber Threats and Nuclear Weapons, the first book to consider cyber risks across the entire nuclear enterprise, concludes with crucial advice on how government can manage the tensions between new nuclear capabilities and increasing cyber risk. This is an invaluable handbook for those ready to confront the unique challenges of cyber nuclear risk”–
We don’t often put out programming appeals on Naked Security, especially when the code that we’re looking for is dangerous and destructive.
But this time we’re prepared to make an exception, given that it’s a rainy Friday afternoon where we are, and that this issue is now in its fifteenth consecutive year.
Our attention was drawn to the problem by a tweet from well-known Google cybersecurity researcher Tavis Ormandy, who tweeted today to say:
The legend continues, the question was posted for the 15th consecutive year today! 👻 https://t.co/NkTngOopoY
Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises.
Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands. A dual-listed company,
Carnival Corporation has over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn.
The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information of people.
At the time of this writing, the number of impacted individuals was not revealed, it is also unclear if the company paid a ransom.
In 2020, the company was the victim of two distinct ransomware attacks that took place in August and December. In October, Carnival Corporation disclosed a data breach as a result of the ransomware attack that took place in August. Ransomware operators have stolen the personal information of customers, employees, and ship crews during the attack.
The recent security breach was spotted on March 19, in response to the incident, the IT staff shut down access and launched an investigation with the help of a cybersecurity.
The company announced to have implemented additional security measured to protect its infrastructure.
The cruise operator set up a call center to provide supports to its customers.
The good news is that the company is not aware of any abuse of personal information stolen during the intrusions.
In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches.
The probability is usually the big unknown. Not particularly helpful is that our abilities to estimate a probability are inferior to our abilities to estimate damage. In addition, we must consider a range of limitations to our abilities to estimate. We don’t estimate well in magnitudes very small or large. Once in 1,000 years and once in 10,000 years is harder to differentiate than once per year and once in 10 years. Also, we tend to overestimate the probability of recently occurred incidents.
The great uncertainty drives risk practitioners to reduce their risk assessments to pure impact assessments (“Estimations of probability can only be wrong!”). However, we can use what is out there on data and make comparisons.
Did you know the odds of being struck by lightning in a given year are only around 1 in 100,000,000? That’s not a scary thought, mainly since 9 out of 10 people survive.
But when it comes to identity theft, the odds are 1 in 15. Worldwide, there’s a new victim every 2 seconds. Now, that is spine-chilling!
Identity theft is the most common consequence of a data breach. Defrauding and stealing someone’s identity is easier today than it has ever been in history.
Let’s go behind the scenes of an identity theft maneuver and learn how you can protect yourself from it.
What is identity theft
Identity theft occurs when someone uses your personal identifying information (like your name, social security number, or credit card number) without your knowledge or permission. The purpose of identity theft is to commit fraud or other crimes.
Identity thieves gain financial advantages or other benefits, while victims suffer financial loss and possibly other severe consequences, including being accused of a crime they didn’t commit.
If you receive an unsolicited email 📨 or phone call 📞 from what appears to be your bank or building society asking for your security details, never reveal your full password, login details or account numbers. https://t.co/jbqEif49Dfpic.twitter.com/UOWRqhXUte
— Insurance Fraud Enforcement Department (@CityPoliceIFED) March 26, 2021
Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama. There are VPNs from the Seychelles, Malaysia, and Bulgaria. There are VPNs from more Western and democratic countries like the US, Switzerland, Canada, and Sweden. Presumably all of those companies follow the laws of their home country.
And it matters. I’ve been thinking about this since Trojan Shield was made public. This is the joint US/Australia-run encrypted messaging service that lured criminals to use it, and then spied on everything they did. Or, at least, Australian law enforcement spied on everyone. The FBI wasn’t able to because the US has better privacy laws.
We don’t talk about it a lot, but VPNs are entirely based on trust. As a consumer, you have no idea which company will best protect your privacy. You don’t know the data protection laws of the Seychelles or Panama. You don’t know which countries can put extra-legal pressure on companies operating within their jurisdiction. You don’t know who actually owns and runs the VPNs. You don’t even know which foreign companies the NSA has targeted for mass surveillance. All you can do is make your best guess, and hope you guessed well.
The same should be pertinent for any technology or piece of software or hardware produced in other countries where privacy and copywrite laws are lax , anything supporting technology from a piece of software or hardware.
A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry to the interactive tablet, taking complete control of the system.
A vulnerability in the popular Peloton Bike+ could have allowed an attacker to gain complete control over the device, including the camera and microphone to spy on the gym users.
The flaw was discovered by researchers from McAfee’s Advanced Threat Research (ATR) team, it could be exploited by attackers to gain remote root access to the Peloton’s “tablet.” The touch screen tablet allows users to access interactive and streaming content.
Experts pointed out that the attackers need physical access to the bike or access during any point in the supply chain (from construction to delivery),
Experts noticed that the tablet is a standard Android device, once compromised it, the attacker could install malware, eavesdrop on traffic, and take the full control of the Bike+.
“A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with.” reads the analysis published by the experts. “With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. “
The attackers could add malicious apps disguised as popular applications, such as Netflix or Spotify, that could allow them to steal the login credentials of the gym users. An attacker could also gather info regarding users’ workouts or spy on them via the bike’s camera and microphone.
Attackers could decrypt the encrypted communications from the bike to various cloud services and databases it accesses, potentially accessing sensitive information.
The researchers discovered that the Bike’s system did not verify that the device’s bootloader was unlocked before attempting to boot a custom image, allowing the experts to load a file that wasn’t meant for the Peloton hardware.
“As companies return to a hybrid workplace, it’s crucial that they are aware of the evolving threat landscape,” said Craig Robinson, Program Director, Security Services at IDC. “The data highlighted in this threat report by Nuspire and Recorded Future shows that security leaders need to stay vigilant as threat actors see opportunity in the continued era of remote access.”
Increase in VPN attacks
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.
“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”
Because of the significant increase in VPN and RDP vulnerabilities, the report discovers malware, botnet and exploitation activity are down compared to Q4, but threat actors are still on the prowl.
What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.
According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:
The compilation itself has been dubbed ‘RockYou2021’ by the forum user, presumably in reference to the infamous RockYou data breach that occurred in 2009 and rockyou2021.txt filename containing all passwords, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.
With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB), the largest data breach compilation ever. Its 3.2 billion leaked passwords, along with passwords from multiple other leaked databases, are included in the RockYou2021 compilation that has been amassed by the person behind this collection over several years.
Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak.
How to check if your password was leaked?
Updated on 10/06: We have now uploaded nearly 7.9 billion out of 8.4 billion entries in the RockYou2021 password list to our leak databases. To safely check whether your password is part of this gigantic leak, make sure to head over to theCyberNews personal data leak checker or ourleaked password checker.
Note: We take our readers’ privacy extremely seriously. To protect your privacy and security, the data that you enter in the search field is hashed, and we use only this hash to perform a search in our database. We do not collect entered emails or passwords, nothing is logged when you perform a leak check.
Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data.
Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems
Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments.
— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021
The IT giant revealed that the SEO poisoning technique is effective, its Microsoft Defender Antivirus has thousands of PDF documents delivered as part of the ongoing campaign.
Upon opening the PDF files, users are prompted to download a .doc file or a .pdf version of their desired info. Once clicked the links, users will be redirected through 5 to 7 sites with TLDs like .site, .tk, and .ga. The sites appear as a clone of Google Drive web pages used to serve the SolarMaker malware.
As intended, these PDF files or pages referencing them turn up in search results. When opened, the PDFs prompt users to download a .doc file or a .pdf version of their desired info. Users who click the links are redirected through 5 to 7 sites with TLDs like .site, .tk, and .ga. pic.twitter.com/cBeTfteyGl
— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021
Microsoft experts noticed that the PDF files are hosted on Amazon Web Services and Strikingly primarily.
The attack works by using PDF documents designed to rank on search results. To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from “insurance form” and “acceptance of contract” to “how to join in SQL” and “math answers”.
— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021
If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. And the number of people you need to trust is larger than you might originally think. For an app to be secure, you need to trust the hardware, the operating system, the software, the update mechanism, the login mechanism, and on and on and on. If one of those is untrustworthy, the whole system is insecure.
It’s the same reason blockchain-based currencies are so insecure, even if the cryptography is sound.
If you’re building a career in information security the Certified Information Systems Security Professional (CISSP) is the must-have qualification to help you progress. It is a globally recognized standard that demonstrates your competence as an IT professional.
This course will prepare you with the knowledge and skills to complete the CISSP exam, which will get you Certified Information Systems Security Professional status. professional. Covering topics including cloud computing, mobile security, application development security, and risk management, you will gain the knowledge to best manage information security issues back in your organization.
Duration: 5 days
“I would highly recommend the course to a friend, and in fact I already have! I’d also recommend it to a security team within an organization, even if they’re not specifically targeting a CISSP certification as it teaches a broad range of best practices and will help instill a culture of security and best practice in any organization.”
Who should attend?
This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP common body of knowledge (CBK), such as:
Security consultants
Security managers
IT directors/managers
Security auditors
Security architects
Security analysts
Security systems engineers
Chief information security officers
Security directors
Network architects
Please note: A one year experience waiver is available with a 4-year college degree, or regional equivalent, or additional credentials from the (ISC)² approved list, thus requiring four years of direct full-time professional security work experience in 2 or more of the 8 domains of the CISSP CBK.
Don’t have 5 years of experience? – Become an Associate of (ISC)²
Cybercriminals and black hat hackers exploit system vulnerabilities and human weaknesses as well. This hacking tutorial discusses how a malicious actor can access any mobile or computer camera, microphone, physical location, and device information by just sending a URL along with some basic social engineering techniques.
Throughout this tutorial, we will glance at How Hackers Access Target WebCam Remotely and see what is happening on the other hand. To break into the victim’s webcam, we will utilize the tool Storm-Breaker and Kali Linux.
A group of hackers breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc. gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools.
Storm-Breaker is going to assist us with a hack. With Storm-Breaker, you have.
![Defense Management: DOD Can Establish More Guidance for Biometrics Collection and Explore Broader Data Sharing by [U.S Government Accountability Office]](https://m.media-amazon.com/images/I/510AjNrEc1L.jpg)
![RATS! How Hackers Take Over Your Computer: An Introduction to Remote Access Trojans by [James Wilson]](https://m.media-amazon.com/images/I/51fZz3kkIlL.jpg)
