InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
A Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from companies and banks in the U.S. and other countries, federal prosecutors said.
Ramon Olorunwa Abbas, 37, also known as âRay Hushpuppi,â is being accused of helping three North Korean computer hackers steal the funds from companies and banks, including one in Malta, in February 2019, according to the Justice Department.
âNorth Koreaâs operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the worldâs leading bank robbers,â Assistant Attorney General John Demers of the Justice Departmentâs National Security Division said in a statement on Feb. 17.
The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.
âWeâre well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.â
Ethical hacking refers to gaining unauthorized access to a system through different strategies. An ethical hack is carried out by following the footsteps of real hackers who mean harm to the system. By duplicating their strategies ethical hackers can identify vulnerabilities in the system. Once these activities are identified there is a better chance of resolving the issues before actual hackers find a way to gain access to your system or application.
What do Ethical Hackers Do?
Ethical hackers are also known as âwhite hatsâ, they can be thought of as experts who perform security assessments to ensure that an organizationâs security is not at risk. Companies hire teams of ethical hackers who help to identify system vulnerabilities and ensure that the security of the company is not compromised in any way. They generally follow four key protocols listed and explained below:
A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users.
A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.
The Tor mode implemented in the Brave web browser allows users to access .onion sites inside Brave private browsing windows.
When users are inside a Private Window with Tor, Brave doesnât connect directly to a website, instead, it connects to a chain of three different computers in the Tor network.
An anonymous researcher initially reported that the Braveâs Tor mode was sending queries for .onion domains to public internet DNS resolvers, other experts confirmed his findings.
âIf youâre using Brave you probably use it because you expect a certain level of privacy/anonymity. Piping .onion requests through DNS where your ISP or DNS provider can see that you made a request for an .onion site defeats that purpose.â explained the researcher. âAnyhow, it was reported by a partner that Brave was leaking DNS requests for onion sites and I was able to confirm it at the time.â
OneLogin’s recent research into remote working practices shows it is proving to be fertile ground for hackers – Here’s how to stay safe
How to stay secure
Another key step to keep your business safe from breaches is to ensure that your employees are following security best practices. To celebrate Data Privacy Day, weâve provided some practical steps to do this. For example:
Donât share your work computer with friends, housemates or family members: 26% of respondents admitted doing this
Donât download personal applications onto a company device: 23% of respondents admitted doing this
Donât work on a public wifi that is not protected: 22% of respondents admitted doing this
Donât share your corporate password with others: 12% of respondents admitted doing this
Donât leave your corporate devices unattended in a public space:10% of respondents admitted doing this
Do encourage your company to engage with multi-factor authentication (MFA), which gives you multiple layers of protection: Only 36% of respondents suggested that MFA had been implemented
Two-thirds of remote workers risk potentially breaching GDPR guidelines by printing out work-related documents at home, according to a new study from Go Shred.
The confidential shredding and records management company discovered that 66% of home workers have printed work-related documents since they began working from home, averaging five documents every week. Such documents include meeting notes/agendas (42%), internal documents including procedure manuals (32%), contracts and commercial documents (30%) and receipts/expense forms (27%).
Furthermore, 20% of home workers admitted to printing confidential employee information including payroll, addresses and medical information, with 13% having printed CVs or application forms.
The issue is that, to comply with the GDPR, all companies that store or process personal information about EU citizens within EU states are required to have an effective, documented, auditable process in place for the collection, storage and destruction of personal information.
However, when asked whether they have disposed of any printed documents since working from home, 24% of respondents said they havenât disposed of them yet as they plan to take them back to the office and a further 24% said they used a home shredding machine but disposed of the documents in their own waste. This method of disposal is not recommended due to personal waste bins not providing enough security for confidential waste and therefore still leaving employers open to a data breach and potential fines, Go Shred pointed out.
Most concerning of all, 8% of those polled said they have no plans to dispose of the work-related documents they have printed at home, with 7% saying they havenât done so because they do not know how to.
Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords.
The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division at Palo Alto Networks, this crypto-mining botnet has been active since January 2019.
Written in the Go programming language, researchers say they’ve seen WatchDog infect both Windows and Linux systems.
The point of entry for their attacks has been outdated enterprise apps. According to an analysis of the WatchDog botnet operations published on Wednesday, Unit 42 said the botnet operators used 33 different exploits to target 32 vulnerabilities in software such as:
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets.
The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip.
The discovery suggests threat actors are tailoring their malware to target the latest generation of Mac devices using the own processors.
Wardle discovered a Safari adware extension, tracked as GoSearch22, that was initially developed to run on Intel x86 chips, and now it was adapted to run on M1 chips.
âWhat we do know is as this binary was detected in the wild (and submitted by a user via an Objective-See tool) âŠso whether it was notarized or not, macOS users were infected.â reads the analysis published by Wardle. âLooking at the (current) detection results (via the anti-virus engines on VirusTotal), it appears the GoSearch22.app is an instance of the prevalent, yet rather insidious, âPirritâ adware:â
‘We identified that it was possible to compromise any account on the application within a 10-minute timeframeâ
Critical zero-day vulnerabilities in Gaper, an âage gapâ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.
The absence of access controls, brute-force protection, and multi-factor authentication in the Gaper app mean attackers could potentially exfiltrate sensitive personal data and use that data to achieve full account takeover within just 10 minutes.
More worryingly still, the attack did not leverage â0-day exploits or advanced techniques and we would not be surprised if this had not been previously exploited in the wildâ, said UK-based Ruptura InfoSecurity in a technical write-up published yesterday (February 17).
Despite the apparent gravity of the threat, researchers said Gaper failed to respond to multiple attempts to contact them via email, their only support channel.
GETting personal data
Gaper, which launched in the summer of 2019, is a dating and social networking app aimed at people seeking a relationship with younger or older men or women.
Ruptura InfoSecurity says the app has around 800,000 users, mostly based in the UK and US.
Because certificate pinning was not enforced, the researchers said it was possible to obtain a manipulator-in-the-middle (MitM) position through the use of a Burp Suite proxy.
This enabled them to snoop on âHTTPS traffic and easily enumerate functionalityâ.
RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.
The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the secretariat for the RIPE community supporting the Internet through technical coordination.
It has over 20,000 members from over 75 countries who act as Local Internet Registries (LIRs) and assign blocks of IP addresses to other organizations in their own country.
The organization mitigated the attack and its investigation confirmed that not SSO accounts have been compromised.
âLast weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate âcredential-stuffingâ attack, which caused some downtime,â reads a statement published by the organization. Â
âWe mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future. Our preliminary investigations do not indicate that any SSO accounts have been compromised.â
In Stephen Kingâs 1994 made-for-TV movie âThe Stand,â most of the human race is wiped out by a deadly virus. As a result, power stations are unmanned and Americans are left without electricity for months. That is, until a husband and wife team works engineering magic at a power plant, flipping the right switches to bring the entire grid back online.
Anyone familiar with the black start process knows that in real life, it doesnât happen with quite so much Hollywood pizzazz. But black start is a remarkable process and the controls and instrumentation used during a black start must operate with the utmost precision and speed.
A black start unit is one that can start its own power without support from the grid in the event of a major system collapse or a system-wide blackout. In the U.S., every region within the North American Electric Reliability Corp. (NERC) has its own black start plan and procedures. Each region also designates certain plants as black start units. The controls used on a black start unit include a DC auxiliary support system, an ignition source, a gas turbine and a diesel generator.
Carlo Barrera, senior consulting engineer at PAL Turbine Services LLC, has overseen several conversions of gas turbines to have black start capabilities, including projects for Puget Sound Energy and Massachusetts Municipal Wholesale Electric Co. For the city of Gardner, Kan., PAL installed its own programmable logic controller for turbine control. At a later date, black start capability was incorporated and proved out using a load bank.
Barrera said the DC auxiliary support system is perhaps the most important part of the control system. The battery system must have enough capability to provide DC power for multiple start attempts in case the gas turbine fails to start or fire the first time. âThe battery systems need to have the capability in reserve power for two or three firing attempts if a true blackout emergency happens, since gas turbines donât always start on the first attempt in a blackout situation,â Barrera said.
When the loss of AC power in the grid is noticed on a black-start turbine, an undervoltage relay initiates the start of numerous DC motor-driven auxiliaries. Devices like the turbine lube oil pump, liquid fuel forwarding pump, atomizing air compressor, starting clutch, diesel starting motor and shaft turning ratchet all require DC power to operate. DC auxiliary support system suppliers include GE, Siemens and ABB.
Due to technologyâs entertaining nature, you are likely to spend more than the recommended amount of time on it. If you find yourself taking more than 5 hours daily on social media websites, that is already a sign that you are leading towards technology addiction. In such a case, you may not focus on college academic work. Consequently, you may record unimpressive grades.
You need to find a way to deal with such an addiction. Create a plan with the specific hours you intend to spend on different daily activities. Stick to your routine and fight the urge to use your phone at inappropriate times. Ensure you have hit your daily targets before you use your tablet.
The trick is to ensure you maintain your focus. Besides, do not forget about face-to-face communication. Find time to spend with your friends. You can leave your technological devices in one location and travel to a different destination. It helps to ensure that you can live without these devices without feeling uncomfortable.
Safeguard Your Identity as You Surf Online
Although the internet has numerous advantages, there are also pitfalls to its use. For example, some tech-savvy people have the expertise to find peopleâs passwords within minutes. If you are a lazy person who prefers simple passwords, you may become a victim. They can use this information to your detriment.
How do you ensure your details are safe as you work online? For every account you sign up for, use a strong password. It could be a mixture of lower and uppercase letters, numbers, and special characters. Where possible, use the two-step authentication feature.
What are the additional tips that can help you? When entering an account password, ensure there is no one peeking over your shoulders. Do not allow untrustworthy people to use your devices. Additionally, do not click suspicious links.
Digital ad company Confiant, which claims to âimprove the digital marketing experienceâ for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.
According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost certainly have seen, where you visit an apparently honest web page and then get pestered with online surveys.
Weâve warned our readers many times about the risks of online surveys â even ones that donât obviously or explicitly lead to attempted malware infections.
At best, you will often end up giving away a surprising amount of personal data, typically in return for a minuscule chance of winning a free product (fancy phones, high-value gift cards and games consoles are typically used as lures).
Interesting research on persistent web tracking using favicons. (For those who donât know, favicons are those tiny icons that appear in browser tabs next to the page name.)
Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less tracking. Nonetheless, the complexity and feature-rich nature of modern browsers often lead to the deployment of seemingly innocuous functionality that can be readily abused by adversaries. In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: favicons. In more detail, a website can track users across browsing sessions by storing a tracking identifier as a set of entries in the browserâs dedicated favicon cache, where each entry corresponds to a specific subdomain. In subsequent user visits the website can reconstruct the identifier by observing which favicons are requested by the browser while the user is automatically and rapidly redirected through a series of subdomains. More importantly, the caching of favicons in modern browsers exhibits several unique characteristics that render this tracking vector particularly powerful, as it is persistent (not affected by users clearing their browser data), non-destructive (reconstructing the identifier in subsequent visits does not alter the existing combination of cached entries), and even crosses the isolation of the incognito mode. We experimentally evaluate several aspects of our attack, and present a series of optimization techniques that render our attack practical. We find that combining our favicon-based tracking technique with immutable browser-fingerprinting attributes that do not change over time allows a website to reconstruct a 32-bit tracking identifier in 2 seconds. Furthermore,our attack works in all major browsers that use a favicon cache, including Chrome and Safari. Due to the severity of our attack we propose changes to browsersâ favicon caching behavior that can prevent this form of tracking, and have disclosed our findings to browser vendors who are currently exploring appropriate mitigation strategies.
In this post, we are going to talk about MITRE ATT&CKÂź technique T1001 â Data Obfuscation. As the name indicates, this technique consists in making data, usually sent over Command and Control (C&C) communications, more difficult to detect and decode. There are countless ways to do that, but here we are going to focus on disguising payloads â which can simply be information, but also files written as malware or scripts â as images.
Why would someone do that? Mainly because every day lots of images are downloaded when a user is surfing the internet. Downloading an image-like file therefore blends perfectly into regular traffic and does not stand out for a network security control that, for instance, blocks the download of Windows binaries or PowerShell scripts, or does not look for malicious content in an image file. Since these files do not show up as executable, they can fly under the radar of an antivirus or endpoint detection and response (EDR) capability more easily.
Below we will show three examples of how to obfuscate data into image files, namely:
Adding a JPEG header to the data;
Appending the data to a JPEG image; and
Embedding the data into a PNG image using Least Significant Byte (LSB) steganography.
Of course, Birsan didnât literally do it alone and unaided (see the end of his paper for the section of shout-outs to others who helped directly or inspired him indirectly during his research), and he didnât really attack anyone in the way that a criminal hacker or cracker would.
His work was done in accordance with bug bounty rules or pre-arranged penetration testing agreements, and Birsan actually includes bug bounties in his credits:
The CCPA (California Consumer Privacy Act) is a California data protection law that came into effect on January 1, 2020. Following the passing of Prop 24, the CPRA (California Privacy Rights Act) will take effect officially on January 1, 2023 and replace the CCPA. The CPRA is widely viewed as Californiaâs version of the EUâs GDPR (General Data Protection Regulation).
Just like the GDPR, it gives people more control over their personal data, and holds businesses more accountable for protecting the data they collect and process.
Once you have completed the California Consumer Privacy Act Foundation Online Training course, you will be able to:
Demonstrate an understanding ofâŻprivacy and cybersecurity lawâŻconcepts, andâŻbasis of national/state jurisdictionâŻ
Define terms used in the CCPA/CPRA and contrast to the GDPRâŻ
Articulate the rights of consumers, andâŻdetermineâŻthe duties of a businessâŻ
![Nmap 6 Cookbook: The Fat-Free Guide to Network Security Scanning by [Nicholas Marsh]](https://m.media-amazon.com/images/I/513N7nPke6L.jpg)
