Nov 18 2020

Senate passes bill to secure internet-connected devices against cyber

Category: NIST CSF,NIST PrivacyDISC @ 11:40 pm

The Senate this week unanimously passed bipartisan legislation designed to boost the cybersecurity of internet-connected devices.

The Senate passes a bill that would require all internet-connected devices purchased by the US government to comply with NIST’s minimum security recommendations

The Internet of Things Cybersecurity Improvement Act would require all internet-connected devices purchased by the federal government — such as computers and mobile devices — to comply with minimum security recommendations issued by the National Institute of Standards and Technology.

The bill would require private sector groups providing devices to the federal government to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks.

The legislation, which the Senate advanced on Tuesday, was passed unanimously by the House in September. It now heads to President Trump for a signature.

“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand,” Gardner noted in a separate statement. “We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks. Ensuring that our government has the capabilities and expertise to help navigate the impacts of the latest technology will be important in the coming years and decades.”

Source: Senate passes bill to secure internet-connected devices against cyber







Nov 17 2020

Microsoft’s Pluton chip upgrades the hardware security of Windows PCs

Category: Hardware Security,Information SecurityDISC @ 1:05 pm

Pluton chip

The next Windows PC you buy could come with an advanced security co-processor that will protect your data from being stolen by hackers.

The next Windows PC you buy could come with an advanced security co-processor that will protect your data from being stolen by hackers. Building on work it started with the Xbox One, on Tuesday Microsoft announced the existence of Pluton. It’s a new project the company is working on with both AMD and Intel, as well as Qualcomm, to create x86 and ARM CPUs that integrate a dedicated security component.

At its simplest, Pluton is an evolution of the existing Trusted Platform Module (TPM) you find in many modern computers. TPMs store security-related information about your operating system and enable features like Windows Hello. However, for all the additional security they add to PCs, they still have vulnerabilities. As security researchers have shown, it’s possible for hackers to attack the bus interface that allows the TPM and CPU to communicate with one another.

That’s where Pluton comes into the picture. By integrating the TPM into the CPU, Microsoft says it’s able to close off that avenue of attack. When the first slate of Pluton-equipped CPUs and computers start making their way out to consumers, Microsoft says they’ll emulate TPM chips so that they can take advantage of existing APIs and provide Windows users with immediate usefulness. The end goal is for Pluton-equipped CPUs to protect your credentials, encryption keys and personal data. In that way, it will be similar to the T2 and Titan M security chips Apple and Google offer, but with the added advantage of being there for the entire Windows ecosystem to use.

Source: Microsoft’s Pluton chip upgrades the hardware security of Windows PCs



Microsoft Pluton is a new security chip for Windows PCs
httpv://www.youtube.com/watch?v=f85ipqsOcqc&ab_channel=REFILLSOLUTIONS

Nov 16 2020

Dozens of ransomware gangs partner with hackers to extort victims

Category: RansomwareDISC @ 1:25 pm

Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations. The more well-known ransomware gangs run private affiliate programs where affiliates can submit applications and resumes to apply for membership.

For affiliates that are accepted into the program, the ransomware developers receive a 20-30% cut, and an affiliate gets 70-80% of the ransom payments they generate.

REvil private affiliate program

Source: Dozens of ransomware gangs partner with hackers to extort victims



Ransomware-as-a-Service (RaaS)
httpv://www.youtube.com/watch?v=LKJXnIn3QVI&ab_channel=ZolderB.V.



Tags: Ransomware as a service

Nov 12 2020

Costaricto APT: Cyber mercenaries use previously undocumented malware

Category: MalwareDISC @ 3:28 pm

CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with an undocumented malware.

Blackberry researchers have documented the activity of a hackers-for-hire group, dubbed CostaRicto, that has been spotted using a previously undocumented piece of malware to target South Asian financial institutions and global entertainment companies.

“During the past six months, the BlackBerry Research and Intelligence team have been monitoring a cyber-espionage campaign that is targeting disparate victims around the globe.” reads the analysis published by BlackBerry. “The campaign, dubbed CostaRicto by BlackBerry, appears to be operated by “hackers-for-hire”, a group of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunnelling capabilities.”

Source: Costaricto APT: Cyber mercenaries use previously undocumented malware



Tim Maurer discusses “Cyber Mercenaries: The State, Hackers and Power”
httpv://www.youtube.com/watch?v=i8qi8cLKl4A&ab_channel=HooverInstitution



Cyber Mercenaries: The State, Hackers, and Power



Tags: Advanced persistent threat, APT, Cyber mercenaries

Nov 11 2020

Google patches two more Chrome zero-days

Category: Zero dayDISC @ 5:57 pm

Google has now patched five Chrome zero-days in three weeks.

Source: Google patches two more Chrome zero-days | ZDNet

URGENT Google Chrome Zero Day flaw security update
httpv://www.youtube.com/watch?v=8u5jGXbaF0w



Zer0 Days

Nov 08 2020

FBI: Hackers stole source code from US government agencies and private companies

Category: Cyber Attack,Cyber Espionage,Cyber Threats,Cybercrime,HackingDISC @ 2:22 pm

FBI blames intrusions on improperly configured SonarQube source code management tools.

FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.

Officials provided two examples of past incidents:

“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.

“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”

Source: FBI: Hackers stole source code from US government agencies and private companies | ZDNet


Nov 06 2020

Pwn2Own Tokyo Day one: NETGEAR Router, WD NAS Device hacked

Category: cyber security,Hacking,Information SecurityDISC @ 11:30 am

Pwn2Own Tokyo 2020 hacking competition is started, bug bounty hunters already hacked a NETGEAR router and a Western Digital NAS devices.

The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a broad range of devices.

On the day one of the competition, bug bounty hunters have successfully hacked a vulnerability in the NETGEAR Nighthawk R7800 router. The participants were the Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security, and the Team Flashback earned $20,000 for a remote code execution exploit that resulting from the chaining of two bugs in the WAN interface.

“The team combined an auth bypass bug and a command injection bug to gain root on the system. They win $20,000 and 2 points towards Master of Pwn.” reads the post on the official site of the Pwn2Own Tokyo 2020.
The Trapa team successfully chained a pair of bugs to gain code execution on the LAN interface of the router, the experts earned $5,000 and 1 point towards Master of Pwn.

The STARLabs team earned the same amount after using a command injection flaw to take control of the device.

The Western Digital My Cloud Pro series PR4100 NSA device was targeted by The Trapa Security team also earned $20,000 for a working exploit for the Western Digital My Cloud Pro series PR4100 NSA device.

The exploit code chained an authentication bypass bug and a command injection vulnerability to gain root on the device.

Source: Pwn2Own Tokyo Day one: NETGEAR Router, WD NAS Device hacked



Pwn2Own Tokyo (Live from Toronto) 2020 – Day One
httpv://www.youtube.com/watch?v=jX0b8iKXnbI&ab_channel=ZeroDayInitiative

Tags: pwn2own, Pwn2Own Tokyo

Nov 05 2020

Spotting a Common Scam

Category: Cyber Threats,Identity Theft,Information Privacy,Information Security,Security AwarenessDISC @ 3:00 pm

Spotting a Common Scam 

Image
These scams seek to collect personal information about you, often appearing to come from a real business or agency. Someone may pose as an official disaster aid worker, or send you a fraudulent COVID contact tracing email. If you receive a message with a link, you should not click it as it may download malware to your device to steal passwords and personal information. Government agencies like FEMA or the IRS will never contact you asking for a FEMA registration number, a Social Security number, or a bank account or credit card number to give you a COVID or FEMA payment—or ask you to pay anything up front to fill out an application or to access state or federal resources.
Image

 

 

 

Before sharing, check that what you are reading is from a trustworthy source. Disinformation can be life threatening in a global pandemic.

 

Image

No cures or vaccines have been approved for COVID-19 yet. Online offers claiming to provide a medicine or device to treat or prevent COVID should be ignored. When there is a new breakthrough in the treatment and prevention of COVID, it will be widely reported on by reputable news sources.

 

Image

 

 

Fake charities often emerge following a crisis, soliciting donations, but not using them for the described purpose. Before donating, check out www.ftc.gov/charity  to research the organization and make sure it’s legitimate.

 

Image

If you receive a robocall, you should hang up instead of pushing any buttons or giving away any personal information. If a call claims to be from the IRS or FEMA, but demands immediate payment through debit card or wire transfer, it is fraudulent. Federal agencies will never demand immediate payment over the phone, threaten immediate arrest, or ask you to make a payment to anyone other than the U.S. Treasury.

Warning Signs that a Loved One may be the Victim of a Scam 
Victims to a scam may be embarrassed or uncomfortable asking for help. It’s not always obvious when someone has been scammed, so check in with your loved ones frequently, especially if they are older, live alone, or are otherwise high risk.

Warning signs include large ATM withdrawals, charges, or checks; secretiveness and increased anxiety about finances; large quantities of goods being delivered that they do not need; an unusual number of phone calls or visits from strangers; and a sudden lack of money, unpaid bills, or a change in daily habits.

 

For more information, and to get help with a potential FEMA fraud, you can call the National Center for Disaster Fraud Hotline at 866-720-5721 or FEMA’s Public Inquiry Unit at 916-210-6276. For questions about pandemic scams, go to www.ftc.gov/coronavirus or www.cdc.goc/coronavirus/2019-ncov .


Tags: common scam, scam

Nov 03 2020

Privacy-focused Brave browser grew over 130% in the past year

Category: Information Privacy,Web SecurityDISC @ 1:07 pm

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its ‘Stable’ version.

Source: Privacy-focused Brave browser grew over 130% in the past year



Brave Browser Review 2020: Should you make the switch?
httpv://www.youtube.com/watch?v=cQuTwpUFIXU&ab_channel=dottotech



Why you should download Brave Browser NOW!

Tags: data privacy, Information Privacy, loss of privacy

Nov 02 2020

Cyber Security Training Courses

Category: cyber security,Security Awareness,Security trainingDISC @ 11:17 pm

Cyber Security Training Courses via Simpliv

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/Simpliv-Links.pdf” title=”Simpliv Links”]

To review each course download a pdf of Cyber Security Training Courses

Tags: Cyber Security Training Courses

Nov 01 2020

Open Shell brings back the glory days of the Windows Start Menu

Category: Windows SecurityDISC @ 11:14 pm

Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8.

Source: Open Shell brings back the glory days of the Windows Start Menu



Make Your Start Menu Look Like Windows 7 With Open Shell
httpv://www.youtube.com/watch?v=WlBVCNHB8uQ&ab_channel=majorgeeks

Tags: Open Shell, Windows Start Menu

Oct 30 2020

In a first, researchers extract secret key used to encrypt Intel CPU code

Category: Crypto,CryptograghyDISC @ 2:49 pm

Hackers can now reverse-engineer updates or write their own custom firmware.

Source: In a first, researchers extract secret key used to encrypt Intel CPU code

Oct 29 2020

Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery

Category: RansomwareDISC @ 2:05 pm

A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals.

Source: Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery



Understanding malware as a service
httpv://www.youtube.com/watch?v=VoOJaKZvZ-o&ab_channel=BitdefenderOEM



MaaS Chaos. Is Malware-as-a-Service Growing?
In the legitimate business world, there’s something known as Software-as-a-Service, or SaaS. Here’s a definition: A software licensing-and-delivery model in which centrally located and controlled software is made available and licensed/rented on a subscription basis by users. SaaS clients are generally businesses.

Now, organized online crooks have moved into that space and business model too. It didn’t take long for that large-scale approach to not only hit the Internet, but to create a lucrative malware business for criminals who are selling viruses and more to anyone who wants it and is willing to pay for it. It’s “MBA-like” thinking for the purpose of making money by committing technologically based crimes.

Malware-as-a-Service is the latest term for the business of a network of sophisticated cyber-crooks providing illegal services, for a fee.



One of the reasons that cybercrime has grown so rapidly is that the criminals at the top of the “food chain” have built scalable business models for their crimes. This allows experienced hacking groups to collaborate, and new criminals to leverage the resources of veteran hackers. “Crime-as-a-service” is nothing new, but the tools change rapidly as crimeware developers work to exploit the latest vulnerabilities and stay ahead of security. The Emotet banking trojan has emerged as a leader in providing malware delivery services to other hacking groups, and you will want to make sure you understand and defend against this threat.

Emotet emerges as a leader in Malware-as-a-Service

Tags: Emotet, malware-as-a-service

Oct 27 2020

Google Mending Another Crack in Widevine

Category: data securityDISC @ 12:05 pm

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.

The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content.

“As code protection is always evolving to address new threats, we are currently working to update our Widevine software DRM with the latest advancements in code protection to address this issue,” Google said in a written statement provided to KrebsOnSecurity.

In January 2019, researcher David Buchanan tweeted about the L3 weakness he found, but didn’t release any proof-of-concept code that others could use to exploit it before Google fixed the problem.

Source: Google Mending Another Crack in Widevine




Tags: digital rights management, DRM

Oct 26 2020

Botnet Infects Hundreds of Thousands of Websites

Category: BotnetDISC @ 9:02 pm

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

The botnet, dubbed KashmirBlack, uses a modular infrastructure that includes features such as load balancing communications with command-and-control servers and storing files on cloud storage services, such as Dropbox and GitHub, to speed access to any new code updates for the systems infected with the software. The KashmirBlack botnet mainly infects popular CMS platforms, exploiting dozens of known vulnerabilities on targeted servers and performing millions of attacks per day on average, according to a pair of reports published by Imperva researchers today.

Source: Botnet Infects Hundreds of Thousands of Websites



CyberHub Podcast – Practitioner Brief 10-26-20 Emotet upgrades, Kashmirblack & ransomware surge
httpv://www.youtube.com/watch?v=2td9wQ4LleY&ab_channel=TheCyberHubPodcast




Oct 21 2020

PayPal to allow cryptocurrency buying, selling and shopping on its network

Category: Crypto,CryptograghyDISC @ 10:36 am

PayPal Holdings Inc joined the cryptocurrency market on Wednesday, allowing customers to buy, sell and hold bitcoin and other virtual coins using the U.S. digital payments company’s online wallets.

Source: PayPal to allow cryptocurrency buying, selling and shopping on its network



PayPal to Allow Cryptocurrency Buying, Selling and Shopping on its Network â‚żâ‚żâ‚ż
httpv://www.youtube.com/watch?v=QdOvU6YzNbU&ab_channel=RulesForRebels







Tags: cryptocurrency, PayPal

Oct 19 2020

Hackers hijack Telegram, email accounts in SS7 mobile attack

Category: HackingDISC @ 3:12 pm

Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

Source: Hackers hijack Telegram, email accounts in SS7 mobile attack



Telegram SS7 attack
httpv://www.youtube.com/watch?v=dkvQqatURdM&ab_channel=ThomasBrewster

Oct 15 2020

Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Category: Data Breach,Security BreachDISC @ 8:44 am

Nook, line and sinker: Servers restored from backups, punters unable to download purchased e-books

Source: Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Oct 12 2020

Microsoft and others orchestrate takedown of TrickBot botnet

Category: BotnetDISC @ 9:41 pm

FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender team participated in the takedown.

Source: Microsoft and others orchestrate takedown of TrickBot botnet | ZDNet



Microsoft takes action against Trickbot ransomware attacks
httpv://www.youtube.com/watch?v=39MFGABNf2U&ab_channel=CBCNews%3ATheNational

Tags: botnet, TrickBot

Oct 09 2020

So you thought your personal data was deleted? Not so fast

Category: Information PrivacyDISC @ 4:37 pm

Here’s why it may be impossible to delete your personal information from Houseparty and other social media services – despite privacy legislation!

Source: So you thought your personal data was deleted? Not so fast | WeLiveSecurity



How to erase your iPhone — Apple Support
httpv://www.youtube.com/watch?v=zX4xvkJDHVw&ab_channel=AppleSupport

« Previous PageNext Page »