Kevin Mitnick – Pretexting – “Fake IT” Password Break-In
Breaking into a Bank – Kevin Mitnick demonstrates the Access Card Attack
Best of Kevin Mitnick: My Favorite Hack
The Art of Deception: Controlling the Human Element of Security
Dec 08 2021
It’s Not a User Problem; It’s a Cybersecurity People Problem
There is a serious user problem out there, and whether the user makes a mistake or is intentionally malicious, it can impact the entire system and the organization. But is it really a user problem?
In their session at (ISC)2 Security Congress, Ira Winkler, CISO with Skyline Technology Solutions and Tracy Celaya-Brown, president, Go Consulting International, said the user problem is really a cybersecurity people problem.
“People can’t do things that we don’t give them permission to do,” Winkler said. As long as a user has the ability to do certain tasks, click on links or see a spearphishing email show up in their inbox, they will make mistakes that can take down the network. The problem is not that users cause a loss, but that they can potentially initiate a loss, according to Winkler and Celaya-Brown.
A Failure of Leadership
One mistake shouldn’t take down an entire network. One person shouldn’t have the ability to cause universal panic because of the access permissions they are given. But it happens all the time, and the reason is failure of cybersecurity leadership. Remember the Twitter hack a few years ago where some of the most famous names on the social media site were victims of account takeovers? Winkler pointed out that social engineering techniques coupled with the fact that about one-fifth of Twitter’s employees had permissions to change passwords led to that massive cybersecurity failure. Or, in other words, the human problem was enabled by cybersecurity people and leadership who fell short in their responsibilities. Of course, you want users that will behave the way cybersecurity leadership wants them to, but the cybersecurity team needs to take a closer look at their actions, too.
“We have to take a closer look at why problems occur,” said Winkler. “The problem isn’t a user clicking on a link. The problem occurred when the user received the message.”
New School Safety Science
Improving Cyber Security Skills And Knowledge At Board Level
Dec 07 2021
Cisco Survey Surfaces Legacy Infrastructure Security Challenges
A global survey of 5,123 active IT, security and privacy professionals conducted by YouGov on behalf of Cisco found well over a third of organizations (39%) are relying on what they consider to be outdated security technologies.
Overall, the survey found organizations that upgrade IT and security technologies quarterly are about 30% more likely to excel at keeping up with the business than those that upgrade only every few years. The survey also suggested that security operations teams that integrate people, processes and platforms see a 3.5X performance boost over rivals. Automation also more than doubles the performance of less experienced people, the survey suggested.
Wendy Nather, head of advisory chief information security officers (CISOs) for Cisco Duo, a multifactor authentication platform, said the survey makes it clear there is a clear benefit to relying on vendors such as Cisco or a managed service provider (MSP) that automates the update process. However, while outsourced detection and response teams are perceived to be superior, an internal security team is still faster in terms of mean-time-to-respond (MTTR) to a cybersecurity event (six days versus 13 days).
Not surprisingly, the survey also found organizations with integrated technologies are seven times more likely to achieve high levels of process automation. Organizations that claim to have mature implementations of zero-trust or secure access service edge (SASE) architectures are 35% more likely to report strong security operations. In addition, organizations that leverage threat intelligence achieve 50% faster mean-time-to-repair when recovering from a cybersecurity attack.
Finally, the survey found the probability of maintaining business resilience doesn’t improve until business continuity and disaster recovery capabilities cover at least 80% of critical systems and that organizations that regularly test their business continuity and disaster recovery capabilities in multiple ways are 2.5 times are more likely to maintain business resiliency. Organizations that make chaos engineering a standard practice are also twice as likely to achieve high levels of resiliency, according to the survey.
Nather said cybersecurity teams should also invest more in observability and threat intelligence tools. Many cybersecurity teams are overly confident in the level of security they have implemented only to discover that, once provided with access to metrics, that the amount of malware in their environment is much higher than they thought. Until that moment arrives, many organizations are suffering from cybersecurity ‘ignorance is bliss,’ she added.
Regardless of the current level of confidence in cybersecurity, Nater noted that the shift to remote work coupled with investments in digital business transformation initiatives will drive more organizations to revisit their cybersecurity strategies in 2022. Organizations will also need to reconsider their approach to cloud security given the number of misconfigurations that are made by DevOps teams using infrastructure-as-code (IaC) tools to provision infrastructure with little appreciation for DevSecOps best practices.
Ultimately, the issue organizations must come to terms with is that trying to protect legacy infrastructure is much harder than relying on either a cloud service or an as-a-service platform that is continuously updated by someone else. Unfortunately, not every organization can afford to rip and replace all their legacy infrastructure overnight.
Build, automate, and manage your infrastructure on the most popular cloud platform – AWS
Dec 07 2021
Improper Neutralization of CRLF Sequences in Java Applications
CRLF Injection
Let’s try to understand what CRLF injection is. In response to an HTTP request from a web browser, a web server sends a response, which contains both the HTTP headers and the actual content of the website. There is a special combination of characters that separates the HTTP headers from the HTML response (the website content), namely a carriage return followed by a line feed.
When a header ends with a CRLF, a new header is created on the server. So, a web application or a user will know when a new line begins in a file or text block.
An attacker can inject information into HTTP responses by using the CRLF characters that separate HTTP responses. As long as the header and body end in *CRLF>*CRLF>, the browser will understand that the header ends. Consequently, they have the option to store data in the body of the answer, where HTML is stored.
If an attacker enters the ASCII code for carriage return (%0d) and line feed (%0a) in a HTTPS header, they could identify them easily. The result would look like this:
https://xyz.com/index.php?page=home%0d%0a
Table of Contents
- Effects of CRLF Injection
- Improper Neutralization of CRLF Sequences in Java
- How to Fix CRLF Injection or Improper Neutralization Error
Dec 06 2021
Staff awareness e-learning courses
to get 10% off before Sunday, 19 December.*
- Written in plain English to help non-technical staff understand the topics.
- Real-life examples, case studies, quizzes and puzzles to engage learners and teach in an unconventional way.
- Multiple-choice assessment included to help consolidate learning.
- Monitor employees’ progress from a user-friendly dashboard.
- Multiple hosting and licence options available to suit your needs.
- Free monthly security bulletin packed with useful news and tips.
- Content and branding customization available on request.
Training available for individual or Corporate members
IT Governance Staff Awareness E-Learning Courses
Developed by experts, ITG staff awareness training courses have been designed to give your employees the knowledge they need to protect your organization’s data while performing their roles, in compliance with relevant standards, laws and cyber security best practices.
Dec 06 2021
SECURITY GUIDANCE FOR 5G CLOUD INFRASTRUCTURES
Prevent and Detect Lateral Movement
Security and Privacy Preserving for IoT and 5G Networks: Techniques, Challenges, and New Directions
Related articles:
The Best & Worst States in America for Online Privacy
Wireless Wars: China’s Dangerous Domination of 5G
👇 Please Follow our LI page…
DISC InfoSec
#InfoSecTools and #InfoSectraining
Dec 06 2021
2022 and the threat landscape: The top 5 future cybersecurity challenges
2022 is going to be a year of building greater resiliency and integrating this into all aspects of business operations. This will require organizations of all levels to review how they are responding to a larger scale of sophisticated threats. To build on the efforts of 2021, CISOs need to address how they can implement innovation into their business without making themselves more vulnerable to damaging attacks.
. The rise of the “assume-breach” mindset
Zero trust applies the principle of fundamentally not trusting anything on or off your network and deploys a “assume-breach” mindset.
. Innovation and new risk in 5G
. Customization, personalization and getting personal with phishing tactics
. Hackers will go for gold at the Beijing Olympics
. The enterprise API ecosystem will show its vulnerabilities
The Ransomware Threat Landscape: Prepare for, recognize and survive ransomware attacks
Dec 06 2021
Hackers are sending receipts with anti-work messages to businesses’ printers
Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay.
Multiple employees are sharing on Twitter and Reddit the images of anti-work messages sent to the printers of their organizations. The messages encourage workers to protect their rights and discuss their pay with coworkers and demand better pay.
“The posts were made on the r/Antiwork subreddit which describes itself as a community ‘for those who want to end work, are curious about ending work, want to get the most out of a work-free life, want more information on anti-work ideas
“ARE YOU BEING UNDERPAID? You have a protected LEGAL RIGHT to discuss your pay with your coworkers. […] POVERTY WAGES only exist because people are ‘willing’ to work for them.” reads the message.
“How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” reads one of the receipts.
The printed receipt encouraged employees to form unions because ‘Unions’ are the only organizations that could “easily align everyone’s goals.”
Dec 05 2021
CISSP study guide
Dec 04 2021
Cybersecurity Incident & vulnerability response playbooks
Cybersecurity Incident & Vulnerability Response Playbooks – Audiobook
![Cybersecurity Incident & Vulnerability Response Playbooks by [Cybersecurity and Infrastructure Security Agency]](https://m.media-amazon.com/images/I/51QvXBL8MYL._SX260_.jpg)
Dec 04 2021
How MFA Can Help Prevent Data Breaches
The Current Authentication Landscape
To authenticate a user means to verify that the user is genuine. Classically, the way to authenticate a user is to request their login credentials and ensure those credentials match the credentials stored in your directory service or authentication server. The full history and background of authentication is more complex, but that’s the gist of it.
The need to ensure users are who they claim to be is critical in the context of today’s hybrid IT infrastructures. Organizational data and apps often exist outside the traditional corporate network perimeter in public cloud services. Furthermore, employees, business partners and contractors are accessing IT resources from home or public locations.
Many security professionals say that identity is the new perimeter. This claim about identity extends to devices and applications, but securing machine identities is another topic altogether. If identity is the new perimeter, then making authentication as secure as possible is paramount to protect your critical assets, including sensitive data about customers and intellectual property.
Why Passwords Aren’t Enough
In an ideal world, passwords would be sufficient to authenticate users and ensure that they are genuine. Unfortunately, passwords are susceptible to theft, often through poor password hygiene. Whether it’s reusing multiple passwords across different applications or not creating secure enough passwords to begin with, password theft is rife.
To understand how easy it is to steal a password, consider a study that looked at over 15 billion passwords. The results of this study revealed that the top four most commonly used passwords were:
- 123456
- 123456789
- qwerty
- Password
These passwords are all incredibly easy to guess even for a beginner cybercriminal looking to access a corporate network. This is confirmed by the fact that 80% of hacking incidents stem from stolen credentials or passwords guessed using brute force tactics.
How MFA Can Help Prevent Data Breaches
Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers
![Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers by [National Institute of Standards and Technology]](https://m.media-amazon.com/images/I/410kkIFIBlL.jpg)
Dec 03 2021
Top 5 Cloud security challenges, risks and threats
Top 5 Cloud security challenges, risks and threats
Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely.
But as is often the case with technological solutions, the benefits of convenience comes with security risks. In this blog, we look at the top five Cloud security challenges that organisations face, and provide tips on how to overcome them.
1. Data breaches
A Gartner study found that 95% of Cloud breaches are the result of the result of misconfigurations.
2. Phishing scams
3. Insider threats
Insider Threats (Cornell Studies in Security Affairs)
4. Regulatory non-compliance
the risk of a data breach and create GDPR (General Data Protection Regulation) headaches.
5. Insecure UIs and APIs
Design secure network and API endpoint security for Microservices applications
Secure your Cloud services
You can find more tips like the ones in this blog by reading Securing Cloud Services: A pragmatic guide.
This book, written by security architect Lee Newcombe, explains everything you need to know about Cloud security. It covers the key concepts of Cloud computing and the its security architectures, and then looks at the security considerations you must acknowledge.
It’s ideal for anyone looking at implementing Cloud services, whether that’s infrastructure-, platform-, software- or function-as-a-service.
Dec 03 2021
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays
KAX17 ran relay servers in various positions within the Tor network, including entry and exit nodes, researchers at the Tor Project have removed hundreds of servers set up by the threat actor in October and November 2021.
In August 2020, the security researcher that goes online with the moniker Nusenu revealed that in May 2020 a threat actor managed to control roughly 23% of the entire Tor network’s exit nodes. Experts warned that this was the first time that a single actor controlled such a large number of Tor exit nodes. A Tor exit relay is the final relay that Tor traffic passes through before it reaches the intended destination. The Tor traffic exits through these relays, this means that the IP address of the exit relay is interpreted as the source of the traffic. Tor Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor user.
Controlling these relays it is possible to see which website the user connects to and, if an insecure connection is used, it is also possible to manipulate traffic. In May 2020, the threat actor managed to control over 380 Tor exit nodes, with a peak on May 22, when he controlled the 23.95% of Tor exit relay.
Nusenu told The Record that it has observed a recrudescence of the phenomenon associated to the same attacker.
“But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017.” reads the post published by The Record. “Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.”
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays
Dec 02 2021
How phishing kits are enabling a new legion of pro phishers
It’s no wonder then that so many use phishing as their default attack method. Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.
After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms. Facebook, Apple and Amazon were the most popular tech brands being spoofed in phishing URLs. On the financial side, Charles Schwab was by far the most popular target, and was the most used brand URL overall, accounting for 13.5 percent of all cases. Chase Bank – an American subsidiary of JP Morgan Chase & Co – RBC Royal Bank and Wells Fargo were also widely used in phishing URLs.
Our investigation found that Chase has received a growing level of attention from cyber criminals over the last year, so we took a deeper dive into the tactics being used to target the bank’s customers.
The shift to mobile
One of the most prominent trends apparent in our investigation was the growing focus on mobile devices as part of phishing attacks. SMS text messages, WhatsApp and other mobile messaging services are increasingly used to launch attacks.
Attackers are adopting these methods in response to stronger email security solutions. The average mobile device is less likely to be well secured against phishing compared to a desktop endpoint. Even if the mobile device has a business email application on it, channels such as SMS and WhatsApp will bypass any anti-phishing protection it might have.
Threat actors may also mix email and mobile messaging in a single attack, for example sending a phishing email which includes a QR code that must be scanned by a smartphone, thereby jumping the attack over to the mobile endpoint. We have seen an uptick in QR-based attacks as the relatively overlooked technology became more popular during the pandemic. These attacks are again effective at evading traditional email security tools, as the QR code itself is not a malicious asset and its link destination cannot be read by detection technologies optimized for text URLs and virus signatures.
Mobile-based phishing attacks are also harder to identify due to mobile devices’ smaller screen and simplified layout, compounding the lack of security solutions on mobile.
How phishing kits mean anyone can phish like a pro
Cyber Fraud: Tactics, Techniques and Procedures
Dec 02 2021
VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)
VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs).
VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs).
A collection is a live report that includes IoCs associated with a specific threat and it is available for VirusTotal registered users. The reports will also include up-to-date VirusTotal analysis metadata.
“A collection is a live report which contains a title, a group of IoCs (file hashes, URLs, domains and IP addresses) and an optional description. Collections are open to our VirusTotal Community (registered users) and they will be enhanced with VirusTotal analysis metadata providing the latest information we have for the IoCs, along with some aggregated tags.” reads the announcement published by Virus Total.
Registered VirusTotal users will be able to add or remove IoCs to/from the reports.
Security experts often use sharing platforms like Pastebin to share IoCs with the community, now they have a dedicated platform to do it, which is also integrated with the information from Virus Total. Users can create IoC collections in the VirusTotal home page, under the SEARCH tab.
Dec 01 2021
List of data breaches and cyber attacks in November 2021 – 223.6 million records breached
Luke Irwin 1st December 2021
In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.
With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.
Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.
In the meantime, you can find the full list of security incidents below, with those affecting UK organizations listed in bold.
Contents
- Cyber attacks
- Ransomware
- Data breaches
- Financial information
- Malicious insiders and miscellaneous incidents
- In other news…
Different techniques and tools used by cyberattackers to exploit a system are thoroughly discussed and analyzed in their respective chapters.
Use promo code XMASTOOLS to redeem your 10% discount on any toolkit, but hurry – this exclusive offer ends December 5.
Toolkits are sets of documents and tools that allow you to easily create and maintain up-to-date compliance documents. Each toolkit contains:
* Pre-written policies, procedures, and templates created by industry experts that will save you time and money
* Additional tools to ensure complete coverage of the relevant standard, framework, or regulation
* Work instructions and guidance
Nov 30 2021
Critical Printing Shellz flaws impact 150 HP multifunction printer models
Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked as Printing Shellz, that impact approximately 150 multifunction printer models.
The vulnerabilities can be exploited by attackers to take control of vulnerable devices and steal sensitive information, from enterprise networks. The issues date back to 2013 and HP fixed them ([1], [2]) in November. The company acknowledged F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev for reporting the vulnerabilities on April 29, 2021.
The two vulnerabilities are:
- CVE-2021-39237 (CVSS score: 7.1) – An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
- CVE-2021-39238 (CVSS score: 9.3) – A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.
“We found multiple exploitable bugs in a HP multi-function printer (MFP). The flaws are in the unit’s communications board and font parser.” reads the FAQs published by F-Secure researchers. “An attacker can exploit them to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely. A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization.“
Below are the attack scenarios detailed by the researchers:
- Printing from USB drives. This is what we used during the research. In the modern firmware versions, printing from USB is disabled by default.
- Social engineering a user into printing a malicious document. It may be possible to embed an exploit for the font-parsing vulnerabilities in a PDF. The opportunities for social engineering are endless: HR printing a CV before a job interview, a receptionist printing a boarding pass, etc.
- Printing by connecting directly to the physical LAN port.
- Printing from another device that is under attacker’s control and in the same network segment. This also implies that the respective flaw (CVE-2021-39238) is wormable, i.e., the exploit can be used to create a worm that replicates itself to other vulnerable MFPs across the network.
- Cross-site printing (XSP): sending the exploit to the printer directly from the browser (by tricking a user into visiting a malicious website, for example) using an HTTP POST to JetDirect port 9100/TCP. This is probably the most attractive attack vector.
- Direct attack via exposed UART ports that are mentioned in CVE-2021-39237, if attacker has physical access to the device for a short period of time.
Nov 29 2021
A guide to internet safety for kids
As a resource, the internet is a wonderful place for children to learn, explore ideas, and express themselves creatively. The internet is also key in a child’s social development, helping to strengthen communication skills, for example when playing games or chatting with friends.
However, parents should be aware that all these activities often come with risks. Kids online can be exposed to inappropriate content, cyberbullying, and even predators.
While keeping an eye on what your children see and do online helps protect them against these risks, it’s not easy monitoring your kids without feeling like you’re invading their privacy. Just asking what websites they visit may give the impression that you don’t trust your child.
The key to combatting any big risk is education. It’s important for you and your children to be aware of the dangers, how to protect against them, and how to identify the warning signs. This is why we’ve put together this guide, to help both you and your kids* understand how to navigate the internet safely.
*Look out for our “For Kids” tips below, which you can share with your kids and teens.
A 2020 study by the Pew Research Center found that:
- 86% of parents of a child under age 11 limit their child’s screen time, while 75% check what their child does online.
- 71% of parents of a child age 11 or under are concerned their child has too much screen time.
- 66% of parents think parenting is harder today than it was 20 years ago, with 21% blaming social media in general.
- 65% of parents believe it’s acceptable for a child to have their own tablet computer before age 12.
More on Online Threats to Kids…
Complete Gambling Addiction Guide – Help for Problem Gambling
Nov 29 2021
InfoSec books, toolkits, and training courses – 15% off
Save 15% off books, toolkits, self-paced training courses, and selected Live Online training courses. Use code BF15 at checkout to claim your discount. But hurry, offer ends tomorrow 30 November, midnight PDT*.
This Black Friday ITG is offering you 15% off ITGP books, ITGP toolkits, self-paced training courses, and selected Live Online training courses.
Discover all resources  |
| Bestselling books |
 The California Privacy Rights Act (CPRA) – An implementation and compliance guide This book gives you a comprehensive understanding of the CPRA, covering key terms, security requirements, the breach notification procedure, and the penalties for non-compliance.  ISO 27001 controls – A guide to implementing and auditing The must-have book to understand the requirements of an ISMS (information security management system) based on ISO 27001.  Certified ISO 27001 ISMS Foundation Self-Paced Online Training Course This course provides a complete introduction to the key elements required to achieve ISO 27001 compliance. |
« Previous Page — Next Page »
