Oct 15 2021

Three more ransomware attacks hit Water and Wastewater systems in 2021

Category: RansomwareDISC @ 9:17 am
Three more ransomware attacks hit Water and Wastewater systems in 2021

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year.

A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.

This is the first time that these attacks are publicly disclosed, they took place in March, July, and August respectively. The three facilities hit by ransomware operators are located in the states of Nevada, Maine, and California. In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment.

The advisory reports common tactics, techniques, and procedures (TTPs) used by threat actors to compromise IT and OT networks of WWS facilities, they include:

  • Spearphishing campaign aimed at the personnel to deliver malicious payloads such as ransomware and RAT;
  • Exploitation of services and applications exposed online that enable remote access to WWS networks (i.e. RDP accesses);
  • Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions.

The three new incidents included in the advisory

What’s the Difference Between OT, ICS, SCADA and DCS?

Tags: ICS, OT, SCADA, wastewater system

Oct 14 2021

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

Category: Cyber War,Digital cold warDISC @ 9:43 am
Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

The former chief software officer for the U.S. Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. In a no-holds-barred interview, he unloads his frustrations, built up over three years of inept bungling at the Pentagon.

He quit his job last month, in disgust. â€œWe are setting up critical infrastructure to fail,” Chaillan warned. And now Defense Department officials will be bracing themselves for more criticism as he vows to testify to Congress.

Lauren Knausenberger now holds the poisoned chalice. In today’s SB Blogwatch, we plan to fail.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fruit salad word salad.

Beijing Back Better

What’s the craic? Katrina Manson reports—“Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’”:

Kindergarten level”
In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told [me] the failure of the US to respond to Chinese cyber and other threats was putting his children’s future at risk. “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it is already over in my opinion,” he said.


Chaillan, 37, who spent three years on a Pentagon-wide effort to boost cyber security and as first chief software officer for the US Air Force, said Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities. He argued these emerging technologies were far more critical to America’s future than hardware such as big-budget fifth-generation fighter jets such as the F-35.


Senior defence officials have acknowledged they “must do better” to attract, train and retain young cyber talent. 
 Chaillan announced his resignation in a blistering letter at the start of September, saying military officials were repeatedly put in charge of cyber initiatives for which they lacked experience, decrying Pentagon “laggards” and absence of funding.


Chaillan said he plans to testify to Congress about the Chinese cyber threat to US supremacy, including in classified briefings, over the coming weeks. 
 He added US cyber defences in some government departments were at “kindergarten level.”

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

The New Art of War: China’s Deep Strategy Inside the United States 

Tags: China is Winning, cyberwarfare, New Art of War

Oct 13 2021

How Coinbase Phishers Steal One-Time Passwords

Category: Information Security,PhishingDISC @ 2:40 pm

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com â€” was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

More details on: How Coinbase Phishers Steal One-Time Passwords

Tags: Phishers Steal One-Time Passwords

Oct 13 2021

Cybersecurity awareness month: Fight the phish!

Category: Information Security,PhishingDISC @ 8:44 am
Cybersecurity awareness month: Fight the phish!

It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight the Phish!

Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it’s what computer scientists or mathematical analysts call a solved game.

Tic-tac-toe (noughts and crosses outside North America), for example, is a solved game, because it’s easy to create a list of every possible play, and figure out the best possible move from every game position on the list. (If neither player makes a mistake then the game will always be a draw.)

Even games that are enormously more complex have been “solved” in this way too, such as checkers (draughts)



and in comparison to playing checkers, spotting phishing scams feels like an easy contest that the recipient of the message should always win.

And if phishing is a “solved game”, surely it’s not worth worrying about any more?

How hard can it be?

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Don’t Get Caught

Tags: Cybersecurity Awareness Month 2021, Fight the phish, phishing, phishing countermeasures, Phishing Dark Waters

Oct 12 2021

GitKraken flaw lead to the generation of weak SSH keys

Category: Security vulnerabilitiesDISC @ 7:40 am
GitKraken flaw lead to the generation of weak SSH keys

The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with the release of version 8.0.1.

The issue resides in the open-source library used by the Git GUI client to generate SSH keys, all the keys generated using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken are potentially affected.

The latest version of the Git GUI client (version 8.0.1) uses a new SSH key generation library.

“This issue only affects GitKraken users who generated SSH keys through the GitKraken interface using versions 7.6.x, 7.7.x,  8.0.0. If you are not sure what version you used to generate your SSH key, we encourage you to renew your key through the following process.” reads the advisory.

“Affected users need to:

  1. Remove all old generated SSH keys stored locally. 

  2. Generate new SSH keys using GitKraken 8.0.1, or later, for each of your Git service providers.“

The development team already notified the Git hosting service providers GitHub, Bitbucket, GitLab, and Azure DevOps, they also revoked the weak public keys used.

The development team is not aware of any accounts being compromised due to this weakness.

Tags: SSH Mastery, weak SSH, weak SSH keys

Oct 11 2021

An Adoption Guide for FAIR

Category: Risk Assessment,Security Risk AssessmentDISC @ 12:09 pm

Jack draws on years of experience introducing quantified risk analysis to organizations like yours, to write An Adoption Guide For FAIR. In this free eBook, he’ll show you how to:

Lay the foundation for a change in thinking about risk

Plan an adoption program that suits your organization’s style.

Identify stakeholders and key allies for socialization of FAIR

Select and achieve an initial objective, then integrate business-aligned, risk-based practices across your organization.

Tags: A FAIR Approach, Cost-Benefit Analysis, Factor Analysis, FAIR in a Nutshell, Pure Risk Reduction, Quantitative Tactical Analyses, What is FAIR?

Oct 08 2021

Apache patch proves patchy – now you need to patch the patch

Category: Security vulnerabilitiesDISC @ 9:21 am
Apache patch proves patchy – now you need to patch the patch

Software patches are sometimes a bit like buses.

You don’t get one for a while, and then three come at once.

For buses on busy urban routes, at least, the explanation of the phenomenon goes something like this.

If three buses start out travelling the same route together in a nicely spaced sequence, then the first one is most likely to be the slowest, because it will be stopping to scoop up most of the waiting passengers, while the ones behind will tend to travel faster because they need to stop less often or for shorter periods.

So buses naturally tend to scrunch up and arrive in bursts.

Burst-mode software patches

When it comes to software patches, however, the problem often works the other way around.

If the first patch arrives too quickly, then it may not have been reviewed or tested quite as much as you might like.

So it’s not so much that the next patch in the queue catches up because the first one is too slow, but that the next one has to be completed in a rush to keep up



and, if you aren’t careful, then that second patch might itself beget a third patch, needed to patch the patch that patched the first patch.

Three Apache buses

And thus with Apache: just two days ago, we reported a path validation bug dubbed CVE-2021-41773 that was introduced in Apache 2.4.49:

Apache web server zero-day bug is easy to exploit – patch now!

We advised you to update to 2.4.50, which would indeed have protected you against at least some of the known exploits already circulating on Twitter.

Tags: Apache patch

Oct 07 2021

PoC exploit for 2 flaws in Dahua cameras leaked online

Category: Information Security,Security vulnerabilitiesDISC @ 3:58 pm
PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates.

Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. 

A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras.

“The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.” reads the advisory published by the vendor in early September.

dahua

The flaw received a CVSS v3 score of 8.1, the vendor recommended its customers to install security updates.

The list of affected models is very long, it includes IPC-X3XXX,HX5XXX, HUM7XX, VTO75X95X, VTO65XXX, VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, TPC-PT8X21B, NVR1XXX, NVR2XXX, NVR4XXX, NVR5XXX, NVR6XX.

It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version.

Tags: Dahua cameras leaked online

Oct 07 2021

Divide Between Security, Developers Deepens

Category: App SecurityDISC @ 9:16 am
Divide Between Security, Developers Deepens

Security professionals work hard to plan secure IT environments for organizations, but the developers who are tasked with implementing and carrying these plans and procedures are often left out of security planning processes, creating a fractured relationship between development and security.

This was the conclusion from a VMware and Forrester study of 1,475 IT and security managers, including CIOs and CISOs and managers with responsibility for security strategy and decision-making.

The report found security is still perceived as a barrier in organizations, with 52% of developer respondents saying they believed that security policies are stifling their ability to drive innovation.

Only one in five (22%) developers surveyed said they strongly agree that they understand which security policies they are expected to comply with and more than a quarter (27%) of the developers surveyed are not involved at all in security policy decisions, despite many of these decisions greatly impacting their roles.

The research indicated that security needs a perception shift and should be more deeply embedded across people, processes and technologies.

This means involving developers in security planning earlier and more often; learning to speak the language of the development team rather than asking development to speak security, sharing KPIs and increasing communication to improve relationships and automating security to improve scalability, the report recommended.

Set a Clear Scope for Security Requirements

“Regardless of whether if it’s customer-facing functionality or a business logic concern, every line of code developed should prioritize security as a design feature,” he said. “Once security is taken as seriously as other drivers for DevOps adoption, then a fully holistic integration can be achieved.”

#DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback and continuous improvement

Tags: DevSecOps, Software developer

Oct 06 2021

Arizona governor announces the launch of Command Center to protect state computer systems

Category: cyber securityDISC @ 9:52 am
Arizona governor announces the launch of Command Center to protect state computer systems

The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers.

The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state.

The move is the response of the Arizona administration to hundreds of thousands of cyberattacks that hit the state.

At a ceremony Monday at the Department of Public Safety’s Arizona Counter Terrorism Information Center in Phoenix, Ducey explained that Cyber Command Center has been established to protect the IT infrastructure of the state.

“The Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the state’s computers against attacks and by extension, help protect the over 7 million residents of the Grand Canyon State.” reads a post published by AZCentral.

“When we protect your data, we protect you at home as well,” Arizona Department of Homeland Security Director Tim Roemer said in an interview. “We help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.”

In the case of a severe cyber attack, experts at the center will coordinate the incident response activities.

Tags: Command Center to protect state computer systems

Oct 05 2021

Cheating on Tests

Category: Cyber surveillance,Cyber Threats,Physical Security,Smart PhoneDISC @ 12:09 pm
Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.

What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky.

How to Prevent Cheating on Workplace Exams - HR Daily Advisor

Cheating on Tests: How To Do It, Detect It, and Prevent It

Tags: Bluetooth, cheating, Cheating on Tests, India, schools

Oct 04 2021

Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online

Category: Social networkDISC @ 11:32 am
Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online

Users worldwide are not able to access Facebook, Instagram, and WhatsApp services due to a BGP problems. Users attempting to visit the above services are displaying “DNS_PROBE_FINISHED_NXDOMAIN.”

The mobile applications of the social network giant and its Tor hidden services are also not working.

At the time of this writing, it is unclear if the outage is the result of a technical issue or it is the result of a cyber attack against the infrastructure of the social network giant.

Facebook down

Source outage.report

https://twitter.com/WehbeEmilio/status/1445126331675652099?s=20

FB Apps down report from NYT: Facebook and some of its apps go down simultaneously.

WhatsApp, Instagram, Facebook Down Globally, Report Users

Facebook is at it again…

In 2018, Facebook was caught selling our personal data to Cambridge Analytica, a data analysis firm.

It’s hard to say who is more evil and manipulative, Facebook or Cambridge Analytica.

If you’re not familiar with the scandal, Facebook collects massive amounts of data about us every day.

Cambridge Analytica used our personal data against ourselves (Facebook clearly does too).

When you’re on Facebook, you see content in your newsfeed.

That content is not there by accident or coincidence.

The Facebook ALGORITHM puts content in your newsfeed that triggers your emotions.

Facebook algorithm supports hateful and polarizing contents

Whistleblower: ☝️ Facebook will lose money if they fix algorithm. And they know it


The more polarizing the content, the more you will read.

The longer you stay on Facebook, the more ads you see and the more money Facebook makes…

Facebook and the Power of Big Data and Greedy Algorithms

Facebook AI Algorithm

Tags: #FacebookDown, #FacebookIsDown, Facebook AI algorithm, Facebook algorithm, Facebook down, facebookdownglobally, instagram, whatsapp

Oct 04 2021

Cybersecurity Awareness Month: #BeCyberSmart

Category: Information SecurityDISC @ 9:15 am
Cybersecurity Awareness Month: #BeCyberSmart

As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect.

Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness.

5 tips for you and your family on Safer Internet Day

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Cybersecurity Awareness Month 2021 Kick-off Week

Cybersecurity Awareness Month 2021 has officially begun! join CISA in spreading cybersecurity awareness and encourage everyone to own their role in protecting Internet-connected devices. “Do Your Part. #BeCyberSmart.”

Visit www.cisa.gov/cybersecurity-awareness-month for more information.

#BeCyberSmart #CyberMonth

Week 1

The focus of Cybersecurity Awareness Month’s first week is “Do Your Part. #BeCyberSmart.”

Cybersecurity starts with YOU and is everyone’s responsibility. There are currently an estimated 5.2 billion Internet users—over 65% of the world’s population![1] This number will only grow, making the need to #BeCyberSmart more important than ever.

Join us and get involved by visiting www.cisa.gov/cybersecurity-awareness-month for more information.

#BeCyberSmart #CyberMonth

Week 2

Cybersecurity Awareness Month’s second week focuses on steps individuals and organizations can take to reduce their risks to phishing and ransomware.

This year has seen an increase in phishing incidents that often lead to ransomware attacks. These attacks disrupt the way we work, learn, and socialize. With our homes, schools, and business more connected than ever, it’s vital to #BeCyberSmart.

Learn how to #FightThePhish and report suspicious emails by visiting www.cisa.gov/cybersecurity-awareness-month for more information.

 #BeCyberSmart #CyberMonth

Week 3

Cybersecurity Awareness Month’s third week is Cybersecurity Career Awareness Week. This week, learn the vital role cybersecurity professionals play in global society and security. Also, learn how you can explore #Cybersecurity as your next career.

For professional development and educational resources visit www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Week 4

The final week of Cybersecurity Awareness Month looks at how #Cybersecurity is a year-round effort and should be one of individuals and organizations first considerations when they create or buy new devices and connected services.

For ways on how organizations and individuals can incorporate cybersecurity best practices into their decision making processes, visit www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Tags: BeCyberSmart, Cybersecurity Awareness Month, Cybersecurity Awareness Month 2021, Cybersecurity Awareness Month 2021 Toolkit

Oct 03 2021

The Biden administration will work with 30 countries to curb global cybercrime

Category: Cyber crimeDISC @ 1:39 pm
The Biden administration will work with 30 countries to curb global cybercrime

U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide.

“This month, the United States will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” announced President Biden.

The Biden Administration announced that it will work with representatives of 30 countries to accelerate the cooperation among states and international law enforcement agencies in fighting cyber criminal activities. Biden also announced a special effort in building a coalition of nations to advocate for and invest in trusted 5G technology and to secure its supply chains.

The coalition also aims at managing both the risks and opportunities associated with the adoption of emerging technologies like quantum computing and artificial intelligence.

The wave of ransomware attacks that hit US organizations in the first half of 2021 and that were carried out by Russian gangs like REvil and Darkside worried US authorities and was discussed by Presidents Biden and Putin during a phone call in July.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Tags: Biden administration, Cybersecurity and Infrastructure Security Agency, Cybersecurity Awareness Month 2021 Toolkit, Cybersecurity for Our Nation

Oct 02 2021

Baby died at Alabama Springhill Medical Center due to cyber attack

Category: Cyber Attack,hipaaDISC @ 3:18 pm
Baby died at Alabama Springhill Medical Center due to cyber attack

A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack.

An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.

According to Kidd, the Alabama hospital did not disclose that it was hit by a severe cyberattack that interfered with the care for her baby, Nicko Silar.

“Nicko suffered a severe brain injury when medical staff failed to notice the umbilical cord was wrapped around her neck because of a “lack of access to critical services and information caused by the cyberattack,” the suit said. She died nine months after the cord cut off her blood and oxygen supply.” reported The New York Post.

1200px-Springhill_Medical_Center_2018

The hospital released a public statement about the security breach the day before the infant was born announcing it “has continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect.”

The 2022 Report on Healthcare Cyber Security: World Market Segmentation by City

Tags: cyber attack

Oct 01 2021

Gift card fraud: four suspects hit with money laundering charges

Category: CybercrimeDISC @ 11:44 am
Gift card fraud: four suspects hit with money laundering charges

You might be forgiven for thinking that cybercrime is almost all about ransomware and cryptocoins these days.

In a ransomware attack, the crooks typically blackmail you to send them cryptocurrency in return for giving you your stolen data back (or for not selling it on to someone else).

In a cryptocoin attack, the crooks typically take your cryptocurrency for themselves, perhaps by exploiting a bug in the trading software you use, or by stealing your private keys so they have direct access to your cryptocurrency wallet.

This sort of criminality sometimes involves amounts reaching tens of millions of dollars, or even hundreds of millions of dollars, in a single attack.

But gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime.

Indeed, the US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fraudulently obtained cards to spend on themselves.

This sort of crime might not reach the stratospheric financial territory of ransomware criminals, or the truly cosmic amounts seen in cryptocurrency attacks



but if we reasonably assume an average of $200 a gift card (we know that in many scams, crooks come away with more than that on each card), we’re still looking at $1,000,000 of ill-gotten gains in this court case alone.

Don’t Panic! I’m A Professional Fraud Analyst – 2022 Diary: Customized Work Planner Gift For A Busy Fraud Analyst.

Tags: Gift card fraud, money laundering

Oct 01 2021

CISA releases Insider Risk Mitigation Self-Assessment Tool

Category: Risk Assessment,Security Risk AssessmentDISC @ 9:39 am
CISA releases Insider Risk Mitigation Self-Assessment Tool

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats.

Insider threats pose a severe risk to organizations, the attacks are carried out by current or former employees, contractors, or others with inside knowledge, for this reason they are not easy to detect.

An attack from insiders could compromise sensitive information, cause economic losses, damages the reputation of the organization, theft of intellectual property, reduction of market share, and even physical harm to people. 

The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats.

“The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.  By answering a series of questions, users receive feedback they can use to gauge their risk posture.  The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.” reads the announcement published by CISA.

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021

Held every October, Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) co-lead Cybersecurity Awareness Month.

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Tags: CISA, Cybersecurity Awareness Month 2021, Risk Mitigation Self-Assessment Tool

Oct 01 2021

New APT ChamelGang Targets Russian Energy, Aviation Orgs

Category: APT,Information SecurityDISC @ 9:23 am

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks.

Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday.

To avoid detection, ChamelGang hides its malware and network infrastructure under legitimate services of established companies like Microsoft, TrendMicro, McAfee, IBM and Google in a couple of unique ways, researchers observed.

more detail analysis on: New APT ChamelGang Targets Russian Energy, Aviation Orgs

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: APT ChamelGang, ATT&CKℱ Framework, open source tools, Threat Hunting

Sep 30 2021

Supply Chain Emerging as Cloud Security Threat

Category: Cloud computing,Cyber ThreatsDISC @ 9:20 am
Supply Chain Emerging as Cloud Security Threat

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes.

These were the results of a report from Palo Alto Networks’ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider.

Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.

If an attacker (like an APT) compromises third-party developers, it’s possible to infiltrate thousands of organizations’ cloud infrastructures, the report warned.

Supply Chain Flaws in the Cloud

Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.

“Our researchers estimated that the typical cloud-native application is built upon hundreds of these packages,” he said. “Let’s call them ‘Legos.’ Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.”

The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to “shift security left.”

“Shifting security left is about moving security as close to development as possible,” said Chiodi. “Historically, security and development teams have operated independently of each other.” He added that development teams like to move quickly and try new things and security is more often the opposite.

“The concept of ‘shift left’ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,” Chiodi said. “If security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.”

He pointed out the first wave of migrations to the cloud was marked by “lift and shift,” meaning that organizations simply took existing applications as-is and moved them to the cloud.

“When they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,” he said.

Being Truly Cloud-Native

supply chain data secure

Tags: cloud security, cloud security threat, supply chain

Sep 30 2021

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Category: Information Security,Mobile SecurityDISC @ 9:08 am

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed.

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning.

The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.’s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in “Express Transit” mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices.

“An attacker only needs a stolen, powered-on iPhone,” according to a writeup (PDF) published this week. “The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant.”

In a proof-of-concept video, the researchers showed a ÂŁ1,000 payment being sent from a locked iPhone to a standard, non-transit Europay, Mastercard and Visa (EMV) credit-card reader.

Exploiting Apple Pay Express Transit Mode

The attack is an active man-in-the-middle replay and relay attack, according to the paper. It requires an iPhone to have a Visa card (credit or debit) set up as a transit card in Apple Pay.

The attackers would need to set up a terminal that emulates a legitimate ticket barrier for transit. This can be done using a cheap, commercially available piece of radio equipment, researchers said. This tricks the iPhone into believing it’s connecting to a legitimate Express Transit option, and so, therefore, it doesn’t need to be unlocked.

“If a non-standard sequence of bytes (Magic Bytes) precedes the standard ISO 14443-A WakeUp command, Apple Pay will consider this [to be] a transaction with a transport EMV reader,” the team explained.

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Tags: apple pay, unlocked iphones, visa hacked

« Previous PageNext Page »