Jul 21 2021

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Category: Password Security,Windows SecurityDISC @ 1:24 pm
Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.

As if one Windows Nightmare dogging all our printers were not enough…

…here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry.

Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM.

The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files.

These hive files include a trio called SAMSECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren’t supposed to be able to access.

They’re kept in a special, and supposedly secure, folder under the Windows directory called C:\Windows\System32\config, as you see here:

C:\Windows\System32\config> dir
[. . .]
Directory of C:\Windows\System32\config
[. . .]
21/07/2021  12:57           524,288 BBI
25/06/2021  06:21            28,672 BCD-Template
21/07/2021  14:45        32,768,000 COMPONENTS
21/07/2021  12:57           786,432 DEFAULT
21/07/2021  12:32         4,194,304 DRIVERS
[. . .]
21/07/2021  12:57            65,536 SAM       <--some system secrets included
21/07/2021  12:57            32,768 SECURITY  <--some system secrets included
21/07/2021  12:57        87,556,096 SOFTWARE
21/07/2021  12:57        11,272,192 SYSTEM    <--some system secrets included
[. . .]

The moniker SeriousSAM comes from the filename SAM, which is short for Security Account Manager, a name that sounds as serious as the file’s content’s are.

Tags: HiveNightmare

Jul 21 2021

Defending Against Pervasive Spyware

Category: SpywareDISC @ 10:42 am
Defending Against Pervasive Spyware

The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press.

The spyware successfully infiltrated the mobile devices of more than 50,000 people, from Mexican president Andrés Manuel López Obrador to reporters from CNN to Claude Mangin, the French wife of a political activist jailed in Morocco.

Simply put: if spyware can infect and infiltrate the world’s elite on every corner of the planet, that means the threat to organizations and individuals must be taken seriously. Spyware impacts everyone.

Moreover, in today’s work-from-anywhere world, mobile devices are critical to any job, and the ability to access email, customer information and proprietary data while on the go is non-negotiable.

Mobile Devices are Mission-Critical

Because of the wealth of data that can be accessed from a mobile device, companies must treat these devices as mission-critical to business continuity.

This means having control and visibility into what is happening on a mobile device, so they can prevent spyware attacks from compromising critical data.

Shawn Smith, director of infrastructure at application security provider nVisium, pointed out that the transition to a remote work style has changed the attack vector for spyware slightly.

“For example, in the past, all the networking gear in an office would be tightly controlled, monitored and patched for security issues as needed,” he said. “However, in a world where employees can work from anywhere, their home networking equipment becomes a new security issue.”

Smith said with such a wide variety of equipment that can be used, often in an unmaintained and unsecured state, this makes the issue of spyware much harder to defend against.

“You have to double your efforts on the security and encryption of the devices you can control, such as the employee’s corporate computer, and rely less on the network monitoring approach that was used in the past,” he said.

Tags: Pervasive Spyware

Jul 20 2021

NSO Group Hacked

Category: Cyber Espionage,Cyber Spy,Cybercrime,Cyberweapons,Hacking,Malware,Smart PhoneDISC @ 1:36 pm
NSO Group Hacked

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverageMore coverage.

Worldwide probe finds tech by Israel's NSO Group targeted media, politicians | The Times of Israel

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.

This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.

 here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Spyware and Adware

Spyware and Adware

Tags: Amnesty International, mobile spyware, NSO Group Hacked, rouge anti-spyware, Spyware, Spyware and Adware

Jul 15 2021

China Taking Control of Zero-Day Exploits

Category: Zero dayDISC @ 11:39 am
China Taking Control of Zero-Day Exploits

Countdown to #ZeroDay: #Stuxnet and the Launch of the World’s First #DigitalWeapon

Tags: china, cybersecurity, cyberweapons, Digital Weapons, disclosure, Stuxnet, vulnerabilities, zero-day, Zero-Day Exploits

Jul 14 2021

Pentests are required for ISO 27001 or SOC2 audits

Category: ISO 27k,Pen TestDISC @ 3:32 pm

Pentests are required for ISO 27001 or SOC2 audits: download pdf

Why do organizations need to conduct a penetration test?

Tags: 27001 or SOC2 audits

Jul 14 2021

Data breaches and cyber attacks quarterly review: Q2 2021

Category: Cyber Attack,Data BreachDISC @ 11:18 am
Data breaches and cyber attacks quarterly review: Q2 2021

Tags: Data breaches and cyber attacks

Jul 14 2021

Threat actors scrape 600 million LinkedIn profiles and are selling the data online

Category: Data Breach,data securityDISC @ 10:35 am
Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again.

Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Threat actors scrape 600 million LinkedIn profiles and are selling the data online

Data Breaches: Crisis and Opportunity

Tags: LinkedIn data breach

Jul 14 2021

Rebuilding your security culture as employees return to the office

Category: Information SecurityDISC @ 9:20 am
Rebuilding your security culture as employees return to the office

Set the stage for success

Whether employees have been with the company for seven years or seven months, when they return to the office they should be treated as if it’s their first day at the company. All members of the team, no matter how veteran, should go through a refresher on security practices.

Your security team can do this by teaching or reminding staff how to properly manage and move data within its appropriate environment to minimize possible data exposure. This promotes healthy security practices and provides regular and customized training for the entire team.

If your company is moving to a hybrid workforce approach, ensure your employees are set up with the right knowledge and/or equipment they need for dual offices to minimize data loss. For instance, encourage use of company drives to access data from both locations rather than porting data via thumb drives.

Create a positive intent security culture for your office

Tags: Build a security culture, security culture

Jul 12 2021

APPSEC TESTING APPROACHES

Category: App Security,Pen TestDISC @ 1:59 pm

AppSec testing Approach CheatSheet pdf download

5 Things a Pen Tester Looks for When Evaluating an Application

PenTest as a Service

Pentest as a Service Platform

The Web Application Hacker’s Handbook

Tags: #PenTest, AppSec, DevSecOps, PentestasaService

Jul 11 2021

Three security lessons from a year of crisis

Category: CISO,cyber securityDISC @ 11:10 am
Three security lessons from a year of crisis

When Pindrop surveyed security and fraud professionals across vital sectors including banking and healthcare, we discovered hundreds of teams that had made heroic efforts to continue operating in the face of huge obstacles. We were also reminded of the many ways that fraud threatens businesses and individuals facing turmoil.

Spikes in call volume left contact center agents overextended while lockdown protocols forced reorganizations and remote work; well-intentioned and generally beneficial programs like PPP loans provided new avenues for fraud; and fraud attempts shifted to new venues, like banks’ prepaid card divisions.

More time on the line

Today, we live our lives—and conduct our business—online. Our data is in the cloud and in our pockets on our smartphones, shuttled over public Wi-Fi and company networks. To keep it safe, we rely on passwords and encryption and private servers, IT departments and best practices. But as you read this, there is a 70 percent chance that your data is compromised . . . you just don’t know it yet.

Cybersecurity attacks have increased exponentially, but because they’re stealthy and often invisible, many underplay, ignore, or simply don’t realize the danger. By the time they discover a breach, most individuals and businesses have been compromised for over three years. Instead of waiting until a problem surfaces, avoiding a data disaster means acting now to prevent one.

No matter who you are or where you work, cybersecurity should be a top priority. The information infrastructure we rely on in every sector of our lives—in healthcare and finance, for governments and private citizens—is both critical and vulnerable, and sooner or later, you or your company will be a target. This book is your guide to understanding the threat and putting together a proactive plan to minimize exposure and damage, and ensure the security of your business, your family, and your future.

Tags: cyber crisis, security lessons

Jul 09 2021

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Category: Hacking,Zero dayDISC @ 3:22 pm
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.  

The threat actor aims at buying malware with zero detection,

The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.

“The TA is willing to buy the following things with the deposited money.” states Cyble.

  • 1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products. 
  • 2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution. 
  • 3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million. 

The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.  

zero-day exploits

“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.

The Dark Web

Tags: cybercrime marketplace, dark web

Jul 08 2021

3 tips for balancing data security and usability

Category: data securityDISC @ 11:05 am
3 tips for balancing data security and usability

So, how do organizations find the right balance when it comes to data security? Here are three tips to help organizations navigate this challenge:

Security and Usability: Designing Secure Systems that People Can Use

Tags: data security and usability

Jul 07 2021

Vulnerability in the Kaspersky Password Manager

Category: Password SecurityDISC @ 11:13 am
Vulnerability in the Kaspersky Password Manager

Stupid programming mistake, or intentional backdoor?

Tags: Kaspersky Password Manager

Jul 06 2021

CISO implementation guide: 10 ways to ensure a cybersecurity partnership will work

Category: CISO,vCISODISC @ 2:04 pm
CISO implementation guide: 10 ways to ensure a cybersecurity partnership will work

Capitalizing on the urgency companies have to launch new digital businesses, cybersecurity vendors create partnerships to close product gaps quickly. An understanding of how the new alliances can deliver results must be part of every CISO’s purchasing decision process. But partnerships can be something of a slippery slope.

Today, CISOs face the conflicting problem of securing operations while supporting business growth. IT and cybersecurity teams are stretched thin attempting to scale endpoint security for virtual workforces, while securing their customer identities and transactions. CIOs and CISOs are turning to vendors they rely on for immediate help. In turn, cybersecurity vendors’ quick fix is to create as many partnerships as possible to close product gaps and close the upsell or new sale.

What’s driving market demand is the pressure CIOs and CISOs have to deliver results. Companies’ boards of directors are willing to double down on digital business plan investments and accelerate them. According to the 2021 Gartner Board of Directors’ survey, 60% of the boards rely on digital business initiatives to improve operations performance, and 50% want to see technology investments deliver improved cost optimization.

Company boards have a high level of enthusiasm for technology spending in general and cybersecurity especially. As a result, Gartner predicts the combined endpoint security and network access market will be a $111 billion opportunity. For such cybersecurity companies, partnerships are a quick path to lucrative deals and higher profits.

Partnerships alone will not solve the conflicting demands for IT resources to secure a business while driving new business growth. They are not a panacea for the biggest challenges facing IT today. Trusting the wrong partnerships can cost millions of dollars, lose months of productive time, and even cause a new digital venture to fail. Due diligence of nascent cybersecurity partnerships needs to go beyond comparing partners’ financial statements and into the specifics of how multiple technologies are performing in actual, live scenarios today. Ten ways stand out as means to guide decision making.

10 ways to truth-test cybersecurity partnerships

Previous CISO related articles

CISOs library

Tags: CISO implementation guide

Jul 06 2021

Reaction to Social Engineering Indicative of Cybersecurity Culture

Category: social engineeringDISC @ 9:23 am
Reaction to Social Engineering Indicative of Cybersecurity Culture

During COVID-19, threat actors used fear of the virus and hope of a vaccine to trick unwitting victims into downloading malware or giving up their credentials. It was a master class in social engineering, one that put an organization’s security posture at risk. Social engineering attacks like phishing take advantage of an employee’s awareness of basic cybersecurity best practices (or lack thereof), and the harder an employee falls for the scams, the greater the skepticism about the entire organization’s cybersecurity culture.

Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that “a strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally.” And Infosec developed a framework, and fielded a survey, to help organizations quantify their cybersecurity culture, track changes over time and systematically measure results.

The study polled 1,000 working individuals to examine the collective approach of an organization’s security awareness and behaviors toward cybersecurity. “The results show employee beliefs toward cybersecurity vary widely, which can have a major impact on an organization’s security posture,” said Jack Koziol, CEO and founder at Infosec, in a formal statement.

Quality of Culture Depends on Company Size and Industry

Tags: Cybersecurity Culture

Jul 04 2021

Attackers use ‘offensive AI’ to create deepfakes for phishing campaigns

Category: AIDISC @ 10:05 am
Attackers use ‘offensive AI’ to create deepfakes for phishing campaigns

Malware Analysis Using Artificial Intelligence and Deep Learning

Tags: deepfakes for phishing

Jul 02 2021

Why Data Protection Cloud Strategies Are Now Mission-Critical

Category: Cloud computing,data securityDISC @ 8:53 am
Why Data Protection Cloud Strategies Are Now Mission-Critical

The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data protection decision makers”, with 87% of saying it has made a positive impact on their data protection strategies.

However, many organisations are unclear about what levels of data protection are provided by public cloud infrastructure and SaaS solutions, increasing the risk of potential data loss and compliance breach. At the same time, on-premises backup and disaster recovery strategies are increasingly leveraging cloud infrastructure, resulting in hybrid data protection strategies that deliver inconsistent service levels.

Despite these challenges, there are a significant number of organizations that still don’t use a third-party data protection solution or service. This should be cause for concern considering that everything an organization stores in the cloud, from emails and files to chat history and sales data (among many other datasets) is its responsibility and is subject to the same recoverability challenges and requirements as traditional data. In fact, only 13% of survey respondents see themselves as solely responsible for protecting all their SaaS-resident application data.

Tags: Data Protection Cloud Strategies

Jul 01 2021

How to Stay Safe on Mobile Casino Apps

Category: Mobile SecurityDISC @ 9:41 am
How to Stay Safe on Mobile Casino Apps

By 2027, the global online casino market is predicted to be worth $127.3 billion, growing at a CAGR of 11.5%. The increase in market size is largely due to the growing popularity of not just smartphones and mobile gaming, but also of social platforms that are transforming online games.

Already, providers like Tapinator are developing more social casino experiences for mobile phone users. And in the next few years, Gala Casino predicts that mobile gaming is set to overtake desktop casino experiences. This is thanks to people being more on-the-go and the technology in the mobile space improving consistently.

But the question is, with the overwhelming gaming options available, how can you stay safe while playing online casino games?

Look for reputable online casinos

There are countless casino apps available on the Internet, but before you start downloading a random app, be sure to do your research. Check if the casino is licensed through gambling registers, which can easily be found online. Although licensing bodies vary from state to state, most of the time, brick-and-mortar casinos offer online counterparts, and these apps are also heavily regulated to ensure fairness and safety for players.

Here is a quick tip: Usually, when casino apps only ask for just a username and password, odds are they are not legitimately safe. Trusted online casinos will ask for a way to verify your identity, like a copy of your ID or a recent utility bill.

Table of Contents

Mobile Security in Ethical Hacking

Tags: Mobile Casino Apps

Jun 30 2021

NFC Flaws in POS Devices and ATMs

Category: pci dssDISC @ 1:25 pm
NFC Flaws in POS Devices and ATMs

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash though that “jackpotting” hack only works in combination with additional bugs he says he’s found in the ATMs’ software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.

What is an NFC Chip? - STMicroelectronics

Tags: NFC flaws, pci dss, POS devices

Jun 29 2021

4 Warning Signs of an Insecure App

Category: App SecurityDISC @ 10:05 am
4 Warning Signs of an Insecure App

The “golden age of digital transformation” is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they are—their mobile phones. For most, this means developing a mobile app.

Unfortunately, the byproduct of the scramble to build a mobile app is that essential features are often overlooked or omitted entirely. There are many things that can be missed when creating an app (like network tolerance and accessibility)–but confoundingly, the feature that’s most often forgotten is the most important: app security.

Data use and privacy are top-of-mind for users. It is vital that software developers don’t cut corners when it comes to securing a mobile app. A secure app should pass the coffee table test: Would I be comfortable going to the bathroom and leaving my phone on a public coffee table?

It’s no secret that app security is a hot topic, but what are the actual warning signs of an insecure app?

Tags: Application security, Insecure App

« Previous PageNext Page »