540 Million Facebook User Records Found On Unprotected Amazon Servers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

It’s been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

…the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Read more

 

Top 5 Security News

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

Windows 10 Insider Build 18362.30 Released to Fix Boot Breaking Bug

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Privacy Is Just the First Step, the Goal Is Data Ownership

Security Software & Tools Tips – June 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Attack Surface Analyzer
* Bandit
* Infection Monkey
* NetSpot
* Splunk

Attack Surface Analyzer

Information from the Attack Surface Analyzer website:

Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.

Website:

https://github.com/microsoft/AttackSurfaceAnalyzer

Bandit

Information from the Bandit website:

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Website:

https://github.com/PyCQA/bandit

Infection Monkey

Information from the Infection Monkey website:

The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.

Website:

https://www.guardicore.com/infectionmonkey/

NetSpot

Information from the NetSpot website:

Use NetSpot to visualize, manage, troubleshoot, audit, plan, and deploy your wireless networks.

Website:

https://www.netspotapp.com/

Splunk

Information from the Splunk website:

Splunk turns machine data into answers with the leading platform to tackle the toughest IT, IoT and security challenges. Use Splunk to search, monitor, analyze and visualize machine data.

Website:

https://www.splunk.com/

Image by Pete Linforth from Pixabay

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

image showing kernel panic text

SACK Panic kernel bug discovered by Netflix

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Engineers at Netflix discovered three new vulnerabilities in Linux and FreeBSD kernels specific to its TCP networking implementation.

The Vulnerabilities can be used by an adversary to perform a Denial Of Service (DOS) attack against Linux and FreeBSD machines, and Redhat classifies one of them as Important and the rest as moderate. CVE-2019-11477 is the most critical of the four, and has been dubbed SACK panic since the bug is located in the way Linux kernel Selective Acknowledgment (SACK) capabilities. This vulnerability can lead to a Linux host ending in a complete kernel panic, effectively stopping all services running on that host. This vulnerability affects all Linux kernel versions from 2.6.29 and up.
All major Linux vendors have released patches for the Vulnerabilities and we strongly urge people to apply the patches as soon as they can. There are also workaround for those systems where patching is not an option, but these can lead to loss in performance.
You can read a more detailed explanation here.

 

Top 5 Security News

Security Software & Tools Tips – April 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Ghidra
* Angry IP Scanner
* Maltego
* Detectify
* Autopsy

Ghidra

Information from the Ghidra website:

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

Website:

https://github.com/NationalSecurityAgency/ghidra

Angry IP Scanner

Information from the Angry IP Scanner website:

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

Website:

https://angryip.org/

Maltego

Information from the Maltego website:

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Website:

https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php

Detectify

Information from the Detectify website:

Detectify performs automated security tests on your web application and databases and scans your assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfiguration.

Website:

https://detectify.com

Autopsy

Information from the Autopsy website:

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Website:

https://www.sleuthkit.org/autopsy/

Photo by chris panas on Unsplash

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.

Have you ever noticed they all had at least one thing in common?

That’s OpenSSH.

Read more

Top 5 Security News

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

VLC media player gets biggest security update ever

Newly-Discovered Malware Targets Unpatched MacOS Flaw

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Tracing the Supply Chain Attack on Android

Microsoft confirms Outlook.com and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more

 

Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by rawpixel.com from Pexels

Security Software & Tools Tips – July 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* anevicon
* OpenVPN
* HoneyPy
* sqreen
* Dshell

anevicon

Information from the anevicon website:

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers.

Website:

https://github.com/Gymmasssorla/anevicon

OpenVPN

Information from the OpenVPN website:

OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.

Website:

https://openvpn.net

HoneyPy

Information from the HoneyPy website:

A low interaction honeypot with the capability to be more of a medium interaction honeypot.

Website:

https://github.com/foospidy/HoneyPy

sqreen

Information from the sqreen website:

Unified security monitoring and protection for modern cloud environments. Easily enable protections tailored to your stack, get unprecedented visibility into your security and scale it in production.

Website:

https://www.sqreen.com

Dshell

Information from the Dshell website:

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Website:

https://github.com/USArmyResearchLab/Dshell

Photo by Markus Spiske on Unsplash

The strengths and weaknesses of different VPN protocols

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

VPN history starts back in 1996, when a Microsoft employee started developing the Peer to Peer Tunneling Protocol (PPTP).  In 1999, the specification was published.

Since then, VPN protocol technology has evolved and, at the moment, there are five widely used VPN protocols.

A breakdown of these five VPN protocols complete with their pros and cons is key to understanding VPN protocols in depth.

Read more

Top 5 Security News

‘Highly Critical’ Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

DNS over HTTPS is coming whether ISPs and governments like it or not

‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy

Source Code for CARBANAK Banking Malware Found On VirusTotal

Britain ‘Approves’ Huawei role in building ‘non-core’ parts for 5G Network

Image by Stefan Coders from Pixabay

 

Don’t let encrypted messaging become a hollow promise

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Why do we care about encryption? Why was it a big deal, at least in theory, when Mark Zuckerberg announced earlier this year that Facebook would move to end-to-end encryption on all three of its messaging platforms? We don’t just support encryption for its own sake. We fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Read more

Top 5 Security News

Your Android Phone Can Get Hacked Just By Playing This Video

Apple bleee. Everyone knows What Happens on Your iPhone

EvilGnome – Linux malware aimed at your laptop, not your servers

Citrix Confirms Password-Spraying Heist of Reams of Internal IP

New IPS Architecture Uses Network Flow Data for Analysis