Inlägg

Blocking cyber attacks; Why you should understand adversary playbooks

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).

It’s time to get off the treadmill: Why you should understand adversary playbooks

”Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.”

Read more..

 

Top 5 Security links

Security is Not a One-Person Job

Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Read more..

 

Top 5 Security links

 

BF-SIRT Newsletter 2018-01

Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995, was announced this week, and will probably haunt us for years to come.

Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. We might see more of this in near future botnets.

A researcher released details of a local privilege escalation attack against macOS that dates back to 2002, totally ignoring any responsible disclosure process.

Top 5 Security Links
Meltdown and Spectre – Bugs in modern computers leak passwords and sensitive data.
Mozilla Patches Critical Bug in Thunderbird
Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch…
MacOS LPE Exploit Gives Attackers Root Access
Code Used in Zero Day Huawei Router Attack Made Public

BF-SIRT Newsletter 2018-02

Microsoft released patches for Meltdown and Spectre, but it’s important to update ones antivirus before applying the patches.

Latest WebLogic exploit caused an increase in compromised hosts being used for mining Cryptocurrencies.

F-Secure finds a new Intel AMT Security Issue which gives hackers with physical access full control of laptops in 30 seconds.

Top 5 Security Links
Police give out infected USBs as prizes in cybersecurity quiz
Wi-Fi Alliance launches WPA3 protocol with new security features
Mining or Nothing!
Anti-Virus updates required ahead of Microsoft’s Meltdown, Spectre patches
New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

BF-SIRT Newsletter 2018-03

Researchers have uncovered a government-sponsored mobile hacking group operating since 2012.
OnePlus had its store compromised, leaving 40 000 credit cards compromised.
Hackers have started exploiting three Microsoft Office flaws to spread Zyklon malware.

Top 5 Security Links
OnePlus minus 40,000 credit cards: Smartmobe store hacked to siphon payment info to crooks
Transmission users beware: Flaw lets hackers control your computer
Skygofree Android malware is ”one of the most powerful ever seen”
Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware
Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

BF-SIRT Newsletter 2018-05

We need to prepare ourselves for that Meltdown/Specter-based Malware might be coming soon to devices near us, but are we ready? Lately researchers have discovered more than 130 malware samples trying to exploit these chip flaws.

 

Top 5 Security links
Secret military bases revealed by fitness app Strava
South Korea Warns of Flash Zero-Day flaw exploited by North Korea in surgical attacks
Cisco Patches Critical VPN Vulnerability
Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit
Keylogger Campaign Returns, Infecting 2,000 WordPress Sites

BF-SIRT Newsletter 2018-07

NCCGroup rebuilt NotPetya, replacing its destructive payload with telemetry and safeguards to see what the impact could have been. They found the following:

  • The customer ran it on one machine in their engineering network with no privileges.
  • It found three machines unpatched.
  • It exploited those three machines to obtain kernel level access.
  • It infected those three machines.
  • Within ten minutes it had gone through the entire engineering network using recovered/stolen credentials.
  • It then took the domain about two minutes later.
  • 107 hosts were owned in roughly 45 minutes before the client initiated the kill and remove switch.

Top 5 Security links
A rebuilt NotPetya gets its first execution outside of the lab
Cryptomining script poisons government websites – What to do
Hackers Exploit ’Telegram Messenger’ Zero-Day Flaw to Spread Malware
Winter Olympics network outages blamed on unexplained cyberhack
UK names Russia as source of NotPetya, USA follows suit

BF-SIRT Newsletter 2018-04

It has been announced that hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. This seem to be a good showcase of cyber warfare and capabilities.

Maersk chair detailed the reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications” after the NotPetya attack in 2017, providing good insights into a working disaster recovery process, completing 6 months work in 10 days and only suffering 20 percent drop in volumes.

Top 5 Security links
Dutch agencies provide crucial intel about Russia’s interference in US-elections
IT ’heroes’ saved Maersk from NotPetya with ten-day reinstallation bliz
The popular former NSA hacker Patrick Wardle published a detailed analysis of the CrossRAT malware used by Dark Caracal for surveillance.
Alphabet enters enterprise cybersecurity market, launches Chronicle
Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

BF-SIRT Newsletter 2018-06

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

 

Top 5 Security links

WordPress users do an update NOW and do it by hand
Apple iboot source code leaked
Covert data channel in TLS dodges network perimeter protection
Leaky amazon S3 bucket exposes personal data of 12000 social media influencers
Bitglass Report Microsoft SharePoint Google Drive and Majority of AV Engines Fail to Detect New Ransomware Variant

BF-SIRT Newsletter 2018-08

Apple fixes that “1 character to crash your Mac and iPhone” bug

Apple has pushed out an emergency update for all its operating systems and devices, including TVs, watches, tablets, phones and Macs.

The fix patches a widely-publicised vulnerability known officially as CVE-2018-4124, and unofficially as “one character to crash your iPhone”, or “the Telugu bug”.

  • Telugu is a widely-spoken Indian language with a writing style that is good news for humans, but surprisingly tricky for computers.
  • Computers can store and reproduce English words really easily, because there are only 26 symbols (if you ignore lower-case letters, the hyphen and that annoying little dingleberry thing called the apostrophe that our written language could so easily do without).
  • Many languages use a written form in which each character is made up of a combination of components that denote how to pronounce it, typically starting with a basic sound and indicating the various modifications that should be applied to it.
  • In English, each left-arrow or right-arrow simply moves you one character along in the current line, and one byte along in the current ASCII string, but what if there are four different sub-characters stored in memory to represent the next character that’s displayed?

For your iPhone, you ‘ll be updating to iOS 11.2.6; for your Mac, you need the macOS High Sierra 10.13.3 Supplemental Update.

Top 5 Security links
https://threatpost.com/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems/129952/
https://www.theregister.co.uk/2018/02/20/unpatched_jenkins_servers_mining_monero/
http://fortune.com/2018/02/20/tesla-hack-amazon-cloud-cryptocurrency-mining/
https://torrentfreak.com/flight-sim-company-embeds-malware-to-steal-pirates-passwords-180219/
https://threatpost.com/word-based-malware-attack-doesnt-use-macros/129969/