RSS Feed

Netsec, comsec, infosec and IA news, research and trends





Germany demands an end to working cryptography

Microsoft Patches ‘Wormable’ RDP Flaw in Windows XP, 7 and Windows 2003


The U.S. Government Can’t Force You To Unlock Your Phone With Your Fingerprint, Another Judge Rules from Red


SAS 2019: Triton ICS Malware Hits A Second Victim

SAS 2019: Meet ‘TajMahal,’ A New and Highly Advanced APT Framework




SSH client PuTTY contained serious key exchange flaw




WinRAR Flaw Being Actively Used To Load Malware In Windows PCs from Randall


New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info from Randall

Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection from Randall


This malware can steal passwords, credit card info in Chrome, Safari from Randall


Europol Now Going After People Who Bought DDoS-for-Hire Services

Feds Dismantle xDedic Dark Web Credentials Market


Hackers are going after Cisco RV320/RV325 routers using a new exploit from Randall


Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report from Randall

Windows Torrent File Malware Can Swap Out Crypto Addresses, Researcher Warns from Randall


‘The Age of Surveillance Capitalism’ Review: The New Big Brother

US judge rules that feds can't force fingerprint or face phone unlocks from Red


Towards Improving CVSS


Widely Used JavaScript Library Had a Backdoor to Steal Bitcoin from Zach


The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Supply chain issues are coming home to roost.


One Small Step for the Web... from Zachary


APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild from Kendall


Palo Alto Networks' Fuel User Group has a free online test lab from which one can sign up for free 4 hour time slots to go in and play with their equipment.


The Untold Story of NotPetya, the Most Devastating Cyberattack in History from Red


"Web of Profit" report detailing the cybercrime landscape


Nist List - Search for forensic tools by functionality


VPNfilter malware is sowing chaos


Similar to the GeeWhiz's post regarding quad 1 below, a different service by the name of "Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against IBM X-Force threat intelligence that includes 800+ terabytes of threat intelligence data including 40B+ analyzed web pages and images and 17 million spam and phishing attacks monitored daily"


Internet Exposure, Flaws Put Industrial Safety Controllers at Risk of Attacks


Cloudflare is hosting DNS over TLS and HTTPS at and

2018 Verizon Data Breach Investigations Report

This is an interesting article that relates to HIPAA and the safeguarding of PHI. I actually worked on solving this problem with my current employer a couple years ago and something missing from this article is, why is this happening?

It could be explained as a complex relationship web of conflicting goals between the business units (hospital departments), the network management folks and network security, while this is all true in most cases it is much simpler. The hospitals are (almost) required to network certain devices and medical devices have strict certification requirements (translation: is it expensive, for a device manufacturer, to get a device through certification, therefore, they don't want to change the device). In most devices, any change no matter how minuscule (like a security patch) requires a complete recertification of the device.

There is still no excuse to have any external exposure of medical IOT devices. This is really a network security gap and considering the continually increasing risk factors that unpatched systems are posing, the network teams must work harder to ensure the protection of patient PHI.


Stealing Credit Cards from FUZE via Bluetooth from Lee

3.22.2018 Bullguard has a free online scanner that will scan your network edge to see if your IOT toaster is reachable from the outside. If so, you can bet has already grabbed its banner. Speaking of which, if anyone has a pcap file for an IOT toaster, I would love to get my hands on it! Thanks. "Security Planner is an easy-to-use guide with expert-reviewed advice for staying safer online. It provides recommendations on implementing basic online practices, like enabling two-factor authentication on important accounts, making sure software stays updated, and using encrypted chats to protect private communications. More advanced users can receive advice on where to go for more help." This site interactively guides the user through a few questions related to the technologies used, the user's security concerns, and the user's desire for more specific information related to security. It then provides a list of general recommendations along with more detailed information should the user want to dig further. Its very "approachable" and provides good top level recommendations for users who may not be very technically savvy. AnyRun is an online malware sandbox where you can open files, urls, code, etc and run these inside of a virtual machine to see what happens. They have a limited free version which gives you a full two minutes to play in a somewhat limited but useful VM. It's come in handy a few times for me when I wanted to explode something safely off of my network.

This page is powered by Blogger.

Site Meter Locations of visitors to this page