NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

6.13.2019

 

https://arstechnica.com/information-technology/2019/06/if-you-havent-patched-vim-or-neovim-text-editors-you-really-really-should/



6.01.2019

 
https://www.hackread.com/hackers-steal-source-code-of-top-anti-virus-firms/

 
https://www.zdnet.com/google-amp/article/new-hiddenwasp-malware-found-targeting-linux-systems/



5.29.2019

 
Germany demands an end to working cryptography

 
Microsoft Patches ‘Wormable’ RDP Flaw in Windows XP, 7 and Windows 2003



5.11.2019

 
The U.S. Government Can’t Force You To Unlock Your Phone With Your Fingerprint, Another Judge Rules from Red



4.10.2019

 
SAS 2019: Triton ICS Malware Hits A Second Victim

 
SAS 2019: Meet ‘TajMahal,’ A New and Highly Advanced APT Framework



3.25.2019

 
https://boingboing.net/2019/03/25/asus-unwittingly-pushed-malwar.html



3.20.2019

 

 
SSH client PuTTY contained serious key exchange flaw



3.12.2019

 
https://www.bleepingcomputer.com/news/security/malware-spreads-as-a-worm-uses-cryptojacking-module-to-mine-for-monero/



3.03.2019

 
https://www.zdnet.com/article/hackers-have-started-attacks-on-cisco-rv110-rv130-and-rv215-routers/



2.27.2019

 
WinRAR Flaw Being Actively Used To Load Malware In Windows PCs from Randall



2.17.2019

 
New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info from Randall

 
Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection from Randall



2.04.2019

 
This malware can steal passwords, credit card info in Chrome, Safari from Randall



1.29.2019

 
Europol Now Going After People Who Bought DDoS-for-Hire Services

 
Feds Dismantle xDedic Dark Web Credentials Market



1.28.2019

 
Hackers are going after Cisco RV320/RV325 routers using a new exploit from Randall



1.20.2019

 
Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report from Randall

 
Windows Torrent File Malware Can Swap Out Crypto Addresses, Researcher Warns from Randall



1.15.2019

 
‘The Age of Surveillance Capitalism’ Review: The New Big Brother

 
US judge rules that feds can't force fingerprint or face phone unlocks from Red



1.09.2019

 
Towards Improving CVSS



11.28.2018

 
Widely Used JavaScript Library Had a Backdoor to Steal Bitcoin from Zach



10.05.2018

 
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Supply chain issues are coming home to roost.



10.02.2018

 
One Small Step for the Web... from Zachary



9.28.2018

 
APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild from Kendall



9.25.2018

 
Palo Alto Networks' Fuel User Group has a free online test lab from which one can sign up for free 4 hour time slots to go in and play with their equipment.



8.28.2018

 
The Untold Story of NotPetya, the Most Devastating Cyberattack in History from Red



6.02.2018

 
"Web of Profit" report detailing the cybercrime landscape



5.24.2018

 
Nist List - Search for forensic tools by functionality



5.23.2018

 
VPNfilter malware is sowing chaos



5.08.2018

 
Similar to the GeeWhiz's post regarding quad 1 below, a different service by the name of "Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against IBM X-Force threat intelligence that includes 800+ terabytes of threat intelligence data including 40B+ analyzed web pages and images and 17 million spam and phishing attacks monitored daily"



4.28.2018

 
Internet Exposure, Flaws Put Industrial Safety Controllers at Risk of Attacks



4.11.2018

 
Cloudflare is hosting DNS over TLS and HTTPS at 1.1.1.1 and 1.0.0.1

 
2018 Verizon Data Breach Investigations Report

 
This is an interesting article that relates to HIPAA and the safeguarding of PHI. I actually worked on solving this problem with my current employer a couple years ago and something missing from this article is, why is this happening?

It could be explained as a complex relationship web of conflicting goals between the business units (hospital departments), the network management folks and network security, while this is all true in most cases it is much simpler. The hospitals are (almost) required to network certain devices and medical devices have strict certification requirements (translation: is it expensive, for a device manufacturer, to get a device through certification, therefore, they don't want to change the device). In most devices, any change no matter how minuscule (like a security patch) requires a complete recertification of the device.

There is still no excuse to have any external exposure of medical IOT devices. This is really a network security gap and considering the continually increasing risk factors that unpatched systems are posing, the network teams must work harder to ensure the protection of patient PHI.

https://www.cyberscoop.com/trend-micro-challenges-in-securing-connected-hospitals/




4.09.2018

 
Stealing Credit Cards from FUZE via Bluetooth from Lee



3.22.2018

 
https://iotscanner.bullguard.com/ Bullguard has a free online scanner that will scan your network edge to see if your IOT toaster is reachable from the outside. If so, you can bet https://shodan.io has already grabbed its banner. Speaking of which, if anyone has a pcap file for an IOT toaster, I would love to get my hands on it! Thanks.

 
https://securityplanner.org "Security Planner is an easy-to-use guide with expert-reviewed advice for staying safer online. It provides recommendations on implementing basic online practices, like enabling two-factor authentication on important accounts, making sure software stays updated, and using encrypted chats to protect private communications. More advanced users can receive advice on where to go for more help." This site interactively guides the user through a few questions related to the technologies used, the user's security concerns, and the user's desire for more specific information related to security. It then provides a list of general recommendations along with more detailed information should the user want to dig further. Its very "approachable" and provides good top level recommendations for users who may not be very technically savvy.

 
https://any.run/ AnyRun is an online malware sandbox where you can open files, urls, code, etc and run these inside of a virtual machine to see what happens. They have a limited free version which gives you a full two minutes to play in a somewhat limited but useful VM. It's come in handy a few times for me when I wanted to explode something safely off of my network.





This page is powered by Blogger.


Site Meter Locations of visitors to this page