Daily Archives: September 18, 2018

83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack

Small businesses are leaving themselves exposed to significant financial risk from cybercrime by not having adequate measures in place to recover in the event of a cyber attack. That’s according to the findings of InsuranceBee’s Cyber Survey, which asked more than 1,000 SMBs how prepared they are to deal with cybercrime. Although the average cost for small and medium-sized businesses to recover from a cyber attack is estimated to be $120,000, 83% of SMBs do … More

The post 83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack appeared first on Help Net Security.

Regtech to account for 40% of global compliance spend by 2023

A new study from Juniper Research has found that spending on Regtech platforms will exceed $115 billion by 2023, up from an estimated $18 billion in 2018. The research found increased regulatory pressures, as demonstrated by the recent GDPR implementation, are driving businesses towards Regtech to meet greater compliance challenges. According to the research, any heavily regulated business sector not prioritising Regtech adoption would risk damaging fines from failing to keep pace with regulatory changes. … More

The post Regtech to account for 40% of global compliance spend by 2023 appeared first on Help Net Security.

ManageEngine strengthens endpoint security with the launch of Browser Security Plus

ManageEngine announced its launch of Browser Security Plus, a browser management solution that helps organizations secure their corporate data in the cloud and protect their networks from web-based cyberattacks. Available immediately, Browser Security Plus provides organizations with a layer of management capabilities for browsers and their add-ons to maintain enterprise security. This allows enterprises to improve network health by preventing, detecting and fixing any browser vulnerabilities. As modern web, portable computing devices, and other technologies … More

The post ManageEngine strengthens endpoint security with the launch of Browser Security Plus appeared first on Help Net Security.

Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites

Symantec announced the availability of a free service, powered by Symantec’s artificial intelligence technology, that political candidates and campaigns can use to test the security and authenticity of their websites. Attracting users to fake websites that contain differences from legitimate websites, is a technique that cyber criminals use to gather personal information, such as birth dates, email addresses, and voting preferences. That data can then be weaponized to influence behavior and attitudes, spread false information, … More

The post Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites appeared first on Help Net Security.

Latest Hacking News Podcast #124

US State Department email system hacked, Judge rejects paperless voting machine ban though convinced they are vulnerable and Pegasus spyware being used illegally on episode 124 of our daily podcast.

Latest Hacking News Podcast #124 on Latest Hacking News.

NSFOCUS introduces new capability to identify cyber risk exposure

NSFOCUS announced the launch of NSFOCUS Exposed Internet Surface Analysis (EISA), a new capability to address the cyber security risk faced by organizations today. EISA identifies malicious activity of rogue IPs, ports and services that might be compromised and hidden within the organization’s network providing insights to prioritize remediation and block further malicious activity from within the network. Organizations have embraced digital transformation to create new business models and ecosystems, deliver new products and services, … More

The post NSFOCUS introduces new capability to identify cyber risk exposure appeared first on Help Net Security.

Top 10 roles in AI and data science

kdnuggets.com - If you’re keen to make your data useful with a decision intelligence engineering approach, here’s my take on the order in which to grow your team. We start counting at zero, of course, since you need…


Tweeted by @InsightBrief https://twitter.com/InsightBrief/status/1042257738250768385

Accenture expands data and AI capabilities of Accenture myWizard platform

Accenture has expanded the capabilities of its automation platform, Accenture myWizard, to help companies to disrupt every aspect of the application lifecycle and drive business value. Accenture has bolstered the platform’s capabilities by integrating artificial intelligence (AI), automation, analytics and DevOps, through investments, technology enhancements and expanded ecosystem collaboration. With over 50 patents and patent applications, Accenture myWizard enables organizations to move beyond driving productivity and cost reduction in their technology applications and focus on … More

The post Accenture expands data and AI capabilities of Accenture myWizard platform appeared first on Help Net Security.

Facebook Wanted Banks To Fork Over Customer Data Passing Through Messenger

An anonymous reader quotes a report from The Verge: For years, Facebook has publicly positioned its Messenger application as a way to connect with friends and as a way to help customers interact directly with businesses. But a new report from The Wall Street Journal today indicates that Facebook also saw its Messenger platform as a siphon for the sensitive financial data of its users, information it would not otherwise have access to unless a customer interacted with, say, a banking institution over chat. In this case, the WSJ report says not only did the banks find Facebook's methods obtrusive, but the companies also pushed back against the social network and, in some cases, moved conversations off Messenger to avoid handing Facebook any sensitive data. Among the financial firms Facebook is said to have argued with about customer data are American Express, Bank of America, and Wells Fargo. The report says Facebook was interested in helping banks create bots for its Messenger platform, as part of a big push in 2016 to turn the chat app into an automated hub of digital life that could help you solve problems and avoid cumbersome customer service calls. But some of these bots, like the one American Express developed for Messenger last year, deliberately avoided sending transaction information over the platform after Facebook made clear it wanted to use customer spending habits as part of its ad targeting business. In some cases, companies like PayPal and Western Union negotiated special contracts that would let them offer many detailed and useful services like money transfers, the WSJ reports. But by and large, big banks in the U.S. have reportedly shied away from working with Facebook due to how aggressively it pushed for access to customer data. Facebook said in a statement to The Wall Street Journal: "Like many online companies, we partner with financial institutions to improve people's commerce experiences, like enabling better customer service, and people opt into these experiences. We've emphasized to partners that keeping people's information safe and secure is critical to these efforts. That has been and always will be our priority."

Read more of this story at Slashdot.

Guarding the Gate: Cybersecurity De-Mystified

With individuals, businesses and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat.” And if the cat equates to preventing, detecting or discovering disruptive data breaches and determining the root cause, the vendor community has certainly come […]… Read More

The post Guarding the Gate: Cybersecurity De-Mystified appeared first on The State of Security.

The State of Security: Guarding the Gate: Cybersecurity De-Mystified

With individuals, businesses and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat.” And if the cat equates to preventing, detecting or discovering disruptive data breaches and determining the root cause, the vendor community has certainly come […]… Read More

The post Guarding the Gate: Cybersecurity De-Mystified appeared first on The State of Security.



The State of Security

U.S. Federal IoT Policy: What You Need to Know

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was exposing the locations of […]… Read More

The post U.S. Federal IoT Policy: What You Need to Know appeared first on The State of Security.

The State of Security: U.S. Federal IoT Policy: What You Need to Know

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was exposing the locations of […]… Read More

The post U.S. Federal IoT Policy: What You Need to Know appeared first on The State of Security.



The State of Security

WhiteHat Security broadens application security testing portfolio with Bugcrowd partnership

WhiteHat Security announced a partnership with Bugcrowd to broaden the WhiteHat Sentinel application security testing portfolio with vulnerability testing. The partnership will deliver an application security testing solution to organizations around the world. WhiteHat Sentinel provides application security testing augmented with human intelligence to reduce risk with near zero false positives. Bugcrowd offers managed bug bounty and vulnerability disclosure programs to identify and triage security risks, delivered via a global crowd of security researchers to … More

The post WhiteHat Security broadens application security testing portfolio with Bugcrowd partnership appeared first on Help Net Security.

Covata announces general availability of SafeShare for ITAR

Covata announced the general availability of SafeShare for the US International Traffic in Arms Regulations (ITAR). This SaaS offering will serve a role in allowing small and medium-sized businesses in the Defense Industrial Base sector to adopt the cloud while complying with export control laws, such as ITAR and the Export Administration Regulations (EAR). ITAR and EAR are two regimes that control the export of defense articles including technical data, defense services, and dual-use articles … More

The post Covata announces general availability of SafeShare for ITAR appeared first on Help Net Security.

XebiaLabs extends Jenkins for all DevOps teams and tools

Adding to XebiaLabs’ enterprise DevOps platform for Release Orchestration, Deployment Automation, and DevOps Intelligence, the XebiaLabs DevOps Pack for Jenkins provides everything enterprise DevOps teams need to make Jenkins pipelines an integrated part of their software delivery pipelines. As a result, Jenkins pipeline data is available to—and usable by—all types of team members involved in getting software from code to production. Development pipelines are disconnected from the software delivery organization As part of the coding … More

The post XebiaLabs extends Jenkins for all DevOps teams and tools appeared first on Help Net Security.

Wharton Professor Says America Should Shorten the Work Day By 2 Hours

Adam Grant, an organizational psychologist, New York Times best-selling author, and The Wharton School's top professor, says Americans should work two hours less. Instead of the typical 9-to-5, people "should finish at 3pm," says Grant in a recent LinkedIn post. "We can be as productive and creative in 6 focused hours as in 8 unfocused hours." CNBC reports: In the LinkedIn post, Grant was weighing in on an Atlantic article about the time gap between when school and work days end, a bane for many parents. But it's not the first time Grant has given his stamp of approval to less work with more productivity. "Productivity is less about time management and more about attention management," Grant tweeted in July, highlighting an article about a successful four-day work week study. For the study, a New Zealand company adopted a four-day work week (at five-day pay) with positive results; the company saw benefits ranging from lower stress levels in employees to increased performance. In a recent blog post, billionaire Richard Branson also touted the success of a three-day or four-day work week. "It's easier to attract top talent when you are open and flexible," Branson said in the post. "It's not effective or productive to force them to behave in a conventional way." "Many people out there would love three-day or even four-day weekends," said Branson. "Everyone would welcome more time to spend with their loved ones, more time to get fit and healthy, more time to explore the world."

Read more of this story at Slashdot.

Express Logic’s X-Ware IoT platform brings security and safety to the Microchip SAM L11 microcontrollers

Express Logic has announced that its industrial-grade X-Ware IoT Platform—powered by the ThreadX RTOS—now supports the TrustZone for ARMv8-M technology-based Microchip SAM L11 microcontrollers. IoT devices require an RTOS and network connectivity. As device vendors open up their APIs to share data and allow more interoperability with other products and single-point devices and systems, information security and protection become issues. Express Logic’s X-Ware IoT Platform provides a foundation that enables embedded developers using the SAM … More

The post Express Logic’s X-Ware IoT platform brings security and safety to the Microchip SAM L11 microcontrollers appeared first on Help Net Security.

Western Digital My Cloud Authentication Bypass

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

Red Hat Security Advisory 2018-2721-01

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

Ubuntu Security Notice USN-3722-6

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-3766-1

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-3722-5

Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

Linux On Windows 10: Running Ubuntu VMs Just Got a Lot Easier, Says Microsoft

Liam Tung reporting for ZDNet: Ubuntu maintainer Canonical and Microsoft have teamed up to release an optimized Ubuntu Desktop image that's available through Microsoft's Hyper-V gallery. The Ubuntu Desktop image should deliver a better experience when running it as a guest on a Windows 10 Pro host, according to Canonical. The optimized version is Ubuntu Desktop 18.04.1 LTS release, also known as Bionic Beaver. Microsoft's work with Canonical was prompted by its users who wanted a "first-class experience" on Linux virtual machines (VMs) as well as Windows VMs. To achieve this goal, Microsoft worked with the developers of XRDP, an open-source remote-desktop protocol (RDP) for Linux based on Microsoft's RDP for Windows. Thanks to that work, XRDP now supports Microsoft's Enhanced Session Mode, which allows Hyper-V to use the open-source implementation of RDP to connect to Linux VMs. This in turn gives Ubuntu VMs on Windows hosts a better mouse experience, an integrated clipboard, windows resizing, and shared folders for easier file transfers between host and guest. Microsoft's Hyper-V Quick Create VM setup wizard should also help improve the experience. "With the Hyper-V Quick Create feature added in the Windows 10 Fall Creators Update, we have partnered with Ubuntu and added a virtual machine image so in a few quick minutes, you'll be up and developing," said Clint Rutkas, a senior technical product manager on Microsoft's Windows Developer Team. "This is available now -- just type 'Hyper-V Quick Create' in your start menu."

Read more of this story at Slashdot.

US-CERT Current Activity: NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: September 18, 2018

NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.




US-CERT Current Activity

NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: September 18, 2018

NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.


Gemalto and R3 pilot blockchain technology to put users in control of their Digital ID

Who are you, and can you prove it? The new Gemalto Trust ID Network enables users to give digital service providers verified and secured answers to these questions. By creating and managing their own ‘Self-Sovereign’ Digital ID, users can enroll with a host of different digital banking, eCommerce and eGovernment services, without having to go through repeated due diligence processes for each of them. This distributed approach to Digital ID management enables service providers to … More

The post Gemalto and R3 pilot blockchain technology to put users in control of their Digital ID appeared first on Help Net Security.

Packet Storm: Ubuntu Security Notice USN-3766-1

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

Packet Storm

Packet Storm: Ubuntu Security Notice USN-3722-6

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

Packet Storm

Packet Storm: Western Digital My Cloud Authentication Bypass

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

Packet Storm

Packet Storm: Red Hat Security Advisory 2018-2721-01

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

Packet Storm

Packet Storm: Ubuntu Security Notice USN-3722-5

Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

Packet Storm

SN 681: The Browser Extension Ecosystem

This week we prepare for the first ever Presidential Alert unblockable nationwide text message, we examine Chrome's temporary "www" removal reversal, checkout Comodo's somewhat unsavory marketing, discuss a forthcoming solution to BGP hijacking, examine California's forthcoming IoT legislation, deal with the return of Cold Boot attacks, choose not to click on a link that promptly crashes any Safari OS, congratulate Twitter on adding some auditing, check in on the Mirai Botnet's steady evolution, look at the past year's explosion in DDoS number of size, note another new annoyance brought to us by Windows 10... Then we take a look at the state of the quietly evolving web browser extension ecosystem.

We invite you to read our show notes.

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

E Hacking News – Latest Hacker News and IT Security News: CBI writes to Facebook, Cambridge Analytica on illegal data harvesting




The Central Bureau of Investigation in India has written to Britain-based consultancy firm Cambridge Analytica, Global Science Research (GSR), and Facebook asking them to hand over the information regarding alleged data theft of Indian Facebook users.

“We have written to three firms separately to seek details regarding the allegations. Further investigation will take place after we receive a reply,” a CBI official said.

A month ago, the agency has sent letters to three companies after a reference from the Ministry of Electronics and Information Technology, in which they have sought the details of illegal data collection exercise adapted by them.

It is alleged that Global Science Research obtained the data and then supplied it to  Cambridge Analytica. According to the CBI officials, the GSR used “illegal means” to retrieve the personal data from Indian Facebook users.

Facebook has said that more than 20 crore users in India were affected by the data breach.

“Facebook responded that they will streamline their processes regarding personal data. They stated that the case of Cambridge Analytica was a case of breach of trust…” IT minister Ravi Shankar Prasad had said.



E Hacking News - Latest Hacker News and IT Security News

CBI writes to Facebook, Cambridge Analytica on illegal data harvesting




The Central Bureau of Investigation in India has written to Britain-based consultancy firm Cambridge Analytica, Global Science Research (GSR), and Facebook asking them to hand over the information regarding alleged data theft of Indian Facebook users.

“We have written to three firms separately to seek details regarding the allegations. Further investigation will take place after we receive a reply,” a CBI official said.

A month ago, the agency has sent letters to three companies after a reference from the Ministry of Electronics and Information Technology, in which they have sought the details of illegal data collection exercise adapted by them.

It is alleged that Global Science Research obtained the data and then supplied it to  Cambridge Analytica. According to the CBI officials, the GSR used “illegal means” to retrieve the personal data from Indian Facebook users.

Facebook has said that more than 20 crore users in India were affected by the data breach.

“Facebook responded that they will streamline their processes regarding personal data. They stated that the case of Cambridge Analytica was a case of breach of trust…” IT minister Ravi Shankar Prasad had said.

Chrome OS Revamp Delivers a New Look and Linux App Support

Google has released a Chrome OS 69 update that introduces a range of new features. From a report: Most notably, there's now support for running Linux apps. You'll need a supported machine (a handful of machines from Acer, ASUS, HP, Lenovo, Samsung and Google itself). Still, this could be more than a little helpful if you want to run a conventional desktop app or command line terminal without switching to another PC or a virtual environment. The new software also adds the long-in-the-making Night Light mode to ease your eyes at the end of the day. Voice dictation is now available in any text field, and there's a fresh Files interface that can access Play files and Team Drives.

Read more of this story at Slashdot.

Windows Incident Response: Book Writing

With the release of my latest book, Investigating Windows Systems, I thought that now would be a good time to revisit the topic of writing books.  It occurred to me watching some of the activity and comments on social media that there were likely folks who hadn't seen my previous posts on this topic, let alone the early stuff I'd posted about the book, particularly the stuff I'd written about the book two years ago.

As I said, I've blogged on the topic of writing (DFIR) books before:
17 Dec 2010
26 Dec 2010
28 Mar 2014
29 Mar 2014
16 Feb 2018

There are some things about writing books that many folks out there simply may not be aware of, particular if they haven't written a book themselves.  One such item, for example, is that the author doesn't own the books.  I had a sales guy set up an event that he wanted me to attend, and he suggested that I "bring some books to sell".  I don't own the books to sell, and as far as I'm aware, I'm not PCI compliant; I don't process credit cards.

Further, authors have little, if any, control over...well, anything beyond the content, unless they're self-published.  For example, I'm fully aware that as of 17 Sept 2018, the image on the Amazon page for IWS is still the place holder that was likely used when the page was originally set up.  I did reach to the publisher about this, and they let me know that this is an issue that they've had with the vendor, not just with my book but with many others, as well.  While I can, and do, market the books to the extent that I can, I have no control over, nor any input into, what marketing the publisher does, if any.  Nor do authors have any input or control over what the publisher's vendors do, or don't do, as the case may be.

Taking a quick look through a copy of the Investigating Windows Systems book, I noted a few things that jumped out at me.  I did see a misspelled word or two, read a sentence here and there that seemed awkward and required a re-read (and maybe a re-write), and noticed an image or two that could have been bigger and more visible.  Would the book have looked a bit better if it had a bit bigger form factor?  Perhaps.  Then it would have been thinner.  However, my point is that I didn't have any input into that aspect of the book.

I'm also aware that several pages (pp. 1, 45, 73, 97) have something unusual at the bottom of the page.  Specifically, "Investigating Windows Systems. DOI: https://doi.org/10.1016/{random}", and then immediately below that, a copyright notice.  Yes, this does stand out like a sore thumb, and no, I have no idea why it's there.

If you purchased or received a copy of the book, I hope you find value in it.  As I've said before, I wanted to take a different approach with this book, and produce something new and I hope, useful.

Windows Incident Response

EU Drops Court Case After Apple Repays More Than $16 Billion In Taxes and Interest To Ireland

"Ireland's government has fully recovered more than [$16 billion] in disputed taxes and interest from Apple, which it will hold in an escrow fund pending its appeal against a European Union tax ruling," reports The Guardian. From the report: The European commission ruled in August 2016 that Apple had received unfair tax incentives from the Irish government. Both Apple and Dublin are appealing against the original ruling, saying the iPhone maker's tax treatment was in line with Irish and EU law. Ireland's finance ministry, which began collecting the back taxes in a series of payments in May, estimated last year the total amount could have reached -- [$17.5 billion] including EU interest. In the end the amount was [$15.2 billion] in back taxes plus [$1.4 billion] interest. For its part, the commission said it would scrap its lawsuit against Ireland, which it initiated last year because of delays in recovering the money. "In light of the full payment by Apple of the illegal state aid it had received from Ireland, commissioner (Margrethe) Vestager will be proposing to the college of commissioners the withdrawal of this court action," the commission spokesman Ricardo Cardoso said. Ireland's finance ministry said its appeal had been granted priority status and is progressing through the various stages of private written proceedings before the general court of the European Union (GCEU), Europe's second highest court. The matter will likely take several years to be settled by the European courts, it added.

Read more of this story at Slashdot.

Risky Business #514 — New NSO Group report released and another State Department email breach. Drink!

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Citizen Lab drops NSO Group report
  • “Weaponised Stuxnet” claims are idiotic
  • Another State Department email breach! Drink!
  • Dutch foil planned attack against Swiss Novichok lab
  • Mirai botnet authors working for FBI
  • US telcos want to be consumer auth brokers
  • US fails to extradite “Mr Bitcoin”
  • Much, much more

This week’s show is brought to you by Remediant. They make a just-in-time access solution for privileged account management (PAM), and we’re doing something a little different in this week’s sponsor interview.

Paul Lanzi of Remediant will be along, but so will Harry Perper of MITRE corporation. Harry’s pay-cheques say MITRE, but he’s been working on a NIST project. The National Cybersecurity Center of Excellence (NCCoE) at NIST has been working on a project to provide guidance on the secure usage and management of privileged accounts. The so-called 1800-18 document is a practical guide and reference architecture for privileged account management and we’ll talk to both Harry and Paul about that after the news.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Sleuths Find Traces of Infamous iPhone and Android Spyware ‘Pegasus’ in 45 Countries - Motherboard
HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries - The Citizen Lab
iOS Security Guide iOS 12 September 2018
US military given more authority to launch preventative cyberattacks - CNNPolitics
People Are Recklessly Speculating That the Massachusetts Gas Explosions Were a Stuxnet-Related Hack - Motherboard
State Department email breach exposed employees' personal information - POLITICO
Novichok poisoning: Russians expelled from Switzerland
The Mirai Botnet Architects Are Now Fighting Crime With the FBI | WIRED
U.S. Mobile Giants Want to be Your Online Identity — Krebs on Security
Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China
Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal
Google's prototype Chinese search engine links searches to phone numbers | Technology | The Guardian
Vijay Boyapati on Twitter: "When I worked at Google, as an engineer on Google News, I was asked to write code to censor news articles in China (circa 2006). I refused and they took me off the project and put someone else on it. Doesn't surprise me Google is back at it. "Don't be Evil" is a Google myth.… https://t.co/1geUCURHay"
US loses extradition battle with Russia for Bitcoin kingpin | ZDNet
US lawmakers introduce bill to fight cybersecurity workforce shortage | ZDNet
Ransomware attack blacks out screens at Bristol Airport | ZDNet
Security flaw can leak Intel ME encryption keys | ZDNet
Nasty piece of CSS code crashes and restarts iPhones | ZDNet
New cold boot attack affects 'nearly all modern computers' | ZDNet
Uproar after Adobe winds down Magento rewards-based bug bounty program | ZDNet
Jason Woosley on Twitter: "The demise of #BugBounty at @Magento has been greatly exaggerated. Yesterday we announced the transition of this program to the @Adobe @HackerOne system. We failed to mention that we will continue to pay out for this incredibly valuable work. Hack on!"
Proofpoint: One month out from deadline, half of agency domains are DMARC compliant
Cloudflare’s new ‘one-click’ DNSSEC setup will make it far more difficult to spoof websites | TechCrunch
Facebook pilots new political campaign security tools — just 50 days before Election Day | TechCrunch
Facebook Broadens Its Bug Bounty to Include Third-Party Apps | WIRED
Google remotely changed the settings on a bunch of phones running Android 9 Pie - The Verge
Zero day in popular video surveillance technology goes public, unpatched
Privileged Account Management | NCCoE
fs-pam-project-description-draft.pdf

People Tend To Cluster Into Four Distinct Personality ‘Types,’ Says Study

An anonymous reader quotes a report from Ars Technica: A new study has sifted through some of the largest online data sets of personality quizzes and identified four distinct "types" therein. The new methodology used for this study -- described in detail in a new paper in Nature Human Behavior -- is rigorous and replicable, which could help move personality typing analysis out of the dubious self-help section in your local bookstore and into serious scientific journals. What's new here is the identification of four dominant clusters in the overall distribution of traits. [Paper co-author William Revelle (Northwestern University)] prefers to think of them as "lumps in the batter" and suggests that a good analogy would be how people tend to concentrate in cities in the United States. The Northwestern researchers used publicly available data from online quizzes taken by 1.5 million people around the world. That data was then plotted in accordance with the so-called Big Five basic personality traits: neuroticism, extraversion, openness, agreeableness, and conscientiousness. The Big Five is currently the professional standard for social psychologists who study personality. (Here's a good summary of what each of those traits means to psychologists.) They then applied their algorithms to the resulting dataset. Here are the four distinct personality clusters that the researchers ended up with: Average: These people score high in neuroticism and extraversion, but score low in openness. It is the most typical category, with women being more likely than men to fit into it. Reserved: This type of person is stable emotionally without being especially open or neurotic. They tend to score lower on extraversion but tend to be somewhat agreeable and conscientious. Role Models: These people score high in every trait except neuroticism, and the likelihood that someone fits into this category increases dramatically as they age. "These are people who are dependable and open to new ideas," says Amaral. "These are good people to be in charge of things." Women are more likely than men to be role models. Self-Centered: These people score very high in extraversion, but score low in openness, agreeableness, and conscientiousness. Most teenage boys would fall into this category, according to Revelle, before (hopefully) maturing out of it. The number of people who fall into this category decreases dramatically with age.

Read more of this story at Slashdot.

Texas Securities Board Shuts Down Two Crypto Scams

The state of Texas took decisive action today to shut down two cryptocurrency scams affecting residents of the great Lone Star State. Texas sent emergency to cease and desist letters to two very different projects. While only one in the viewpoint of this analysis definitively qualifies as a scam, both companies marketed themselves in a […]

The post Texas Securities Board Shuts Down Two Crypto Scams appeared first on Hacked: Hacking Finance.

Google’s Android OS To Power Dashboard Displays

schwit1 shares a report from The Wall Street Journal: Google is making a major push into the auto industry, partnering with the Renault-Nissan-Mitsubishi Alliance to use the tech company's Android OS to power media displays (Warning: source may be paywalled; alternative source) that will eventually be sold in millions of cars world-wide. The auto-making alliance, which together sells more vehicles than any other auto maker, is picking Google to provide the operating system for its next-generation infotainment system, marking a major victory for the Silicon Valley tech giant, which has spent more than a decade trying to replicate the success it has had with the smartphone in the car. The alliance, which last year sold a combined 10.6 million vehicles globally, will debut the new system in 2021, giving drivers better integration of Google's maps, app store and voice-activated assistant from the vehicle's dashboard, the companies said. The move comes as other auto makers have been reluctant to cede control of this space to tech rivals, in part because they see the technology as generating valuable consumer data that can be turned into new revenue streams. Slashdot reader schwit1 adds: "But can I get it unlocked and can it be turned off, like this traveling telescreen?

Read more of this story at Slashdot.

Abine DeleteMe

Data aggregators will sell your personal details to anyone who's interested. Abine DeleteMe keeps dozens of such sites from listing your data, but you'll pay for that protection.

CVE-2018-6690

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

CVE-2017-3912

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

iPhone XS, XS Max Are World’s Fastest Phones (Again)

According to "several real-world tests and synthetic benchmarks," the new iPhone XS and XS Max, equipped with the world's first 7-nanometer A12 Bionic processor, are the world's fastest smartphones, reports Tom's Guide. They even significantly outperform Qualcomm's Snapdragon 845 chip. From the report: Geekbench 4 is a benchmark that measures overall performance, and no other phone comes close to Apple's new handsets on this test. The iPhone Xs notched 11,420, and the iPhone Xs Max hit 11,515. The older iPhone X scored 10,357, so that's about an 11 percent improvement. There's a lot more distance between the new iPhones and Android flagships. The fastest Android phone around, the OnePlus 6, scored 9,088 on Geekbench 4 with its 8GB of RAM, while the Galaxy Note 9 reached 8,876. To test real-world performance, we use the Adobe Premiere Clips app to transcode a 2-minute 4K video to 1080p. The iPhone X was miles ahead last year with a time of just 42 seconds. This time around, the iPhone XS and iPhone XS Max knocked it down further to 39 seconds. The Galaxy S9+ took 2 minutes and 32 seconds to complete the task, and that's the fastest we've seen from an Android phone. The OnePlus 6 finished in 3:45, and the LG G7 ThinQ took 3:16. One good way to measure real-world performance is to see how long it takes for a phone to load demanding apps. Because the phones have the same processor for this round, we just used the iPhone Xs Max and put it up against the iPhone X and the Galaxy Note 9. The iPhone XS Max was faster every time, including a 15-second victory in Fortnite over the Note 9 and 3-second win in Asphalt 9. The phones were closer in Pokemon Go but the iPhone XS Max still came out on top. The new iPhones did lag behind the competition in the 3DMark Slingshot Extreme test, which measures graphics performance by evaluating everything from rendering to volumetric lighting. The iPhone XS Max and iPhone X received scores of 4,244 and 4,339, respectively, while the OnePlus 6 received a score of 5,124. As for the GFXBench 5 test, the iPhone XS Max achieved 1,604.7 frames on the Aztec Ruins portion of the test, and 1,744.44 frames in the Car Chase test," reports Tom's Guide. "The Note 9 was far behind at 851.7 and 1,103 frames, respectively. However, the Galaxy S9+ edged past the iPhone XS Max on this test."

Read more of this story at Slashdot.

How Microsoft Edge’s hidden WDAG browser lets you surf the web securely

Occasionally, for whatever reason, we browse parts of the web we know could be dangerous, where malicious pop-ups, ransomware or other malware could infect our PCs. While no solution is totally safe, Microsoft now has a free, specialized version of its Edge browser specifically designed to protect you online: Windows Device Application Guard, or WDAG.

WDAG was originally developed for Windows 10 Enterprise, protecting companies with billions of dollars at stake. Now that same protection has migrated to Windows 10 Pro—sorry, Windows 10 Home users—as an optional feature that you can turn on within Windows, for free. It debuted on Windows 10 Pro as part of the  Windows 10 April 2018 Update, and will receive some new features as part of the October 2018 update, too.

To read this article in full, please click here

Why Windows 10 is the most secure Windows ever

Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features – namely Device Guard and Credential Guard – in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft's cloud-based forensic analysis tool.

To read this article in full, please click here

Microsoft and Imperva Collaboration Bolsters Data Compliance and Security Capabilities

This article explains how Imperva SecureSphere V13.2 has leveraged the latest Microsoft EventHub enhancements to help customers maintain compliance and security controls as regulated or sensitive data is migrated to Azure SQL database instances.

Database as a Service Benefits

Platform as a Service (PaaS) database offerings such as Azure SQL are rapidly becoming a popular option for organizations deploying databases in the cloud.  One of the benefits of Azure SQL, which is essentially a Relational Database as a Service (RDaaS), is that all of the database infrastructure administrative tasks and maintenance are taken care of by Microsoft – and this is proving to be a very compelling value proposition to many Imperva customers.

Security is a Shared Service

What you should remember with any data migration to a cloud service, is that while hardware and software platform maintenance is no longer your burden, you still retain the responsibility for security and regulatory compliance.  Cloud vendors generally implement their services in a Shared Security Model.  Microsoft explains this in a whitepaper you can read here.

To paraphrase in the extreme, Microsoft takes responsibility for the security of the cloud, while customers have responsibility for security in the cloud.   This means Microsoft provides the services and tools (such as firewalls) to secure the infrastructure (such as networking and compute machines), while you are responsible for application and database security.   Though this discussion is about how it works with Azure SQL, the table below from the Microsoft paper referenced above shows the shared responsibility progression across all of their cloud offerings.

Figure 1:  Shared responsibility model from the Microsoft Whitepaper Shared Responsibilities for Cloud Computing

Brief Description of How Continuous Azure SQL Monitoring Works

SecureSphere applies multiple services in the oversight of data hosted by Azure SQL.  The Services include but are not limited to the following:

  • Database vulnerability assessment
  • Sensitive data discovery and classification
  • User activity monitoring and audit data consolidation
  • Audit data analytics
  • Reporting

The vulnerability assessment and data discovery are done by scanning engines that have some kind of service account access to database interfaces.  The activity monitoring is done by a customizable policy engine, pre-populated with compliance and security rules for common compliance and security requirements such as separation of duties – but fully customizable for company or industry-specific requirements.

With Azure SQL, SecureSphere monitoring and audit activity leverages the Microsoft EventHub service.  Recent enhancements to EventHub, on which Microsoft and Imperva collaborated, provide a streaming interface to database log records that Imperva SecureSphere ingests, analyzes with its policy engine (and other advanced user behavior analytics), and then takes appropriate action to prioritize, flag, notify, or alert security analysts or database administrators about the issues.

Figure 2:  Database monitoring event flow for a critical security alert

Benefits of Imperva SecureSphere for Azure SQL Customers

A Key benefit that a solution such as SecureSphere Database Activity Monitoring (DAM) provides is integrating the oversight of Azure SQL into a broad oversight lifecycle all enterprise databases.  With SecureSphere, here are some things you can do to ensure the security of your data in the cloud:

  • Secure Hybrid enterprise database environments: While many organizations now pursue a “cloud first” policy of locating new applications in the cloud, few are in a position to move all existing databases out of the data center, so they usually maintain a hybrid database estate – which SecureSphere easily supports.
  • Continuously monitor cloud database services: You can migrate data to the cloud without losing visibility and control. SecureSphere covers dozens of on-premises relational database types, mainframe databases, and big data platforms.  It supports Azure SQL and other RDaaS too – enabling you to always know who is accessing your data and what they are doing with it.
  • Standardize and automate security, risk management, and compliance practices: SecureSphere implements a common policy for oversight and security across all on-premises and cloud databases.  If SecureSphere detects that a serious policy violation has occurred, such as unauthorized user activity,  it can immediately alert you.  All database log records are consolidated and made available to a central management console to streamline audit discovery and produce detailed reports for regulations such as SOX, PCI DSS and more.
  • Continuously assess database vulnerabilities: SecureSphere Discovery and Assessment streamlines vulnerability assessment at the data layer. It provides a comprehensive list of over 1500 tests and assessment policies for scanning platform, software, and configuration vulnerabilities. The vulnerability assessment process, which can be fully customized, uses industry best practices such as DISA STIG and CIS benchmarks.

It’s critically important that organizations extend traditional database compliance and security controls as they migrate data to new database architectures such as Azure SQL. Imperva SecureSphere V13.2 provides a platform to incorporate oversight of Azure SQL instances into broad enterprise compliance and security processes that include both cloud and on-premises, and data assets.

SmartBear announces SoapUI Pro 2.5, enabling teams to embed API testing into DevOps

SmartBear announced the release of SoapUI Pro 2.5, the latest update of the testing platform for REST and SOAP APIs. This release includes the addition of native Docker support, automated test creation, and native integrations with Continuous Integration (CI) servers like Jenkins, TeamCity, and VSTS. Containers are changing the way software is delivered in a microservice-driven world. DevOps teams are turning to containers, and specifically Docker, as a critical component of their continuous delivery process. … More

The post SmartBear announces SoapUI Pro 2.5, enabling teams to embed API testing into DevOps appeared first on Help Net Security.

Tesla Is Facing US Criminal Probe Over Elon Musk Statements

An anonymous reader quotes a report from Bloomberg: Tesla is under investigation by the Justice Department over public statements made by the company and Chief Executive Officer Elon Musk. The criminal probe is running alongside a previously reported civil inquiry by securities regulators. Federal prosecutors opened a fraud investigation after Musk tweeted last month that he was contemplating taking Tesla private and had "funding secured" for the deal. The tweet initially sent the company's shares higher. Tesla confirmed it has been contacted by the Justice Department. The investigation by the U.S. attorney's office in the Northern District of California follows a subpoena issued by the Securities and Exchange Commission seeking information from the electric-car maker about Musk's plans to go private, which he has since abandoned. Tesla said in a statement following Bloomberg's report: "Last month, following Elon's announcement that he was considering taking the company private, Tesla received a voluntary request for documents from the DOJ and has been cooperative in responding to it. We have not received a subpoena, a request for testimony, or any other formal process. We respect the DOJ's desire to get information about this and believe that the matter should be quickly resolved as they review the information they have received."

Read more of this story at Slashdot.

CVE-2018-6693

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

CVE-2018-17071

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.

CVE-2018-17111

The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.

CVE-2018-11084

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

CVE-2018-13982

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

CVE-2018-11071

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

CVE-2018-16225

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.