Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - maruf.swe

Pages: [1] 2 3 ... 28

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.

A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems (ICS) face with increased exposure to the internet.

While in the past ICS networks were traditionally proprietary and closed systems, the advent of the Internet of Things (IoT) has created manufacturing systems that have exposed devices and network ports to the internet. This also makes these systems vulnerable to more threats from bad actors – which could have dire implications when it comes to manufacturing plants or critical infrastructure.

For More Details :


The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.

A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.”

The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 unique targets. The subject matter of the lures featured articles written in Russian pertaining to ongoing geopolitical relations issues surrounding North Korea.

“Overall, the Fractured Statue campaign provides clear evidence that the TTPs [tactics, techniques and procedures] discovered in Fractured Block are still relevant, and that the group behind the attacks still appears to be active,” said Adrian McCabe with Palo Alto Networks’ Unit 42 research group

For More Details :


The malware uses thousands of partner websites to spread malvertising code.

The malvertising-focused trojan known as Shlayer has burbled to the top of the malware heap when it comes to targeting Mac users. It made up 29 percent of all attacks on macOS devices in Kaspersky’s telemetry for 2019, making it the No. 1 Mac malware threat for the year. To spread, it has been swindling visitors to websites with millions of visitors, especially YouTube and Wikipedia, into clicking on malicious links.

Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code, according to Kaspersky. Its main purpose is to fetch and install various adware variants. These second-stage samples bombard users with ads, and also intercept browser searches in order to modify the search results to promote yet more ads.

For More Details :

Cyber and Software Security / 2020 Cybersecurity Trends to Watch
« on: February 25, 2020, 08:30:24 AM »

The wheels of 2020’s biggest cybersecurity threats have already been set motion. Mobile, the cloud and artificial intelligence, to name a few, are trends that will continue to be exploited by criminals. Couple that with the rapid growth of software development and a cybersecurity skills shortage and that should be enough to keep security pros on their toes. Here is what experts say the year ahead in cybersecurity has in store.

Ransomware was the scourge of 2019 and will also be in 2020. Organized cyergangs will shift focus from leveraging banking trojans in huge multi-million dollar SWIFT-related heists and instead focus on smaller ransomware attacks. Why? “[They are] easier to anonymize, easier to launder, and [require] less sharing of illicit profits with street gangs that launder bank fraud proceeds,” said Limor Kessem, with IBM Security.

Mobile will become a primary phishing vector for credential attacks in 2020. “Traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS,” according to Lookout security experts.

As software development increases, so will the need to nip security threats in the bud. The attack surface has grown from local code to pipeline code. To answer the challenge, a DevSecOps mindset must prevail, say security pros. Code inspection will need to start from app inception to production in 2020, say experts. “We’re seeing organizations start to build security into each phase of the development pipeline, and expect to see more of this shift in 2020,” wrote Veracode’s Suzanne Ciccone.

As more corporate infrastructure moves to the cloud, so will the focus of criminals. The good news and bad news following this trend is “conducting an attack will become harder and the actions of threat actors will become more sophisticated or more frequent – relying on chance rather than planning,” according to a Kaspersky look at 2020 security trends.

Global adoption of 5G infrastructure technology will begin in earnest in 2020. That will give rise to an uptick in edge computing and a host of new connected IoT devices. Add to that some old issues magnified by the massive 5G buildout such as authentication, confidentiality, authorization, availability and data security. “Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices,” wrote Forescout in its year ahead outlook.

“Authentication will move from two-factor (2FA) to multi-factor (MFA), including biometrics,” according to 2020 predictions by Lookout security experts. The company said in 2019 it saw implementations of one-time authorization codes (OTAC) to provide 2FA circumvented in advanced phishing attacks. “To protect against credential theft and to address regulatory compliance, enterprises are increasingly adopting MFA and biometrics using mobile devices,” the company wrote.

Specific attacks such as phishing will continue to leverage machine learning to automate the optimization of campaigns. “Phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms,” Lookout said.

Last year our interest in deep fakes piqued as proof-of-concept examples surfaced and real ones swayed opinion and tricked one company out of $243,000. Deep fake technology used against businesses and in misinformation campaigns are predicted to ramp up in 2020. The problem is forecast to become so pervasive that, “By 2023, up to 30 percent of world news and video content will be authenticated as real by blockchain, countering deep fake technology,” according to Gartner’s 2020 predictions.

On January 14, 2020 Microsoft will sunset support for Windows 7. For most consumers and businesses that do not have extended-support in place, that means Microsoft will stop patching and regularly updating the OS even when a security vulnerability is found. “History will repeat itself in 2020, with at least one major attack leveraging the vulnerability to affect companies around the world, similar to what we saw with the end of life of Windows XP,” wrote Forescout.

Driven by the high cost of sophisticated malware-based attacks, a rise in insider attacks are forecast for 2020. “Direct attacks on infrastructure… is becoming much more expensive, requiring more and more skills and time for the attacker,” Kaspersky wrote. As a result the year ahead will see, “Growth in the number of attacks using social engineering methods… [T]he human factor remains a weak link in security.” As a result, “Attackers will be willing to offer large amounts of money to insiders. The price for insiders varies from region to region and depends on the target’s position in the company,” according to Kaspersky.

For More Details :


The cloud-focused program will pay out $10,000 as its top reward.

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation (CNCF).

The Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling and management in the cloud. The culmination of 15 years of development experience, Google open-sourced the Kubernetes project in 2014. It is now maintained by the CNCF, whose community of volunteers will manage vulnerability processing and resolutions related to the bug-bounty program.

Bounties will range from $100 to $10,000. The program’s scope covers code from the main Kubernetes organizations on GitHub (Kubernetes has more than 100 certified distributions), as well as “continuous integration, release and documentation artifacts,” according to a Kubernetes security team post

For More Details :

Cyber and Software Security / A Practical Guide to Zero-Trust Security
« on: February 25, 2020, 08:25:28 AM »

There are five different pillars to implement when moving to a modern, zero-trust security model.

Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and paving the way for zero-trust approaches.

Traditional security methods broadly classify everything (users, devices and applications) inside the corporate network as trustworthy. These models leverage legacy technologies, such as virtual private networks (VPNs) and network access control (NAC), to verify the credentials of users outside the network before granting access. The focus therefore is on strengthening the network perimeter and then granting full access to corporate data once credentials are successfully validated. This is sometimes referred to as the “castle and moat” approach, in which the castle refers to the enterprise holding valuable data and applications, while the moat refers to layers of protection aiming to keep potential threats out.

However, in today’s complex IT world, in which users access all types of apps (software-as-a-service, on-prem, native, virtual) from all types of devices (mobile, desktop, internet of things) and from many locations both inside and outside the corporate network, organizations need a security model that is dynamic, flexible and simple. Perhaps the most notable of the emerging security models is zero trust.

“Zero trust” is a phrase first coined by John Kindervag of Forrester in 2010 to describe the need to move security leaders away from a failed perimeter-centric approach and guide them to a model that relies on continuous verification of trust across every device, user and application. It does this by pivoting from a “trust but verify” to “never trust/,always verify” approach. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access.

This all makes sense in theory, but what does implementing zero trust look like in practical terms? When talking to customers about steps they can take to build a zero-trust security architecture, I focus on five main pillars – device trust, user trust, transport/session trust, application trust and data trust.

For More Details :


The trove of information is potentially a scammer’s bonanza.


Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams.

Microsoft said it is in the process of notifying affected customers.

The Comparitech security research team said that it ran across five Elasticsearch servers that had been indexed by search engine BinaryEdge, each with an identical copy of the database. The database contained a wealth of phishing- and scam-ready information in plain text, including: Customer email addresses, IP addresses and physical locations, descriptions of customer service claims and cases, case numbers, resolutions and remarks, and internal notes marked “confidential.”

In short, it’s everything a cybercriminal would need to mount a convincing and large-scale fraud effort, Comparitech researcher Paul Bischoff wrote in a posting on Wednesday.

“The data could be valuable to tech support scammers, in particular,” he said. “Tech support scams entail a scammer contacting users and pretending to be a Microsoft support representative. These types of scams are quite prevalent, and even when scammers don’t have any personal information about their targets, they often impersonate Microsoft staff. Microsoft Windows is, after all, the most popular operating system in the world.”

For More Details :


The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops.

A newly uncovered Emotet malware sample has the ability to spread to  insecure Wi-Fi networks that are located nearby to an infected device.

If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them — a tactic that can rapidly escalate Emotet’s spread, said researchers. The new development is particularly dangerous for the already-prevalent Emotet malware, which since its return in September has taken on new evasion and social engineering tactics to steal credentials and spread trojans to victims (like the United Nations) .

“With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet’s capabilities,” said James Quinn, threat researcher and malware analyst for Binary Defense, in a Friday analysis. “Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords.”

For More Details :


Traditional e-mail based scams are also in the mix this year, one in particular that uses the legitimate app TeamViewer to take over victims’ systems.

This tax season crooks are targeting users with a new crop of scams that include leveraging remote desktop software and compromising small tax-prep company websites.

“If you have the word ‘tax’ in your domain name; you’re a target this year,” warns Sherrod DeGrippo, senior director of threat research and detection at Proofpoint in a report released Wednesday.

The attacks are emerging alongside the traditional e-mail based attacks that try to trick users into installing malware that can steal credentials or take control of systems. One of the new target tax scams leverage the legitimate TeamViewer remote-control app to do its dirty work, he wrote. Other email-based attacks this year leverage more traditional malware like The Trick banking trojan.

For More Details :;board=886.0


While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor.

For any organization to protect itself from cyberattacks and data breaches, it’s critical to discover and respond to cyber threats as quickly as possible. Shutting the window of vulnerabilities promptly makes the difference between a mild compromise and a catastrophic data breach. Understanding your ability to do so gives your organization a powerful way to determine holes in your defenses and areas where your team needs to improve.
MTTD and MTTR Explained

While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor.

    Mean Time to Detect (MTTD): Your MTTD is the average time it takes to discover a security threat or incident.
    Mean Time to Respond (MTTR): Your MTTR measures the average time it takes to control and remediate a threat.

Your MTTD and MTTR depend on a number of factors, including the size and complexity of your network, the size and expertise of your IT staff, your industry, and more. And different companies measure things in different ways. There are no industry-standard approaches to measuring MTTD and MTTR, so granular comparisons between organizations can be problematic apples-vs-oranges affairs.

According to the SANS 2019 Incident Response survey, 52.6% of organizations had an MTTD of less than 24 hours, while 81.4% had an MTTD of 30 days or less.

Once an incident is detected, 67% of organizations report an MTTR of less than 24 hours, with that number increasing to 95.8% when measuring an MTTR of less than 30 days. However, according to the Verizon Data Breach Investigations Report, 56% of breaches took months or longer to discover at all. That’s an incredible amount of time for the bad guys to be inside of your perimeter while preparing to exfiltrate your data.
How to Improve MTTD and MTTR

Measuring and improving MTTD and MTTR is easier said than done. The fact is that many businesses work with IT teams that are stretched thin and often lack cybersecurity expertise. Meanwhile, they face ever-more sophisticated attacks stemming from well-funded criminal networks or malicious nation-state actors. That said, there are a number of things every organization can do to drive down its MTTD and MTTR.

Start with a plan: Create an incident response plan in advance of potential attacks to identify and define stakeholder responsibilities so the entire team knows what to do when an attack occurs. This plan can define your processes and services used to detect these threats. As you get a few incidents under your belt, review your plan to look for areas for improvement that can reduce MTTD and MTTR.

For More Details :


Researchers have release a new proof-of-concept attack targeting a new Intel Speculative-type bug called CacheOut present in most Intel CPUs.

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way.

The more serious of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability that allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel’s Software Guard Extensions (SGX) enclave, a trusted execution environment on Intel processors.

“In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel’s buffer overwrite countermeasures,” wrote researcher Stephan van Schaik of the University of Michigan and colleagues in a research report made public.

For More Details :


Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.

Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution.

Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe parlance, priority 2 means that administrators should apply the updates within 30 days.

Out of the flaws, Adobe has fixed three that it rates as critical in severity, meaning that successful exploits could “allow malicious native code to execute, potentially without a user being aware.”

For More Details :


After a year of big changes, white hats reaped more from Google’s programs than ever before.

Google paid out $6.5 million in bug-bounty rewards in 2019, which doubles the internet behemoth’s previous annual top total. It has also highlighted additional bonuses that are now in effect for Chrome and Android.

Last year saw some notable changes for Google’s Vulnerability Reward Programs (VRPs), including the launch of the Developer Data Protection Reward Program aimed at uncovering data-abuse issues in Android apps, OAuth projects and Chrome extensions. Requested quarry includes apps that violate Google Play, Google API and Google Chrome Web Store Extension privacy policies. Depending on the impact of the bug found, researchers could net as much as $50,000 for a single report.

Also in 2019, Google tripled top reward payouts for security flaws in Chrome from $5,000 to $15,000 – and doubled the maximum reward amount for high-quality reports from $15,000 to $30,000.

For More Details :


Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking.

Apple’s latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution (RCE). Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1 Ultra-Wideband device tracking.

The fixes address vulnerabilities in Apple’s Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV’s operating system, tvOS – each rated high-severity.

Tracked as CVE-2020-3868, one tvOS RCE bug has a CVSS severity score of 8.8 out of 10, the highest among those patched Tuesday. The bug is tied to multiple memory corruption issues in Apple’s browser engine, WebKit. “By persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service,” according a description of the flaw.

For More Details :


The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.

Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access (DMA) capability.

DMA is a processing-efficiency approach for peripherals (such as PCI cards or network interface cards) that, as the name suggests, offers direct high-speed access to a system’s memory.

“For example, a network adapter or Firewire device may need to read and write information quickly,” according to an Eclypsium report, issued Thursday. “Passing this traffic up to the OS and back down again is slow and inefficient. Instead, DMA allows devices to directly communicate with the system’s memory without passing through the operating system [or main CPU].”

For More Details :

Pages: [1] 2 3 ... 28