Press "Enter" to skip to content

Category: April 2019

Monday, May 20th, 2019

Sophos tells users to roll back Microsoft’s Patch Tuesday run if they want PC to boot

Slack Bug Allows Remote File Hijacking, Malware Injection

TeamViewer Confirms It Was Hacked in 2016

Transcript:

Hello, Friends, it is Monday, May 20th. Twenty nineteen in here’s today’s security news first off from the registered echo that UK Sophos tells users to roll back Microsoft patch Tuesday run if they want to. P.S. If they want their P.C. to boot this is written by Gareth Corfield. So Sophos has released a statement that says hey if you’re using our product and you want to use your computer you had to roll back the Microsoft patches. That seems like a bad idea if you ask me. So not just like one patch all of the patches the full patch Tuesday kit they want you to roll it back. And to top things off when asked if they had a plan or what’s going to how are they going to update what’s going on. They said Sophos is working diligently on determining the issue and will provide ongoing customer guidance. Not that we will have an update for you in a week. Give us three days just hey we’re working on it. So if this was any other regular Patch Tuesday for Microsoft I wouldn’t be too concerned with it. But this was a pretty big deal there from where we talked about this that one of the vulnerabilities is worm rule just like they used in want to cry one encrypt whatever you want to call it. So it’s a pretty big deal and it affects all it all the way down to Windows XP. Even released patches for Windows XP. So this isn’t just some run of the mill AII right remote cold vulnerability. This is a pretty big deal. So interesting I hope Sophos fixes this quickly. It’s been a bad couple of weeks in general for every provider with everything that happened with Matt McAfee and trend and Symantec last week with their source code and now this was Sophos it’s tough to be in a vendor right now.

All right. Next from the threat post dot com slack bug allows remote file hijacking malware injections. So a researcher from tenable David Wells. I apologize. This article is written by terrorists seals a researcher from tenable named David Wells discovered a bug in Slack desktop version 3 2 3 7 4 Windows only that essentially allows an attacker to post a link into a slap or a link into us. Slack channel that is used to download a document in essentially in that protocol it allows them to change the destination of where that file is located to a local SMB share, therefore, downloading something other than intended. So somebody could put in a link to a Google Doc and all of a sudden that link now turns into an SMB file sharing your downloaded good piece of malware. So there’s erm it’s remote exploitation both authenticated and unaffected users malware and more. I mean so it goes into detail here. And as you know slack is pretty large. So the this is mitigated currently by upgrading to the next version to three top to zero. So I highly I mean this is obviously already been fixed. So go upgrade your Slack client on windows if you’re using it. Interesting that we don’t see a ton of slack stuff. So next from security Wycombe by Edward Kovacs team view confirms it was hacked in 2016.

This should not come as a surprise as many issues as Team viewers had over the years. One more thing for them. So apparently they were targeted in 2016 by a piece of Chinese malware we’ll just call it that for now. Or let me rephrase that a piece of malware that is commonly used by the Chinese they go on to talk about how they did their full you know they did the research they did the forensics and everything and nothing was stolen. So the direct quote independent experts conducted a thorough investigation using all I.T. forensic resources available and found no evidence that the security of our users or their I.T. systems was affected in any way. Yeah, I took those with a grain of salt right. I know there’s a lot of good forensics people out there everywhere you go. I just sometimes you just wonder right. Is there things that you didn’t see. There probably is. So we’ll take that statement with a grain of salt. Once again team view confirms it was hacked in 2016. All right, folks, that’s it for Monday, May 20th. Twenty nineteen everybody has a wonderful week. Hey, it’s a three day weekend for those in the United States coming up so just finish strong right and if you’re taking off Friday Whew boy a four day weekend so everybody finishes strong. Have a good week and we’ll talk tomorrow.

Thursday, May 16th, 2019

GOOGLE WILL REPLACE TITAN SECURITY KEY OVER A BLUETOOTH FLAW

‘GozNym’ Banking Malware Gang Dismantled by International Law Enforcement

Russian government sites leak passport and personal data for 2.25 million users

Transcript:

 Welcome to security on the bayou. It is Thursday, May 16th, 2019. And here’s today’s security news and why it matters to you.

‘First off big news of the day this articles on wired one thing in this article you could google and find almost anywhere probably be on your local news Google replace tighten security key over a Bluetooth flaw. This is written by Lily Hay Newman. Essentially there is a flaw in the Titan key with the BLT that could allow an actor to intercept and relay signals including credentials so while there is a flaw or a misconfiguration in this piece of hardware. In reality, this attack would be extremely difficult to pull off. You’re going to have to be within 30 feet of someone using a key. You’re also gonna have to already know their username and password. But if you have both those things and you’re able to pull this off you can get access to the user’s machine and their account locally. So it is dangerous. The fact that you could do this you know increases the danger associated with this account or with this attack. And you know according to you know one of the things they point out in this article is that those people that are using this type of thing are probably extremely security conscious and really really worried about this. So a good part on Google is they’re going to replace it with a new version that does not have this issue it’s going to have a three on the back. I take it back anything as T1 or teal it to on the back they will replace. So if you’ve got one go get it replaced. And also good for you for using something like this.

Next from the hacker news by Moet Kumar goes Nim. Jose and why am banking malware gang dismantled by international law enforcement. So this was a multinational group from Bulgaria Germany Georgia Moldova Ukraine United States Euro justice and Euro pull. They were able to bring down this big banking malware Trojan group cybercrime network whatever you want to call it a bunch of bad guys with the malware stealing money. They’re responsible for stealing nearly a hundred million dollars from 41000 victims across the globe. Anytime I see one of these I get excited. This is good stuff. I mean any cooperation between multiple countries multiple law enforcement. This is just good for the world in general for people. You know it’s one less thing you have to worry about there’s already enough going on in this world that you have to worry about your money get stolen less than you want is your money stolen while you’re on the Internet. So they were able to get these guys one of them has green hair which is an interesting sort of fitting the other one’s wearing a black beanie. I mean if there are hackers these are them right. Proof super hackers one of them’s got some me if she’s going to it’s perfect. It fits the profile exactly how they didn’t catch him earlier.

Next from Xena Russian government sites leaked passport and personal art. Let me try again. Russian government sites leak passport and personal data for 2.5 million users. Written by Caitlin Sim poncho for zero-day. So this is an interesting article. This researcher found that he was able to collect P.I. is what I would call it for Russian folks. Employees government employees citizens and high ranking politicians from all these different sites that have passport information or an S and ISIS which is the equivalent to a social security number here in the United States. So he did the responsible thing. He found all this he wrote and reported it to the Russian government and the Russian government said no it’s all good. It’s supposed to be public information. And then he went to the press. And now they’ve gotten a hold of the story obviously. So it’s interesting a couple of times they’ve come back and said No no no it’s all good. This is supposed to be out there. Which makes you wonder what is the Russian government you know defying P.I. eyes in my mind if the U.S. government said no. Everybody can have your passport information in your social security number. It’s ok we would lose our collective minds. So I don’t you know I don’t know if this is just a misstatement by the Russian government or if somebody really just doesn’t know what’s going on over there. So they were notified eight months ago. So plenty of time to fix it. I think you know this guy did his due diligence right. He’s you know he alerted all the right people and they chose to do nothing about it. So that is your security news for the day. This is security on the bayou and it is Thursday, May 16th, 2019. Everybody have a wonderful day we’ll talk tomorrow.

Wednesday, May 15th, 2019

Baltimore Ransomware Attack Takes Strange Twist

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

Israeli TV’s Eurovision webcast hijacked by hackers. Hamas blamed

Transcript:

Hello friends welcome to security on the bayou It is Wednesday May 15th 20 19 and here’s your security news for the day.

First things first from Sophos The Naked Security blog. You know this is one of my favorites. Title is update now. Critical remote work Mobile Windows vulnerability so normally I would just skip right over Patch Tuesday because it’s everywhere all the time. It’s not even patched choosey anymore what do we even call anymore windows update day. I don’t know. Anyways this is written by Mark starkly. And the reason I’m calling this out today is because there is a vulnerability in the remote desktop services that is warming bill. So the reason this is important is because Whirlpool essentially means that it can spread throughout the network. This is the same type of thing that happened with want to cry that the ransomware. So this is actually a pretty big vulnerability they’re all big right. But this one has a large impact across the environment. This isn’t something that will just cause you’re a single remote code execution in a browser or something like that an isolated incident. This could potentially affect the entire network of your enterprise. So if you haven’t patched yet. Go ahead go through the cycle I know most large enterprises it’s not a day of right you get a good test and it’s going to be a month to a quarter. But this is one of those that you want to put a high priority on and push through change control probably as quick as you can get tested get it get it out in the next week or so protect your network.

All right. Next. This is also once a man ransomware is everywhere. Maybe I’m seeing it maybe I’m obsessed with it. I don’t know. But we’re going to keep talking about it. So if you didn’t hear last week Baltimore the city city of Baltimore had a ransomware attack. And normally I would just gloss over it move on right. Because it’s just another city with another ransomware attack. Well this one gets a little bit more interesting today because on the old tweet box somebody posted a tweet that essentially is dark pictures of documents that would have been from the city so not only is there ransomware here but it appears that there was a fairly large data breach. So this is significant because the hacker is acting asking for about 76000 dollars and they’re saying that after 10 days they will no longer pass them the decryption keys. So after 10 days theoretically all these systems could get wiped out. Which is interesting. So they have 10 days. You know I my guess would be that if they don’t get paid they’re going to wipe all the systems and they’re probably going to dump all these documents. Now if you have nothing to be afraid of. Well that’s not the raw. That’s not the right mentality. This is just not good in general for the city of Baltimore. So one of the things when I was reading this article is like we know where all this is happening. How many other cities or municipalities or counties or whatever. And so actually in this article this person she read my mind Kelly Jackson Higgins. She read my mind and listed all of the other places it happened so I’m one of 22 against state local government entities so far in 2019. So I’ll read them off Washington Pennsylvania Amarillo Texas Cleveland airport Cleveland Ohio I guess the city center Augusta Maine. Stuart Florida Imperial County California. Garfield County Utah. Greenville North Carolina Albany New York. Jackson County Georgia school system of Taos New Mexico. Del Rio Texas Atlanta Georgia in Leominster Massachusetts just to name a few. So it’s happening it’s out there and that’s all just in 2019 and it’s only May. So these are going to keep going up. I imagine that you’ll probably see there’s a lot of cities right. They’re going to keep going after these guys especially if you’re on patched.

All right. Next the from Graham Cooley which is a great blog. Well my favorite probably seen his name wrong. Right. I don’t know if that’s right or not anyway. Israeli TV Eurovision webcasts hijacked by hackers. Hamas is blamed. So I’m not going to dig into this too much I just find it interesting this is like something you’d see on Mr. Robot right there took over the broadcast in Israel and played their own message. What that message is less here. Oh it was essentially a it’s a warning symbol says risk of missile attack. Please take shelter. Israel. Israel is not safe. You will see. So you know taking advantage of the fear in people so interesting that they would do this. I mean that continues to escalate over there with everything going on. Not that it’s ever going to de-escalate anytime soon I’m afraid. All right. So that is Wednesday May 15 20 19 everybody have a good week it is Wednesday we’re almost to the weekend keep pushing forward get those patches out get rid of the ransomware already what are we doing. All right everybody have a good week. We’ll talk tomorrow.

Tuesday, May 14th, 2019

Update WhatsApp now! One call could give spies access to your phone

Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw.

FBI Detects New Surveillance Malware Linked to North Korea’s Lazarus Group

Transcript:

 [00:00:00] Hello folks. Welcome to security on the bayou It is Wednesday Wednesday. It’s not Wednesday. It’s Tuesday, May 14 20 19 and here’s security news and why it matters to you.

So if you’ve been living under a rock this morning you may not know that WhatsApp has a fairly severe vulnerability. Essentially what happens here is there’s a vulnerability in the VoIP stack that allows somebody to call your phone via that number right via WhatsApp and execute remote code execution. There’s a buffer overflow vulnerability here. So I’m not going to dig too much into what a buffer overflow is but go look it up. Essentially they’re able to call you create a buffer overflow and run remote code. That’s bad. That means they can essentially own your phone and what’s been happening is they’ve been using this to install malware on phones. So if you have what’s an app on your phone go update it. So you know what. Actually, at this point, you might as well just dial uninstall WhatsApp. I’m going to do bad radio right now I’m going to go to my phone. I’m going to find WhatsApp where you at WhatsApp you tell how often I use it’s updating so I can’t even actually delete it. But as soon as I’m done with this I’m gonna delete WhatsApp. I’m done. I’m over it. I’ll move. I’ve already moved pretty much the signal anyways. I am done with WhatsApp. I recommend you do the same thing if you listen to a couple of weeks ago we talked about how Facebook is integrating WhatsApp into the Messenger Platform. It’s just going to get worse folks. Get rid of it. Be done with it. Move on. It’s my official recommendation. This article is everywhere the one I’m looking at is from Naked Security. But if you go. But this one’s written by Mark starkly. But anywhere you go just Google what’s app today. You’re going to find it. All right.

Next from bit defender dot com FBI detects new surveillance malware linked to North Korean Lazarus group. So if you may remember last month or so there was some malware called hop light which targeted critical infrastructure. So we’re talking power generation high tech manufacturing the lights the water anything that is critical to the operations of the country in your daily life. It was called hop light. It was going after critical infrastructure. There’s a new one in and it’s called electric fish to surveillance weapons so essentially what this does is allows them to create a tunnel on the machine and run a proxy so they can actually trade data. And I assume push additional malware persistent malware to the endpoint. This is also not good. I mean if this is targeting critical infrastructure that’s never good. But you know we’re starting to see this more and more and more and all those ISIS PCM guys out there yelling right now saying Chris it’s been going on forever. Yes, I know but now it’s more in the limelight. People are starting to see it more and more we talked a few weeks ago about the issue that happened the detox while not a nation-state but it’s becoming more and more prevalent across the country in the world. It’s not going to stop. It’s not going to slow down. There’s a reason the critical infrastructure protection is in place at a government level.

All right next. This one from badpackets.net If you don’t follow bad packets on Twitter I highly recommend it. They release these really cool reports about the marine botnet about how many new machines are seen every once in a while. It’s pretty cool. But at the end of the day, they are all about IO T botnets network a boot abuse an emerging threat. So they do a lot of scanning and monitoring. And this one has entitled over 25000 links this smart Wi-Fi routers vulnerable to send for sensitive information disclosure flaw. So you’re thinking yourself what do you mean what is going on here. We all know that IoT devices routers are vulnerable right. Yes. But this is a bit different. This is a little bit easier than what you may be thinking of. So the steps are actually in here this is pretty simple and I recommend if you have a link to this router give this a shot. It’s pretty simple. You put the public IP address in the web browser you go and you open your head after 12. If you’re on like Chrome or something like that to get to the developer console you go to the network tab you look for a Jane app and you open it and it starts to leak out information such as where you go mac address Device name and operating system. So that’s how you would do it in the gooey fashion right. But then they’ve also got on here a one-liner that is pretty simple. I mean it’s shorter than a tweet. It’s not long at all x Tak Jaina attack action colon the ha the U R L and then that’s it. So now you’re able to grab a MAC address Device name an operating system of all the devices that are on that networks and not talk about just one or two. Right. We’re talking about a whole thing. So hold internal home network which is not necessarily in and of itself bad right. Well, this is bad right. This isn’t something that they can use directly to own your system or own your network but what it does is it enables them to do some recon on what’s on your network before they go after it. So they’re easy they can more tailor their attacks as opposed to just like a spray and pray method on the network of trying everything and anything. Now they know that you are running Windows 7 right. Let’s go find the easiest vulnerability I can for Windows 7 and start there. So once again make sure your firmware is up to date. They’re calling it shadow hammer. Let’s see is there a home that did it. Are there other ones. The specific models are listed here too. There’s maybe 35 or so. Where are they located? Here we go here’s a list of names. The United States has 11000. Where’s the issue is there good news. Oh, I didn’t know this. Over half the vulnerabilities linked to smart Wi-Fi routers currently, have automatic firmware updates enabled. That’s good. So if they push a new update you’ll be fixed. So go check and make sure that your router is up to date. Hopefully, there’s a new firmware for it. Hopefully, that fixes it if not just pray. There’s a lot you can do. This is where we start to rely on the vendors right. All right, folks, I think that does it. It is Tuesday, May 15th, 2019. This has been Security on The Bayou

Friday, May 10th, 2019

U.S. charges Chinese national in hacks of Anthem, other businesses

Two crypto-mining groups are fighting a turf war over unsecured Linux servers

Bumper Crop of New Briefings Added for Black Hat USA

Transcript:

 [00:00:06] All right first things first from Reuters by Diana Childs how editing by Susan Thomas and Peter Cooney. So I don’t know why they needed two editors. It’s like four paragraphs. The U.S. charges Chinese national hacks of Anthem and other businesses. So a federal grand jury charged a Chinese national in a 2014 hacking campaign that affected large U.S. businesses including anthem. So we all remember the anthem was a pretty big breach. It was right on the tail of a lot of large breaches so it got a lot of attention to a lot of P.I. obviously not great. So this. They call it an extremely sophisticated hacking group stole nearly 80 million people’s worth of data from Anthem anthem. So obviously quite a bit. Included birthdays names Social Security number street address e-mail address employment information including income data. So a Chinese national has been charged. I don’t see anything in here about this person being extradited. We know how that goes. It’ll probably never happen. This is a shot across the bow but attribution is tough. More power to these people for being a motive to do this. It’s a good thing.

 [00:01:17] From ZDnet by Caitlyn Kimpower now to crypto mining groups are fighting a turf war over unsecured Linux servers. So there are two large crypto mining groups out there called Pacha and rocky. Probably pronouncing both of those wrong but currently, they both have developed their own malware which is not necessarily anything new. You know bad guys do that. That’s what they do. That’s why they’re bad guys but they’re using this malware in order to mine Martin Monaro on the end. So and obviously they’re going back and forth with each other so one guy you know they pop a box and they rip the other person’s malware off and it just keeps going back and forth back and forth to gain quote unquote market share which is interesting. I mean everything has a market share right. So one of the interesting things here is they’re mostly going after cloud-based services due to the amount of resources that those machines have. Makes perfect sense right. I mean imagine if you could get a pop box that had that scale to automatically based on load right. I mean it probably wouldn’t last long but there’d be an interesting one. So some interesting notes in here one of the newest ways they are getting into these boxes are with the Atlassian confluence server vulnerabilities that got released in March. So apparently they’re using three separate ones to really do this in this rocket group has an advantage because their power is more superior because it has the ability to uninstall cloud-based security products which is interesting so it can go on a box in the route removing HIV. And it’s also removing the competitor’s malware. So it sees what there was one other thing in here. Oh there. Exploit portfolio systems that they’re going after. Jenkins confluence Apache struts Jay Bos and others. So those are all we know all of those systems have a lot of vulnerabilities. So if you have them protect them to make sure they’re good to go. Hopefully, none of those systems are like at least your confluence. I don’t know why it would be Internet-facing. But anyways here we go next. And this one is pretty light but it is almost hacker summer camp time which means hopefully you’ve got all your papers submitted. Black hat has announced 50 plus new briefings today. This article comes from Dark Reading obviously black hat dark reading. Can’t believe they announced it on Dark Reading. It’s called bumper crop of new briefings added for Black Hat USA written by Black Hat staff. So they highlight a few of these big ones trust here. Here’s what they’ve got on here. Trust and transformation the post breeds journey so you’re gonna learn about the Home Depot and Equifax breaches which are you know those are big breaches so that’ll be an interesting one in the next inside the Apple T2 which is the inner workings of the apple T2 security chip so if you’re in a hardware hacking and that kind of stuff that’ll be a good one for you. And then next Bruce Schneier. That’s pretty big. He’s gonna have a talk called information security in the public interest. I would highly recommend if you’re going to be a black hack go see this. I don’t know how often he speaks this is the first time I’ve heard of him speaking in public at least is something like this. So go check him out a very smart guy. Don’t be surprised if half of what he says goes straight over your head it does for a lot of people even the smartest people in this industry have a hard time grasping all the concepts he can put out in one small piece of time very smart guy. So that’s it for today. Nice easy day it’s a wet day here in Houston I hope everybody has a wonderful weekend and we’ll talk on Monday.

Thursday, May 9th, 2019

Breach Incidents on Record Pace for 2019

C-level executives increasingly and proactively targeted by social breaches

IT Specialist Convicted on Cyber Hacking Charges Sentenced

Transcript:

 [00:00:00] Good morning friends. It is Thursday May 9th 2019. And this is Security on the bayou. Hope everybody’s having a wonderful week two more days you’re almost done get there it’s can be a beautiful we can hopefully wherever you are. All right.

First up from security Boulevard dot com by Erica chick while whiskey breach incidents on record pace for 20 19. So this is an interesting report. And this is again one of those articles that you’re going to find multiple people reporting on it throughout the industry and all over the news right. So in quarter one of 20 19 there were 1903 data compromise incidents exposing more than one point nine billion records. Obviously this sounds like a lot because it is a lot. Let’s compare it to last year twenty eighteen The volume of reported breach incidents was up 56 percent in one quarter and expose records was up by nearly 30 percent. That’s a huge jump year over year. That’s I mean that’s really really hit 56 percent and 30 percent anywhere else. Those percentages jump like that most usually you’re getting rich right. Not here this is bad news it’s gone backwards and some more perspective on this. Usually in between 2009 and 2016 the average records exposed was right around and one quarter was right around 100 million to 200 million. So in 2015 there was a R there was a larger number. 2015. I don’t remember exactly what was breached then but also look that up for you guys. So there I mean there’s been a huge increase over you go from 100 million to 200 million and then you go to a billion in less than two years. That’s significant. That’s quite a bit. This just goes to show you it’s not stopping. It’s not slowing down. People are continuing to get breached. So you got to do your do your part right protect yourself. So I don’t want this to be a scare tactic. You know you shouldn’t be scared by some of this stuff. This is just information you can use to go make things better. Right. Put this in your tool belt and move along

Next from help net security dot com title the article sea level executives increasingly and proactively targeted by social breaches. Normally this is not something I would have included. I mean this is sort of a no brainer C-level executives are getting fish wailed horrible vicious whatever you want to call it pretty consistently over the time over forever. Right. It’s just something that’s going to continue to happen surely because of the amount of access to information they have. But here we go. This again came from the rise in DVR we’ll start to see more and more stuff. People will start digging in this and pulling out little nuggets here and there so I’m not going to read one of these every day hopefully but for a while you’re going to be hearing about this stuff. So senior executives are 12 times more likely to be target of social incidents and nine times more likely to be the target of social breaches than in previous years. So once again this is big because increase year over year 12 times and nine times more likely than they were last year. That’s that’s significant. Once again the six significant so there’s things you have to be focusing on right. You know you don’t need to go buy all these fancy technical solutions right and the security tools and DLP and Cosbys I mean eventually in order to mature your organization you should. Right. But at the end of the day one of the biggest things is your I.T. hygiene right. What are your your helpdesk processes to investigate phishing. What are you patching. How are you filtering emails real basic sort of business operations items right. So I.T. hygiene it always comes back to I.T. hygiene. Right. Do the small things right to build upon and build your organization up right. You can’t have a good. You can’t build a big house if you ain’t got a good foundation create a good foundation for your house next.

I like this one. If you’re ever on Reddit or just in the world you know people always talk about what would you do if you got fired from this job. You know people that really hate their job always end up you know I’m going to delete everything I’m going to take everything down I’m a hack this right on my delete number write a script that’s going to blow up the machine right I’ve heard that one before. Here it is from security week via the Associated Press I.T. specialist convicted on cyber hacking charges is sentenced you may or may not remember this but there’s a gentleman named Edward Sobel. He was convicted by a federal jury in December on 12 counts of computer hacking. The 35 year old soy Bell of Chicago acted after the industrial supply company fired him in 2016 for quote unquote on unprofessional conduct and punctuality issues. So you his late and he was an asshole so essentially he got fired and he decided well if that’s the case and I’m going to take down everything I can guess what still illegal. Now he’s in jail for three years. So there you go. Don’t do it. It’s pretty simple right. One of the principles of life. Don’t be an asshole and you’ll be OK. All right folks I hope you learned something today. Someone put in your tool belt and take back to work with you. Everybody have a wonderful Thursday it is May 9th 2019 the security on the bayou.

Wednesday, May 8th, 2019

LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers

CIA camps out in anonymized Tor network

Highlights from the Verizon DBIR 2019

Transcript:

 [00:00:00] Welcome friends. It is Wednesday May 8th 20 19 and here’s today’s security news.

 [00:00:07] First thing’s first let’s start with this from security affairs by Pierluigi Paganini which I think he wrote an article yesterday if I remember correctly. This one entitled little SEC anonymous IPA hackers published sensitive data from 30000 Roman lawyers. So I.T. here standing for Italian. So they were able to collect the data of 30000 different lawyers over there all with personal information and evidence of access to PCC accounts which is the certified email account so it sounds like all of the lawyers in Italy are given a certified email account which sort of makes sense him audit purposes and know regulatory stuff. So keep that going. It appears that maybe the actual target of this was the mayor of Rome Virginia Froggy. So which is a member of this group? So I originally when I first saw this headline I assumed they were you know they were on the warpath for maybe for the Catholic Church but it appears not. I’m not to do some bit more research on this but the reason that they did this is we want to remember our friends arrested a few years ago and make them understand that we ate Anonymous is legion. So I don’t know who our friends are from a few years ago author look around but it’s an interesting hacker from little sac who you know we hear from stuff from occasionally little sex slash anonymous. How you know pretty much the same thing at this point. But this is probably one of their larger hacks in quite some time so it appears they’re back. Maybe they’ve reorganized a little bit or just maybe some new motivation that’s probably the correct answer there next. Yep

 [00:02:03] So this one’s fun from ZDnet by Charlie Osborne and this is one of those articles that this just happens to be the link I found it’s going to be everywhere it’s all over the place title that article is CIA camps out in anonymous toward the network. So the CIA has spun up their own onion version of the CIA’s Web site at really long address dot onion. So it’s a mirror image of the standard web site. But the CIA CIA says that creating this version meets the agency’s intelligence collection mission by being secure on anonymous and untraceable. If you believe any of those last three words I got I got some beach front land in a desert to sell you. Secure anonymous and untraceable in CIA and onion all in one sentence. I just have a hard time believing this. I don’t even believe that their intentions are pure here. I think this is there’s something going on here and there has to be. It’s the CIA. That’s what they do. They try to make you believe that everything is hunky dory in the background they’re actually doing something nefarious. Let’s call it nefarious. So you best believe I’m to go check this thing out. It’s curious. Right. I want to go see it and then I just burn my laptop. I don’t know. I might probably do this in a virtual machine that’s what I’ll end up doing. Even though it’s probably not going to matter some. An interesting article from Xena about the CIA the new tor Web site.

 [00:03:42] Next from the state of security on Tripwire by Tim Erland highlights from the Verizon DBIR 2019 so I’m not going to read this whole article but for those that don’t know Verizon over year over year releases a report it’s called the Data Breach Investigations Report. It’s sort of an industry standard at this point. I look forward to it pretty much every year. Do I. I don’t know. It’s usually a pain in the ass but I like reading it every year because there’s usually some good findings in there. Essentially what it is they send these surveys out to people across the industry that work in security all the time and they start you know they let them know sort of what happened in their world that year. So for instance look let’s see let me pick one of the things out of here the grid. There were six hundred and eighty-four information incidents related to denial of service. So don’t forget what this thing is. This graph is that they. This matrix I guess it would be that they built. There’s a specific name for it but it’s interesting because it breaks down incidents and breaches by pattern action and assets. So like that same one, the information incident had 684 denials of service seven hundred ninety-six were classified as hacking. 874 were servers so you know there are different categories in here like under asset you have user development server person network media kiosk slash terminal. So in that report, they define all this stuff. There’s always usually some interesting things that come out apparently. Here we go. This is right off the top so I will give you a little bit of it. Health care has the most problems with miscellaneous errors a departure for most other sectors. That’s interesting. I mean health care has a huge M&A aspect to it. So anytime you start putting that much MD&A into it things get harry but  Banks also do a lot of. So why don’t they have the same problem? So just answer there’s always some interesting things in here but always take into account right. Humans wrote this down and no matter how many times they read a definition of something they may get it wrong. Like the difference between malware and hacking misuse, social error and physical one can lead to the other. Right. All the time. And where does phishing fall in there right? Is it hacking or is that malware. It could also fall into social obviously. So there’s a lot of things that can change in here but it’s a good report. Go find it. Once again it’s the rise and D.B.I.RE Delta Bravo India Romeo Romeo Romo hey Tony Romo. OK. I think that’ll do it it is Wednesday, May 8th, 2019. Everybody have a wonderful day we’ll talk again tomorrow.

Tuesday, April 30th, 2019

People Are Clamoring to Buy Old Insulin Pumps

Malware Infests Popular Pirate Streaming Hardware

Chinese dev jailed and fined for posting DJI’s private keys on Github

Transcript:

[00:00:01] Good morning friends It is Tuesday, April 30th and here is today’s security news. [00:00:05][4.5]


[00:00:06] First off from the Atlantic dot.com not your traditional security article that we’ll discuss here but the title is “People are clamoring to buy old insulin pumps.” Written by Sarah Zhang on the Atlantic. So this is an interesting article, and there’s a lot of you know sort of medical terminology, and you know a lot about insulin and type 1 diabetes. But it’s interesting because it has to do with hacking of a Medtronic insulin pump. So essentially what they’ve done is they’ve used this pump to create a process that they call looping so that this software that runs on an artificial pancreas can then talk to this insulin pump and regulate the amount of insulin that is put into the person’s body. This is interesting because they stopped making these Medtronic pumps I think in 2014. So you have all these people running around on eBay and Craigslist and Facebook trying to grab these things so that they can build these systems and use them instead of having to count everything all day and do all kinds of different insulin shots and it makes their life a little bit easier so much. This is used across the industry quite a bit so much so that the CEO of JD RF the Jew Juvenile Diabetes Research Foundation actually does this himself. So a very interesting article. Not your usual security but hey it’s hacking. So we’re going to talk about it. [00:01:41][94.3]


[00:01:42] All right. Next from the threat post dot com Malware infests popular pirate streaming hardware. This should come as no surprise to anybody. So some researchers have gone and grabbed a Cody streaming box and essentially determined that every one of the add ons that is on there was to take it back. Not everyone. A large majority of the pieces of software an add on that are in this Cody box contain malware. Some of the things that it’s doing it is taking all of the wireless information your SS I.D. password and such from that box and sending it to a server in another country. Somebody had one point five terabytes of data was uploaded from a device that shared the same network of the Kodi box. So they were able to move laterally on the network and extract one point five terabytes of data. I know what you guys but that would flag my ISP pretty quick as going over my limit. So that just a lot of interesting things here. I mean this should not be a surprise at all. I mean why would if you were developing free quote unquote apps that allowed you to stream illegally wouldn’t you try and take advantage of that to all these people trying to do that. So apparently it’s quite a bit of talk about it on the dark web. I mean they’re the developers of these things literally discuss this with each other on how to do this effectively. So an interesting thing. Stay away from it. I mean at the end of the day I mean at least make sure you’re protected somehow if you’re going to use this stuff. [00:03:22][100.5]


[00:03:23] All right. Next one A. This one I when I first started reading it. I got a bit of a chuckle then it got pretty serious pretty quick. So this one from the registered Kota U.K. Chinese Dev jailed and fined for posting DGA. Excuse me. D.J. I’s private keys on GitHub so DGI makes drones for those that don’t know. So he ended up posting two extremely important keys on get hub one of them was the ASG for the firmware. So that’s why I saw it first got a little bit of a chuckle. You know people were allowed to go. You know they can now modify the firmware to their needs but the second one this was a big deal. He dropped a wildcard SSL key for star dot DJI dot com and oh I can’t say that. And that’s a big deal. I mean in the world of keys. That’s a big one especially an SSL keys. So you know any subdomain of D.J. icon. Now hopefully they’ve gone and revoked that key. And you know they’ve gone through that process but who knows at this point that’s a that’s pretty dangerous. So he ended up getting fined just under 23000 pounds two hundred thousand. You on what I end up being so he, of course, is very sorry. “I was born in a very poor village I studied hard all the time I finally gotten to university was very happy thing to me and my parents. But now all the things are done I am done. I will go to jail. I have to take this stain in my life. My girlfriend began to break up with me. Wow. Woo. My family are broken. F bomb. What are terrible things. Maybe the only thing I can do now is to die. It is so hard I need to be free.” I feel for this guy. That’s a pretty big deal. Sound. People who say those kinds of things about how we want to die and girlfriend breaking up don’t sound like it was intentional to me so. [00:05:26][122.9]
Chris Adkins: [00:05:29] All right. Normally we do for, but we’re already over our time for the day. So thank you for joining us. It is what day is it’s Tuesday Tuesday, April 30th 2019. Everybody have a wonderful day. [00:05:29][0.0]
[322.3]

Monday, April 29th, 2019

A Crash Course In Card Shops

Lime Scooter Hacked in Australia

Google boots major Android app developer from store for conducting massive ad fraud

Credential stuffing: Bigger and badder than ever

Transcript:

 [00:00:01] Good morning friends It is Monday, April 29th and this is security on the bayou.

 [00:00:05] Let’s get things kicked off today with an article from SC Magazine U.S. by Doug Olynyk credentials stuffing bigger and better than ever. Obviously credential stuffing has been around for a long time but Recorded Future issued a report this week talking about the resurgence of it for a few reasons. One of them is automation which makes perfect sense we’re automating everything these days and not just the automation here but they have developed not they procure Recorded Future has not but the bad guys have vellum some tools that can do multiple sites at once. So not only are you just hitting one you’re hitting a bunch and you’re doing it very fast and you’re automating it. So you’ve seen a resurgence in it so much so that a single account that used to sell for ten dollars is now down to a mere one or two dollars. It’s very interesting that this has come back and this has been seen in the wild if you will so go check out this article recorded feature also called out a few different tools that have been used some interesting names of these tools obviously you can tell where they came from by the names but also some prices. There is one on here, private keeper that sells for forty-nine rubles Russian rubles which is a approximately 64 cents. So not exactly a high barrier to entry on this.

 [00:01:26] OK next from ZDnet we have an article entitled Google boots major Android app developer from the store from conducting massive ad fraud. This one is by Charlie Osborn. So they kicked out over 40 apps by a Chinese developer over the weekend. And here let me get I want to make sure I get this right. The name of the company or the developer is Deo global which is in part owned by Baidu so a very big connection there for this developer. So they ripped a bunch of their applications off the Google Play store for using adware and you know essentially click fraud within the adware within the application so it was quite a few it ended up being at the end of the day over 100 applications that were they removed with 600 million installs. That’s quite a few. I’m sure they made a few bucks on that deal. Global released a statement, of course, they’re quote-unquote sorry and you know they’re going to look into their practices. But we know how that goes.

 [00:02:27]  So next a crash course in card shops by Josh. I apologize Jeff. Josh I to get this wrong Lefkowitz this is an interesting article this isn’t necessarily going to make you a expert on carding and how the underground card shops work but it’s a great primer. You’re all human so you understand good customer service that that part won’t come as a surprise here they do refunds you know there are all kinds of different things but I think what I really enjoyed about this article is some of the terminology and abbreviations and tallies that are used for instance B I N bank identification number and then also like the difference between a dump versus a card. So and then obviously CSP which I previously knew. Card not present fraud which is very common. And so it’s in some good detail here I recommend you read this as all sort of prime you on you know some things that are going on especially in the financial services or you know you work for one of these companies. Take a look at this it should be hopefully something you already know but added to your toolbox of tools.

 [00:03:38] And then the last one for the day on a bit of a lighter note this one actually came up last week chose to skip over it but I think it came back up on my feed so I had to bring it back up. This one’s by Matt Novak on Gizmodo dot com. Lime scooters hacked to say sexual things to riders in Australia. Obviously lime is not very happy about this but frankly, I find it pretty funny. Like here’s one of the sayings. “Don’t take me around because I don’t like to be ridden” which is you know a little silly. Let’s see here. When customers ended a ride with the hacked scooters the voice box said “no where you go” according to yet another video posted before lime learned about the hack and then this is what they said. It’s not smart it’s not funny and it’s akin to changing a ringtone. I also find changing people’s ringtones very funny so nice try and then they tried to play to the maturity of people which we all know will not work. So very interesting article once again on Gizmodo to calm your laugh of the day in the hacking world. Thank you for joining us.

 [00:04:45] This is his man security on the bayou April twenty ninth. Monday.