Category: Security

UPDATE 12/15/2021: A second vuln in log4j (patch for the first vulnerability was “incomplete.”) It’s been exploited in the wild.

As Daniel Miessler says “Analysis: What’s so remarkable about this vulnerability is not just its criticality or reach—but the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. What we should be thinking about isn’t just log4j. What we should be thinking about is how many other projects are out there that have similar characteristics:

1. The project is maintained by very few people in their spare time for no money, and
2. If the project had a major issue it would disrupt the entire internet.We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they’re creating from a security standpoint.”

Cybersecurity official warns software vulnerability could affect millions of devices (msn.com)

If you receive a call, text, or email that says one of the following, it’s a scam:

* Threatens to suspend your Social Security number, even if they have part or all of your Social Security number
* Warns of arrest of legal action
* Demands or requests immediate payment
* Requires payment by gift card, prepaid debit card, internet currency, or by mailing cash
* Pressures you for personal information
* Requests secrecy
* Threatens to seize your bank account
* Promises to increase your Social Security benefit
* Tries to gain your trust by providing fake “documentation,” false “evidence,” or the name of a real government official Continue reading “Social Security scam and protection recommendations”

Happening right now!

HACKtheMACHINE Unmanned: Kick Off Stream – YouTube

A happy ending by a smart person

Hacked! How finding my dream home almost led me to a financial nightmare

This article speaks how vulnerable we are to determined actors. Some things can just not be defended against. But we can still learn good practices to mitigate many of these attacks.

1. Text messages and email do remain the vulnerabilities on phones/tablets.
2. WhatsApp asked this reporter to a protest
3. I also keep my personal data off my phone
4. But photos and contacts and texts are still on it
5. Zero click is scary. You don’t have to even click for this kind of infection, so there’s not much defense if you’re on someone’s list. Nearly impossible to definitively identify the bad guys.

Three very cool search engines. Use them 1-2-3 bang all together.

IoT devices are horribly insecure nowadays. You can search for information in your passive footprinting.  Stuff like webcams by manufacturer or version. Continue reading “Vulnerable IoT Devices! (Using Publicly-available Information To Learn More About A Target pt. 2)”

No that is not a typo. The original theZoo is a github repo with commodity malware samples.  Everyone has access to malware that is off-the-shelf and it’s the most common type.  No Advanced Persistent Threats here. But your anti-malware software will probably flag you.

It’s neat because you can use it to study this code. Alternatively, you could do some things that are not recommended. You could create a phishing email that could be sent to a million users, not targeting anyone in particular like the APTs do.  The APTs and other lone hackers or groups create more sophisticated malware. Instead, these users–sometimes called script kiddies–can download say WannaCry ransomware and send it out through your phishing email (or through a “stager” email malware that will load other modules). No reconnaissance needed here.

Think about it, if only one percent of a million users open the email, you end up with 10,000 compromises. Not a bad pay day.

Still the preferred attack against businesses, education, and governments. As a home user, the cyber policies below still go a long way to securing your computers against attacks:

“The FBI and CISA’s recommendations echo best practices for most cybersecurity situations: Don’t click on suspicious links. Make an offline backup of your data. Use strong passwords. Make sure your software is up to date. Use two-factor authentication. If you use Remote Desktop Protocol—a Microsoft product that has historically proven a popular entry point for attackers—proceed with caution.”

A new vulnerability exposes your cameras, video recorder, or baby monitor.

IoT users should regularly apply patches and updates to devices to ensure they’re protected against known vulnerabilities

The company’s website said its home video surveillance products also support Amazon Alexa and Google Home Assistant.

https://m.washingtontimes.com/news/2021/aug/17/researchers-say-theyve-found-flaw-exposing-million/?utm_campaign=shareaholic&utm_medium=email_this&utm_source=email

Zdnet coverage on protection https://www.zdnet.com/article/critical-iot-security-camera-vulnerability-allows-attackers-to-remotely-watch-live-video-and-gain-access-to-networks/

Steganography is the practice of hiding files or messages in another file or message. One of the most useful tools is PicStealth, a free app from Microsoft.

Just enter your message in the box, turn on encryption, set a password, press Hide/Embed, and voila, now you too can be James Bond.

The app also extracts text as you can see.

Remember that threat actors can use sophisticated means to trick you into exposing your data and computer as a whole. https://www.zdnet.com/article/microsoft-warns-these-attackers-can-go-from-first-contact-to-launching-ransomware-in-just-48-hours/

Microsoft has warned about this bogus call center that gets you to install an app that leads to ransomware attack 48 hours later. Keep in mind that the bad guys have teams of people working for them and they look legit.

Pegasus is this spyware technology by Israeli company NSO Group that can be used against people who should never be targeted. Data harvested from smartphone? Location, emails, videos, social media, photos, mic, camera granular access–which has been used against targets like Jamal Khashoggi. NSO denies their software was used by bad actors and never to access U.S. phone numbers.

https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones

Hat tip to Josie Browne-Peters on this subject.

Unless you want to have your ID stolen, spam emailed to your email list, or to receive popup ads and spam, don’t impulsively click on links!
1. Know the company or sender of the email. Research if needed.
2. If you know the sender, but it still looks suspicious, check with them.
3. If you think it is a scam, report it to the FBI Internet Crime Complaint Center.
4. Protect yourself with a spam filter and MalwareBytes.

Beware Fraud, Report to the FBI Internet Crime Complaint Center

Cybercrimes are happening every day, all day. The FBI Internet Crime Complaint Center (IC3) receives hundreds of thousands of complaints per year. In 2020, there were 791,790 complaints and of those complaints, twenty-eight percent were from people over 60 years of age. Their losses totaled over $1 billion of the $4.1 billion lost across all age demographics nationwide. U.S. elder losses also saw a $300 million increase since 2019, with an average loss of $9,175. Over nineteen hundred lost more than $100,000. Even if you are not over 60, beware of the following scams and exploits.

The top three crimes in order of number of losses:

Continue reading “Fraud in 2020 Going Stronger Than 2019”

ZDNet made some more suggestions to avoid reduce the chances that you are compromised by ransomware:
– Create airgapped backups
– Patch patch patch your systems
– Set complex password standards on your systems
– Use Multi-Factor Authentication (MFA)
– Use enterprise versions of VM software (Another vector has been discovered where cybercriminals are using VM’s load their ransomware on a system.)
– Map out your network and know where your important assets are

Unfortunately, those preparations may not help. I wrote about having a plan in case of ransomware disaster, and in another article, ZDNet had some additional recommendations for disaster preparation in case of a ransomware attack:
– How much will the company be willing to pay out?
– Who on the company’s board of directors will negotiate with the hackers?
– Who in law enforcement will be the point of contact? (https://www.zdnet.com/article/have-we-reached-peak-ransomware-how-the-internets-biggest-security-problem-has-grown-and-what-happens-next).

It’s good to see that world leaders, and Biden, are taking ransomware more seriously (but action not words please…). I have been saying this for a few months now: it’s the biggest cybersecurity threat against business and government today.

“Many of the most notorious ransomware gangs are suspected to operate out of Russia and the consensus among cybersecurity experts is that Russian cyber criminals are allowed to conduct their operations, so long as they don’t target Russians.”
Ransomware: Russia told to tackle cyber criminals operating from within its borders | ZDNet

Darkside is a profitable business.
What We Know About Darkside Ransomware and the US Pipeline Attack (trendmicro.com)

Hi, so I’m going to show you how to use nmap, the free port scanner, along with zenmap, the graphical front-end of nmap available at the same download page (the Windows self-installer includes everything). Ports are the little doors, so to speak, to your computer where different services run. Ports are numbered 1-65535 and certain port numbers are reserved for certain services, like http (webpages) at port 80 and https (secure webpages) at 443.

Below you need to enter the IP for the computer you want to scan (I entered the IP for the computer I am on: 127.0.0.1 (or “localhost”)). Then choose the type of scan you want under “Profile.” (I chose “Quick scan” for this demo.) Then click “Scan.”

Above you see the list of ports by number and the service running. Under “State” you will by default not see the state of that port on Windows. However, you can put these flags (options that start with “-“) to get better, more verbose results: “nmap -sT -T4 -A -v -Pn 127.0.0.1” My sample scan below.

Here the ports say “open” (green text) if they are responding completely.

This is a promising governmental collab: Ransomware: US recovers millions in cryptocurrency paid to Colonial Pipeline hackers – CNNPolitics