Security Software & Tools Tips – October 2018 October 1, 2018/in IT security, Security blog /by stefan mansbyIn this monthly post we try to make you aware of five different security related products. This is a repost from my personal website Ulyaoth. This month we have chosen the following: * Hiawatha * Shodan * GRR * Cloudfail * AbuseIO Hiawatha Hiawatha is a cool lightweight webserver that has a very easy syntax to configure it. The maker of Hiawatha has written the webserver with security in mind, so it provides out of the box support for stopping SQL injections, XSS and CSRF attacks and exploit attempts. We think Hiawatha is a great secure alternative for Apache or Nginx. From the Hiawatha website: Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn’t like them. They had illogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver. Website: https://www.hiawatha-webserver.org/ Shodan Shodan is a website where you can scan internet connected devices for open services. This is a great tool to find out if your organization has any services exposed to the internet that might be a security risk. From wiki: Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client. Website: https://www.shodan.io/ GRR GRR (Rapid Response) framework is a server client software that allows you to do live forensics on remote servers. From their website: GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. Website: https://github.com/google/grr Cloudfail From their website: CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. * Misconfigured DNS scan using DNSDumpster. * Scan the Crimeflare database. * Bruteforce scan over 2500 subdomains. Website: https://github.com/m0rtem/CloudFail AbuseIO This piece of software gives you a web interface that imports most important feeds such as shadowserver and spamcop, you can then see this information in a easy and relevant way. This is a great tool to automate and improve the abuse handling process. From their website: It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO’s purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process. Website: https://abuse.io/download/ Photo by Liam Tucker on Unsplash https://basefarm.nl/wp-content/uploads/2018/03/aws.jpeg 1667 2500 stefan mansby /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png stefan mansby2018-10-01 14:49:062018-10-05 10:42:22Security Software & Tools Tips – October 2018
How a Web Application Firewall can protect against bad coding September 28, 2018/in IT security, Security blog /by basefarmYou might think, and you could even be right in that your own web application is perfectly written with zero bugs, so that no attacker can obtain information they should not be able to. But what about the software surrounding your web application? Unfortunately, this software often is things you don’t have control over like frameworks, web servers, operating systems, and sometimes even hardware. Read more https://basefarm.nl/wp-content/uploads/2018/10/internet-3629639-1030x687.jpg 687 1030 basefarm /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png basefarm2018-09-28 15:35:112018-10-22 14:13:39How a Web Application Firewall can protect against bad coding
Hackers Turn to Python as Attack Coding Language of Choice September 28, 2018/in IT security, Security blog /by stefan mansbyThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Hackers Turn to Python as Attack Coding Language of Choice “More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.” Read more.. Top 5 Security links Twitter patches bug that may have spilled users’ private messages Security Flaw Found in Apple Mobile Device Enrollment Program LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group Perimeter Defenses are Dead, So Now What? Data Protection, Security and Shared Responsibility: What You Need to Know about Amazon Web Services https://basefarm.nl/wp-content/uploads/2018/09/Hackers-Turn-to-Python-as-Attack-Coding-Language-of-Choice-1030x712.jpg 712 1030 stefan mansby /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png stefan mansby2018-09-28 10:53:112018-10-05 10:42:51Hackers Turn to Python as Attack Coding Language of Choice
Thousands of breached websites turn up on MagBo Black market September 21, 2018/in IT security, Security blog /by abel de kat angelinoThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Thousands of breached websites turn up on MagBo Black market The research team said it has shared its findings with law enforcement and victims are being notified. A newly-discovered underground marketplace has been peddling access to more than 3,000 breached websites, catering to hackers hungry for valuable data and the ability to launch a range of attacks on unsuspecting site visitors. Advertisements for the Russian-speaking marketplace called MagBo were first posted on a top-tier hacking forum in March, according to researchers at Flashpoint. Upon further investigation, the research team found that details for thousands of breached websites were for sale on MagBo. “This particular market is populated by a more than a dozen vendors and hundreds of buyers who sell and take part in auctions in order to gain access to breached sites, databases and administrator panels,” said Vitali Kremez, a researcher with Flashpoint in a Wednesday post. Top 5 Security links NCIX DataBreach The effectiveness of publicly shaming bad security Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges FBI wants to keep “helpful” Mirau botnet authors around Flaw in 4GEE WiFi modem could leave your computer vulnerable https://basefarm.nl/wp-content/uploads/2018/04/social-engineering-e1524570732579.jpeg 1333 2000 abel de kat angelino /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png abel de kat angelino2018-09-21 11:19:392018-10-05 10:43:12Thousands of breached websites turn up on MagBo Black market
5 tips for better cloud security September 14, 2018/in IT security, Security blog /by trond hagenThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Read more https://basefarm.nl/wp-content/uploads/2018/10/internet-3629639-1030x687.jpg 687 1030 trond hagen /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png trond hagen2018-09-14 11:55:382018-10-05 10:43:225 tips for better cloud security
Blocking cyber attacks; Why you should understand adversary playbooks September 7, 2018/in IT security, Security blog /by hans-petter fjeldThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). It’s time to get off the treadmill: Why you should understand adversary playbooks “Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.” Read more.. Top 5 Security links Scrappy ‘Silence’ Cybercrime Gang Refines Its Bank Attacks USB Drives shipped with Schneider Solar Products were infected with malware Spyware Company Exposed ‘281 Gigabytes’ of Children’s Photos Online Mikrotik routers pwned en masse, send network data to mysterious box Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy https://basefarm.nl/wp-content/uploads/2018/10/joel-fulgencio-715381-unsplash-1030x587.jpg 587 1030 hans-petter fjeld /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png hans-petter fjeld2018-09-07 10:17:202018-10-05 10:44:42Blocking cyber attacks; Why you should understand adversary playbooks
Check for the Security-First Mindset Across All Teams August 31, 2018/in IT security, Security blog /by stefan mansbyCheck for the Security-First Mindset Across All Teams “Embedding security as a way of life is not a one-time event. It requires ongoing education through a variety of channels. Setting the tone from executive leadership is key, but this must be reinforced by direct management and across peer groups.” Read more.. Top 5 Security links Chinese hotel chain warns of massive customer data theft Instagram’s New Security Tools are a Welcome Step, But Not Enough Cryptocurrency Scams Replacing Ransomware as Attackers’ Fave Android system broadcasts enable user tracking Active Exploitation of New Apache Struts Vulnerability CVE-2018-11776 Deploys Cryptocurrency Miner https://basefarm.nl/wp-content/uploads/2018/06/pci-dss.jpg 1667 2500 stefan mansby /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png stefan mansby2018-08-31 12:43:142018-10-05 10:44:49Check for the Security-First Mindset Across All Teams
What we learned from DEF CON 26 August 27, 2018/in IT security, Security blog /by hans-petter fjeldCyber security is increasingly important to companies. We went to DEF CON to see what the hackers were doing. Read more https://basefarm.nl/wp-content/uploads/2018/06/outline-2.jpg 525 2500 hans-petter fjeld /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png hans-petter fjeld2018-08-27 08:44:242018-10-05 10:45:21What we learned from DEF CON 26
Security is Not a One-Person Job August 24, 2018/in IT security, Security blog /by stefan mansbySecurity is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company. “Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people. Read more.. Top 5 Security links New Apache Struts Vulnerability Leaves Major Websites Exposed Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!) Intel rips up microcode security fix license that banned benchmarking $1.1M is Lost to Cybercrime Every Minute of Every Day Evolution of Android Security Updates https://basefarm.nl/wp-content/uploads/2018/10/achievement-agreement-arms-1068523-1030x674.jpg 674 1030 stefan mansby /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png stefan mansby2018-08-24 10:14:072018-10-05 10:46:16Security is Not a One-Person Job
TLS 1.3 – Internet Security Gets a Boost August 17, 2018/in IT security, Security blog /by trond hagenTLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance. 10. august marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications. We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted. TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet. An Overview of TLS 1.3 – Faster and More Secure Top 5 Security links Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered Google Tracks Android, iPhone Users Even With ‘Location History’ Turned Off The Norwegian National Security Authority (NSM) establishes the National Cyber Security Center Google Chrome Bug Opens Access to Private Facebook Information Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup https://basefarm.nl/wp-content/uploads/2018/10/TLS1.3-Badge-1030x443.png 443 1030 trond hagen /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png trond hagen2018-08-17 12:59:302018-10-05 10:50:29TLS 1.3 – Internet Security Gets a Boost