Security

26K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

New Offensive USB Cable Allows Remote Attacks over WiFi

Be careful where you buy your USB cables folks

https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/


4
LVL 49

Expert Comment

by:noci
Hopefully not to late to learn... ;-)

Many people considder USB to be some Serial cable like they used to have for Modems, Printers etc.
USB really is a multi-drop networking standard. And it provides for all kind of adapters like Storage Nodes, Network "routers" (=Usb Ethernet ...), Network camera's (photo equipment), ...
So USB sticks are more like a NAS on a private network then a Disk onto a Pata/Sata cable.  The difference is they have no configuration items on most USB equipment.
(Rather like the original SCSI standard, only serial).

The Poison Tap (short version) provides a network adapter, with DHCP and it will provision a network with netmask 0 (so ALL packets sent by your system [ except for the local network you PC is connected to ] go to the PoisonTap..). Which also runs a transparant proxy to hijack connections.  and will inject code back into the browser to redirect ALL access through another public site. After the PoisonTap is removed the attack still persists. Allowing an attacker to keep on tapping authentication data.
1
LVL 28

Author Comment

by:Andrew Leniart
Hopefully not to late to learn...
Never too late to learn something new noci. I live by that rule :)
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Interesting documentary available on Hulu and Netflix right now called Zero Days. It gives a high level analysis of the Stuxnet virus which was apparently engineered to specifically target the Siemen's logic controllers used in Iran's nuclear centrifuges.
0
LVL 49

Expert Comment

by:noci
Also available on YouTube:

https://www.youtube.com/watch?v=J50bUcf8gfc     [ Spanish Subtitles ]
1
Stop using Internet Explorer, warns Microsoft's own security chief

https://www.telegraph.co.uk/technology/2019/02/08/stop-using-internet-explorer-warns-microsofts-security-chief/

Heads up for those of you that might be doing so.
4
LVL 111

Expert Comment

by:John
Fuller quote from the bottom of the article (and I have read others like it)

""We want you to use IE for the sites that need it - what I'm trying to say here is that I hope you don't use it for everything else,” Mr Jackson said in a comment on the blog post.
Microsoft will end support for Internet Explorer 10 in January 2020, while Internet Explorer 11 will remain as the final iteration of the software."

Some servers do not have (and have not been able to update to) IE 11.  This was not in the article but I have read it along with the statement that Server updates would be revised to use IE 11. I am not sure about Server 2008 but certainly Server 2012.
0
LVL 27

Expert Comment

by:Brian B
The headline is somewhat sensational, the message is just good security practice.
1
I'm looking for a cybersecurity-oriented managed service provider that will monitor a single Windows webserver for a small business that will be launching a web app soon. Most MSPs have a minimum that is too expensive for this organization. Any ideas on firms that will take a client that small, are reasonable and provide good service?
0
LVL 21

Expert Comment

by:Lucas Bishop
Depending on what type of monitoring you need, the Experts Exchange Business Account monitoring tool might give you what you're looking for:
https://www.experts-exchange.com/business.jsp#analysis
2

Author Comment

by:Ed Eckenstein
Sounds interesting. I will look into it.
Thanks!
0
Warning - A respectable looking scam attempt

I get scam attempt emails all the time, however, this one caught my eye due to how cleverly it's been put together. An almost perfect reproduction of a genuine Energy Australia electricity bill. Two screw-ups from this particular scammer though - An invalid "From:" email address and the Copyright statement at the bottom of the bill is dated 2017.

Other than those two mistakes, it is an almost perfect reproduction that I fear would fool the majority of technically challenged users. Even the Sign in to My Account etc. links are genuine. Take a look at this:

EnergyAustralia Scam
















The "view your bill" link is bogus and hyperlinks to the following address, which I've purposely mangled to make it unclickable.

h t t p: // org155 DOT outdoorjacketstore DOT com / route / b65ffaead5b87a47

Give a heads up to your folks if you still have them, as well anyone else you think might benefit from this information.

Hope that's helpful.

Regards, Andrew
1
https://www.computerworld.com/article/3005184/encryption/bitlocker-encryption-can-be-defeated-with-trivial-windows-authentication-bypass.html
Wow. Just came across this by chance. I can't believe I missed that one back in 2015. The article describes, that due to bad design, windows (all versions) allowed attackers at the logon screen to break in without knowing the password of your domain user account.

I consider myself very well-informed when it comes to computer security and I did not know this. How did Microsoft manage that this did not start a giant outcry, back then? Must be, because the security advisory simply does not even rate this "critical"!
0
Saw this a while ago and just came across it again. I think it's too good not to share. Enjoy...  :)

IT Emergency
5
LVL 21

Expert Comment

by:Lucas Bishop
I follow the same procedure when I mis-send an email.
2
LVL 13

Expert Comment

by:Prabhin MP
even me follow the same.

this note can save your entire organization during cyber attack
0
Changing the default password on your router will only be the first step for securing your network soon

https://www.zdnet.com/article/hacking-attacks-on-your-router-why-the-worst-is-yet-to-come/
1
LVL 21

Expert Comment

by:Lucas Bishop
Yeah, I can't recommend it enough. I'm hoping in my spare time I can write up a review of it here.

Some highlights:
802.11AC + 802.11bgn
3000Mbps throughput
3 Radios (1, 2.4 and 2, 5.0)
4x4 MU-MIMO
Beamforming
Mesh
Six Antennas
DFS Bands

One of the main reasons I picked it up though was the parental control features that are built in. Almost every other router I researched, required you to subscribe to a third party parental control service (ex. Circle by Disney or OpenDNS Parental Controls). So I'd go and review those services and see nothing but problems. I even tried using OpenDNS on my router (Netgear at the time) and then when I found it to be substandard, it wouldn't uninstall -- forcing me to factory reset.

Meanwhile the Gryphon comes with parental controls integrated by default at no extra cost. Then on top of that it has ESET's malware detection built in (costs $9.99 after the first year) and a variety of other features that should be (imo) part of all routers -- like the ability for the router to detect if an IoT device is suddenly acting like it's been infected by malware and isolating it from the network.

I'm at the point where I expect my router to be the strongest piece of hardware when it comes to home security and this Gryphon is the first one I've found where I actually believe it's holding up its end of the bargain, without me having to manage iptables.
0
LVL 28

Author Comment

by:Andrew Leniart
Yeah, I can't recommend it enough. I'm hoping in my spare time I can write up a review of it here.

Along with some of your personal experiences with using it, that would be a very welcome addition to our articles database Lucas.
0
I have been looking into scripts that record everything you may do on many websites and found what I consider to be the best answer to the problem.  The ad blocker plugin AdBlock Plus (ABP) has been updated to block all the scripts that were found in the Princeton study of websites that run these scripts (see this page for a complete explanation).
3
LVL 28

Expert Comment

by:Andrew Leniart
Cool, I use that plugin already.

BTW... I shared that post you made on LinkedIn here as well :)
1
This was originally shared by Thomas Zucker-Scharff on LinkedIn, but I thought it worthy of sharing here as well.

https://www.linkedin.com/feed/update/activity:6484900450318503936/

https://s3.amazonaws.com/ftt-uploads/wp-content/uploads/2017/11/15012417/user_replay_fullstory_demo.mp4



Quite a scary revelation. The question now is how to detect any website using such scripts?
0
CEOs need to know what they should worry about
CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

Australian SMS Scam Alert

https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud/scam-alerts

Australia Post is aware that fraudulent SMSs are circulating advising customers that their address has been drawn, that results are in, that you are 1 of 5 lucky winners and then prompting you to click on a link.



The SMS asks you to click on a link that isn't related to Australia Post. The below examples lead to various scam websites and should not be trusted.



After completing the questions they will direct you to a ‘reward’ which asks for your banking information. Please do not provide your banking information – it’s how scammers can take money from your accounts.
1
LVL 25

Expert Comment

by:Alan
Makes sense - thanks.

Alan.
0
LVL 21

Expert Comment

by:Lucas Bishop
If I had to guess, this scenario:

direct you to a ‘reward’ which asks for your banking information

Is some kind of phishing attempt where they tell you that you just won something, but you need to login to your bank's website to complete the process of receiving your earnings. You're probably shown a screen that looks like your banks website and if you input any information into it, they've just figured out your bank information. Similar to what you see here:
http://www.phishing.org/phishing-examples
2
US Postal Service exposed data of 60 million users

https://techcrunch.com/2018/11/26/the-us-postal-service-exposed-data-of-60-million-users/

A broken U.S. Postal Service API exposed more than 60 million users by allowing a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS.
2
BIOS Flash Updates

Over the years, I've had BIOS updates totally ruin a couple of mainboards on me that I had to replace at my own expense for client machines I was working on, so I tend to shy away from flash updating any BIOS unless I see a specific need to do so to address a specific problem a machine is having.

I do the same with my own computers, so it was with a little trepidation that I decided to update the BIOS on my self-built Windows 10 machine today - necessary because of the recent security flaw that was discovered and I found it addressed.

So for those of you using this now relatively out dated mainboard that I have: Intel Corporation DH67CL - I can say that you can go ahead and use the 2018 Flash update available for it with confidence. No ill effects from my own experience.

This has been a community service announcement! :-)
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
0
Bankrupt Company's Data Resold on Craigslist

Heads up for any members who have ever purchased through NCIX. Looks like their server equipment was sold off without being scrubbed.
This is a good reminder about letting a third party store your credit card data.
https://nakedsecurity.sophos.com/2018/09/24/bankrupt-ncix-customer-data-resold-on-craigslist/
2
LVL 49

Expert Comment

by:noci
They can sell the data to any company that continues the business (as a whole)  in one part.  (restart of business with new owners)...
(that is data that will still be used for what it was provided for.... ) Data is NOT provided for anything else then conducting business with THIS company.   (If EU customers are part of the data GDPR is important here, or even if non-EU citizens did business from the EU).
So there is no license on the data for a lot of different things.
0
LVL 49

Expert Comment

by:noci
The new  owner of the data ALSO inherrits this license/restriction on the data is not that  the data is free for all after it has been flogged off... (In legal theory...,  i am afraid it will be a free for all in practice).
0
2
LVL 28

Author Comment

by:Andrew Leniart
Email digests from 2018 were also leaked, unfortunately. Regardless of dates though, I feel it's a good idea to change passwords whenever a security breach has occurred - as well as enable 2FA if not already done so.
0
LVL 19

Expert Comment

by:Kyle Santos
I read that two factor authentication is the reason this leaked happened in the first place haha.  rip reddit admin who used his personal cell phone to protect reddit's data mine.
0
TIP  SECURITY  ENCRYPTION & CERTIFICATES

In-place upgrade of encrypted Windows systems using reflectdrivers

Apparently since Win10 v1607 there exists a parameter "/reflectdrivers" in the Windows setup (setup.exe on the DVD / USB stick) see https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options

This can be used to tell Setup the location of the encryption drivers (eg Veracrypt) and finally be able to perform upgrades without decrypting!

The Veracrypt developer shares this in a forum post and gives a syntax example for his product:

setup.exe /ReflectDrivers "C:\Program Files\VeraCrypt" /PostOOBE C:\ProgramData\VeraCrypt\SetupComplete.cmd

Open in new window

1
Acronis Global Cyber Summit 2019 in Miami
 Acronis Global Cyber Summit 2019 in Miami

The Acronis Global Cyber Summit 2019 will be held at the Fontainebleau Miami Beach Resort on October 13–16, 2019, and it promises to be the must-attend event for IT infrastructure managers, CIOs, service providers, value-added resellers, ISVs, and developers.

Andy's VMware vSphere tip#8: Spectre and Meltdown....Have you patched your server yet? It's almost 5 months since this Security Flaw was found in Intel CPUs, and we are still finding many VMs, and Hosts in the wild which are still not patched!

Remember this actually requires a little bit of work... To successfully patch against Spectre and Meltdown, you must:-

1. Update the BIOS and Firmware, and maybe CPU microcode in the Host ESXi Server. Some BIOS updates update the microcode for you. Check with your Server Vendor, some server vendor have been very slow to release new BIOS/Firmware/Microcode updates, and some servers may be now end of life, as server vendor may not release new code.

2. Update vCenter Server to 6.5 U1g, 6.0 U3e or 5.5 U3h.

3. Update the ESXi Build to the latest versions

ESXi 6.5: ESXi650-201803401-BG* and ESXi650-201803402-BG**
ESXi 6.0: ESXi600-201803401-BG* and ESXi600-201803402-BG**
ESXi 5.5: ESXi550-201803401-BG* and ESXi550-201803402-BG**

4. Update VMware Tools and all virtual machine hardware versions to 11.

5. Update Guest VM with latest updates.

6. You can then sit back, you are patched!

https://kb.vmware.com/s/article/52085

https://blogs.vmware.com/services-education-insights/feed-items/meltdown-and-spectre-vmware-patches#

https://blogs.vmware.com/feed-items/vmware-releases-patches-for-meltdown-and-spectre-bug/

If you need to discuss this further please, post a question to the VMware topic area.
1
Andy's VMware vSphere tip#5: Best Practice and Security Hardening ? HOW... easy as 1...2...3...

How about using some Automated VMware expertise, like having a VMware Consultant on hand, every minute of the day to ensure your VMware vSphere environment, is following best practices and security hardening guidelines to protect your environment, also has the ability to monitor VMware vSphere Hypervisor logs in real time for VMware KBs. We've been using and following this small startup for a few years now. Let me introduce you to Runecast Analyzer.

2018-05-24-10_41_44-Runecast-_-Web-c.png
https://www.runecast.biz/

Download a 14 Day Trial and take it for a spin.

We would not recommend it, if we didn't use it!

So there is no no excuse to quickly scan your environment for FREE, and see what you need to change!

PS Tell them Andy sent you.....you may get a discount!!!
0

Expert Comment

by:Alba Richi
Very interesting, thank you!
0
LVL 131

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
No problems follow me for more tips!
1
0

Expert Comment

by:Alba Richi
Thank you, I will definitely try your checklist!
1
LVL 6

Author Comment

by:Adrian McGarry
If you like the checklist, try our GDPR product
0
2

Expert Comment

by:Alba Richi
Thanks for the link.
0
https://blogs.technet.microsoft.com/mniehaus/2018/05/02/new-upgrade-to-windows-10-1803-without-suspending-bitlocker/

Microsoft is re-tightening security after tearing open a huge security hole themselves, long ago. They are offering to disable a problematic behavior that they have introduced years ago, which was heavily criticized, but somehow manage to make it sound like "going forward". Thing is, the ability to auto-suspend when upgrading was there before - IT WAS THE PROBLEM.

Interesting read for WSUS/SCCM admins who want to deploy feature upgrades.
1
LVL 111

Expert Comment

by:John
Thank you for posting this. On my machine, I have Opal 2 and my understanding from Microsoft (Redmond Global MVP Summit) is that BitLocker is not needed here so I have not implemented it.

Interesting read and thanks again.
0
0

Security

26K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.