You are here
Home > Be Aware

Cyberbit discovers international airport riddled with Bitcoin-mining malware

I often have to demonstrate how 'traditional' AV can be bypassed. For example, if you want to steal credentials using mimikatz or similar, you can run it in memory with no files present on the target device. It looks like someone has been making money at airports using similar techniques...: Cyberbit says its computer security software helped uncover a large infection of cryptocurrency mining software at an unnamed "international airport in Europe" where the majority of work

Linux security hole: Much sudo about nothing

Nothing to see here, move along...: [...] As the sudo manual points out, "using ALL can be dangerous since in a command context, it allows the user to run any command on the system." In all my decades of working with Linux and Unix, I have never known anyone to set up sudo with ALL. That said, if you do have such an inherently broken system, it's then possible to run commands as root by specifying the user ID -1 or 4294967295. Thus, if the ALL keyword is listed first in t

Security pro confessional: The time I almost got hacked

I've done some stupid things in the past but generally my scepticism prevents clicking on dodgy links (unless from a fully sandboxed, disposable virtual machine that gets destroyed afterwards). Looks like I'm not alone...: [...] I travel often, and on occasion I head to states with plenty of toll roads. Back in 2016 I'd recently traveled to Northern Virginia, New Jersey, and New York all within a couple of weeks. I returned home and about a week later I got the email below (

Chubb: 2019’s ransomware attacks already outpacing 2018

Fallback Image

This is probably no surprise to anyone. I wonder if there's any study of resilience improvements in the light of this ransomware upsurge...: [...] According to the 2019 third quarter edition of Chubb’s Cyber InFocus Report entitled “Adapting to the New Realities of Cyber Risks,” the number of ransomware attacks for 2019 is already overtaking the total number of incidents in 2018. Citing the company’s previous Cyber Index report, the new report says that malware claims record

Q&A: Veracode on automation and how to tackle cyber attacks in aviation

From this (my highlighting), I guess that very few airport and airline applications have any form of threat modelling carried out during their development...: [...] Why are airlines and airports so unprepared? Over the last 20 years an awful lot of attention – and quite rightly – has been paid to physical security, and ensuring that we have the tech in place to prevent a physical attack. Now, we need to ensure that we’re giving due attention and focus to preventing cybers

Malware takes down some Pitney Bowes systems

It's early days, but this looks serious as it affects the core offer to Pitney Bowes' customers. Let's hope they have good backups and a well-rehearsed recovery plan...: [...] Pitney Bowes said the attack has encrypted some corporate information and disrupted customer access to certain services, but at this time the company does not believe any customer or employee information has been exfiltrated from its network. Company executives have made no mention of a ransom being de

Malware That Spits Cash Out of ATMs Has Spread Across the World

Not fun if you're a bank with an ATM network...: At 10am on a late November morning in Freiburg, Germany, a bank employee noticed something was wrong with a bank ATM. It had been hacked with a piece of malware called "Cutlet Maker" that is designed to make ATMs eject all of the money inside them, according to a law enforcement official familiar with the case. "Ho-ho-ho! Let's make some cutlets today!" Cutlet Maker's control panel reads, alongside cartoon images of a ch

Imperva Details Response to Customer Database Exposure

This is an easy mistake to make. Developer often copy the 'real' database and don't always have the same security controls as production systems. Take a look at your own developers (especially 3rd parties) and check what they're doing and establish some controls to scan for sensitive data that's exposed to the internet...: [...] I’ll start by going back to 2017 when our Cloud WAF, previously known as Incapsula, was under significant load from onboarding new customers and mee

iTunes Zero-Day Exploited to Deliver BitPaymer

Mildly ironic that Apple has dropped iTunes from the MacOS platform. Update now...: The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer. [...] BitPaymer operators are sophisticated and savvy in launching attacks. A month before they discovered the iTunes zero-day, Morphisec researchers saw the group creating new variants of the ransomware before planting it on a target network, making detecti

Patching as a social responsibility

Microsoft and NIST have ongoing research into the behaviours around keeping systems up to date. I'm in the 'update everything all the time and deal with breakages as they occur' camp but the more sensible approach for most organisations is to apply patches to a testbed and test against business critical applications before rolling out. What's your approach?...: [...] While the discussions mostly went in expected directions, we were surprised at how many challenges organizati