You are here
Home > Posts tagged "Dark Reading"

A Socio-Technical Approach to Cybersecurity’s Problems

In terms of damage to business reputation a social media 'attack' is up there with ransomware and denial of service. This is worth a read...: [...] Pablo Breuer, innovation officer at US Special Operations Command Donovan Group, and David Perlman, researcher at A Social Network, have developed an integrated view of socio-technical systems (STS) to which security principles can be applied. An STS consists of a social network, the population using it, and an output system (pol

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

A good way of prioritising vulnerabilities is to see what market value is placed on finding them via bug bounty programs. Maybe this should be the way you choose what to fix first...: Cross-site scripting (XSS) errors that allow attackers to inject malicious code into otherwise benign websites continue to be the most common web application vulnerability across organizations. Bug bounty firm HackerOne recently analyzed data on more than 120,000 security vulnerabilities rep...

GoldBrute Botnet Brute-Forcing 1.5M RDP Servers

Do you know if you are exposing RDP to the internet? Time to head over to shodan to see if they see you...: Security researchers are watching a new botnet, GoldBrute, which is currently brute-forcing a list of roughly 1.5 million remote desktop protocol (RDP) servers exposed online. The ongoing campaign is one of many scanning for vulnerable servers and using weak or reused passwords to access them. RDP has been making headlines since Microsoft disclosed "BlueKeep," a rem

Cognitive Bias Can Hamper Security Decisions

In a previous job we used to sigh every time there was an 'MGI' (Management Good Idea), usually prompted by the CEO having read something on the 'plane. I'm sure we can all recognise cognitive bias, or maybe not?...: It's a scenario commonly seen in today's businesses: executives read headlines of major breaches by foreign adversaries out to pilfer customers' social security numbers and passwords. They worry about the same happening to them and strategize accordingly – but...

Vulnerability Leaves Container Images Without Passwords

Worth checking if you run Docker containers. Is there a password for root?...: Nearly one in five of the most popular containers available on the Docker store have no password for root access. That's the finding of researcher Jerry Gamblin, building on work by researchers at Cisco Talos. The result could easily be hundreds of thousands of containers deployed with no functional password at all. The finding is important because containers, most frequently with Docker as the...

Emotet Made Up 61% of Malicious Payloads in Q1

If you needed any more proof of the criminalisation of the malware business...: Emotet, a form of malware previously classified as a banking Trojan but now considered a botnet, made up 61% of all payloads in the first quarter of 2019, Proofpoint researchers report. The data comes from Proofpoint's "Q1 2019 Threat Report." Researchers who have been tracking Emotet's evolution say its popularity is reflected in the growth of attacks using malicious URLs. In the first quarte...

Researcher Publishes Four Zero-Day Exploits in Three Days

She's not being very nice about Microsoft...: [...] Because the exploits cannot be used remotely, they are not as dangerous as some attacks, says Tripwire's Young. "Similar to past SandboxEscaper releases, these exploits are also local privilege escalations, meaning that attackers would use these only after gaining a foothold on a targeted system," he says. SandboxEscaper has gained a reputation for releasing LPE exploits with no warning. The researcher has posted repeated

New Software Skims Credit Card Info From Online Credit Card Transactions

Looks like I'm moving my clients away from Magento at the right time...: [...] The software, discovered by researcher Jérôme Segura at Malwarebytes, takes advantage of the popular retail practice of using a third-party credit card payment organization to facilitate credit card use. In this case, the software targets companies using Magento as their financial processing service provider. The malicious software inserts an iframe around the display code that would send the cust

Alphabet’s Chronicle Explores Code-Signing Abuse in the Wild

Just because an executable is 'signed' , it doesn't mean you can trust it...: [...] To highlight the prevalence of this trend and problems with trust-based security, Chronicle researchers used VirusTotal, an online virus/malware scanner that analyzes suspicious files that a machine's antivirus tools may have missed. They limited this project to Windows PE Executable files, filtered out samples with fewer than 15 aggregate detections, and "aggressively" filtered out grayware

New Intel Vulnerabilities Bring Fresh CPU Attack Dangers

I had a monster session of updating stuff yesterday. This is why...: A new family of speculative execution side-channel vulnerabilities has been found in Intel CPUs and researchers and vendors are split over how severe the flaws are and how easy they are to exploit. Even the name of the vuln family is a subject of disagreement among researchers, ranging from colorful to prosaic: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load), YAM (Yet Another Meltdown), and Intel's...