Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665

Loveable Security: Flee’s approach to cybersecurity is that is should be “loveable.” He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw665

The post Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665 appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-5/?utm_source=rss&utm_medium=rss&utm_campaign=lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-5

Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665

Loveable Security: Flee’s approach to cybersecurity is that is should be “loveable.” He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw665

The post Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665 appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-4/?utm_source=rss&utm_medium=rss&utm_campaign=lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-4

NSA warning on location data exposure: your web browser is a liability

The National Security Agency issued a warning that exposed location data from mobile devices can pose a security risk for government personnel.

The post NSA warning on location data exposure: your web browser is a liability appeared first on Security Boulevard.

Read More

The post NSA warning on location data exposure: your web browser is a liability appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/nsa-warning-on-location-data-exposure-your-web-browser-is-a-liability/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-warning-on-location-data-exposure-your-web-browser-is-a-liability

Chinese APT TA413 Found Distributing Sepulcher Malware

Proofpoint researchers observed a phishing campaign by a Chinese APT who deploys a new malware dubbed Sepulcher that is designed for intelligence collection from its targets.
Read More

The post Chinese APT TA413 Found Distributing Sepulcher Malware appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/chinese-apt-ta413-found-distributing-sepulcher-malware/?utm_source=rss&utm_medium=rss&utm_campaign=chinese-apt-ta413-found-distributing-sepulcher-malware

Beware! Joker Playing Tricks On Play Store

Google kicked out six apps from Play Store that simulated clicks and intercepted SMS to subscribe to unwanted paid premium services, unbeknownst to the infected users.
Read More

The post Beware! Joker Playing Tricks On Play Store appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/beware-joker-playing-tricks-on-play-store/?utm_source=rss&utm_medium=rss&utm_campaign=beware-joker-playing-tricks-on-play-store

Google Cloud Under Siege

It’s no secret that popular cloud and web services are a prime target for hackers to host phishing sites. The highly reputable domains and infrastructures used by these cloud services provide a perfect cover to hide phishing footprints. Long gone are the days when catching phishing was as easy as blocking all newly registered domains. […]

The post Google Cloud Under Siege appeared first on Security Boulevard.

Read More

The post Google Cloud Under Siege appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/google-cloud-under-siege/?utm_source=rss&utm_medium=rss&utm_campaign=google-cloud-under-siege

Is Retail Sector the New Hotspot for Cybercriminals?

As a result of the COVID-19 pandemic, the harsh reality of not assessing cybersecurity risk while venturing or expanding online retail business has put consumers at risk of exposure.
Read More

The post Is Retail Sector the New Hotspot for Cybercriminals? appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/is-retail-sector-the-new-hotspot-for-cybercriminals/?utm_source=rss&utm_medium=rss&utm_campaign=is-retail-sector-the-new-hotspot-for-cybercriminals

DEF CON 28 Safe Mode Red Team Village – Ryan Ekins’ ‘Notebooks Datasets & Clouds For Automation’

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Red Team Village – Ryan Ekins’ ‘Notebooks Datasets & Clouds For Automation’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Red Team Village – Ryan Ekins’ ‘Notebooks Datasets & Clouds For Automation’ appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/def-con-28-safe-mode-red-team-village-ryan-ekins-notebooks-datasets-clouds-for-automation/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-red-team-village-ryan-ekins-notebooks-datasets-clouds-for-automation

60% Rise in Girls Applying to NCSC’s CyberFirst Summer Courses

There has been a 60% increase in the number of girls applying for online cybersecurity skills courses this year compared to 2019, according to National Cyber Security Centre (NCSC), a part of GCHQ.
Read More

The post 60% Rise in Girls Applying to NCSC’s CyberFirst Summer Courses appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/60-rise-in-girls-applying-to-ncscs-cyberfirst-summer-courses/?utm_source=rss&utm_medium=rss&utm_campaign=60-rise-in-girls-applying-to-ncscs-cyberfirst-summer-courses

Social Media: Thwarting The Phishing-Data Goldmine

Cybercriminals can use social media in many ways in order to trick employees.
Read More

The post Social Media: Thwarting The Phishing-Data Goldmine appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/social-media-thwarting-the-phishing-data-goldmine/?utm_source=rss&utm_medium=rss&utm_campaign=social-media-thwarting-the-phishing-data-goldmine

U.S. Department of Defense discloses critical and high severity bugs

The flaws were reported in August and July. They could allow attackers to hijack a subdomain, execute arbitrary code remotely, or view files on the affected machine.
Read More

The post U.S. Department of Defense discloses critical and high severity bugs appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/u-s-department-of-defense-discloses-critical-and-high-severity-bugs/?utm_source=rss&utm_medium=rss&utm_campaign=u-s-department-of-defense-discloses-critical-and-high-severity-bugs

Sophistication of Botnet Attacks Continues to Evolve

In recent years, botnet attacks have become unmanageable due to the advent of new vulnerability exploits to impact millions of devices, and sophisticated evasion techniques to avoid detection.
Read More

The post Sophistication of Botnet Attacks Continues to Evolve appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/sophistication-of-botnet-attacks-continues-to-evolve/?utm_source=rss&utm_medium=rss&utm_campaign=sophistication-of-botnet-attacks-continues-to-evolve

Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665

Loveable Security: Flee’s approach to cybersecurity is that is should be “loveable.” He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw665

The post Lovable Security: Be a Data Custodian, Not a Data Owner – Fredrick “Flee” Lee – PSW #665 appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-3/?utm_source=rss&utm_medium=rss&utm_campaign=lovable-security-be-a-data-custodian-not-a-data-owner-fredrick-flee-lee-psw-665-3

Hackers delete Bykea database, company avoids data loss due to backups

The management believes attackers wanted to exploit the server’s computational data to mine for cryptocurrencies. Or else, they tried to copy the data to either sell or use it for demanding ransom.
Read More

The post Hackers delete Bykea database, company avoids data loss due to backups appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/hackers-delete-bykea-database-company-avoids-data-loss-due-to-backups/?utm_source=rss&utm_medium=rss&utm_campaign=hackers-delete-bykea-database-company-avoids-data-loss-due-to-backups

XKCD ‘Stellar Evolution’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘Stellar Evolution’ appeared first on Security Boulevard.

Read More

The post XKCD ‘Stellar Evolution’ appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/xkcd-stellar-evolution/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-stellar-evolution

ESET research dissects KryptoCibule malware family – Week in security with Tony Anscombe

ESET researchers dissect a malware family that they named KryptoCibule and that uses the victim’s resources to mine digital coins, hijacks transactions by replacing wallet addresses in the clipboard, and exfiltrates cryptocurrency-related files. After the COVID-19 pandemic has prompted many of us to create accounts on various video-chatting apps, including Houseparty, it might be a good time to audit what apps you no longer use and delete your accounts with the services. Microsoft has announced a new tool called Microsoft Video Authenticator that’s designed to identify deepfakes and help combat the proliferation of doctored media on the internet. For more information, go to WeLiveSecurity.com.

The post ESET research dissects KryptoCibule malware family – Week in security with Tony Anscombe appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/eset-research-dissects-kryptocibule-malware-family-week-in-security-with-tony-anscombe/?utm_source=rss&utm_medium=rss&utm_campaign=eset-research-dissects-kryptocibule-malware-family-week-in-security-with-tony-anscombe

Warner Music Hit by Months-Long Web Skimming Attack

Music recording powerhouse Warner Music Group has disclosed today a security incident that involved some of the company’s online stores.
Read More

The post Warner Music Hit by Months-Long Web Skimming Attack appeared first on Malware Devil.

https://malwaredevil.com/2020/09/04/warner-music-hit-by-months-long-web-skimming-attack/?utm_source=rss&utm_medium=rss&utm_campaign=warner-music-hit-by-months-long-web-skimming-attack

Metrics That Matter: Continuous Performance Optimization

To attract and retain customers, you must offer an exceptional digital experience. In an increasingly competitive business climate, organizations are fighting to maintain loyalty and keep users engaged online. The cost of switching is low, consumers are transient, and user expectations for how digital experiences should perform have never been higher.

The post Metrics That Matter: Continuous Performance Optimization appeared first on Security Boulevard.

Read More

The post Metrics That Matter: Continuous Performance Optimization appeared first on Malware Devil.

https://malwaredevil.com/2020/09/03/metrics-that-matter-continuous-performance-optimization/?utm_source=rss&utm_medium=rss&utm_campaign=metrics-that-matter-continuous-performance-optimization

🔴 LIVE: Security Weekly News #62

This week, Dr. Doug talks Snowden Vindicated? Hermain Cain tweets from beyond the grave, APT TA413, Iranian cats again, Carolyn Meinel, hard coded credentials, and KryptoCibule!

→Full Show Notes: https://www.wiki.securityweekly.com/swn62

→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly

The post 🔴 LIVE: Security Weekly News #62 appeared first on Malware Devil.

https://malwaredevil.com/2020/09/03/%f0%9f%94%b4-live-security-weekly-news-62/?utm_source=rss&utm_medium=rss&utm_campaign=%25f0%259f%2594%25b4-live-security-weekly-news-62

ESB-2020.3012 – [Ubuntu] kernel: Denial of service – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3012
                  USN-4486-1: Linux kernel vulnerability
                             2 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10323  

Reference:         ESB-2018.3020
                   ESB-2018.2515.3
                   ESB-2018.1335

Original Bulletin: 
   https://usn.ubuntu.com/4486-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4486-1: Linux kernel vulnerability
02 September 2020

The Linux kernel could be made to crash if it mounted a malicious XFS
file system.
Releases

  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Packages

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
  o linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
  o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o linux-image-4.4.0-1079-kvm - 4.4.0-1079.86
  o linux-image-4.4.0-1113-aws - 4.4.0-1113.126
  o linux-image-4.4.0-1138-raspi2 - 4.4.0-1138.147
  o linux-image-4.4.0-1142-snapdragon - 4.4.0-1142.151
  o linux-image-4.4.0-189-generic - 4.4.0-189.219
  o linux-image-4.4.0-189-generic-lpae - 4.4.0-189.219
  o linux-image-4.4.0-189-lowlatency - 4.4.0-189.219
  o linux-image-4.4.0-189-powerpc-e500mc - 4.4.0-189.219
  o linux-image-4.4.0-189-powerpc-smp - 4.4.0-189.219
  o linux-image-4.4.0-189-powerpc64-emb - 4.4.0-189.219
  o linux-image-4.4.0-189-powerpc64-smp - 4.4.0-189.219
  o linux-image-aws - 4.4.0.1113.118
  o linux-image-generic - 4.4.0.189.195
  o linux-image-generic-lpae - 4.4.0.189.195
  o linux-image-kvm - 4.4.0.1079.77
  o linux-image-lowlatency - 4.4.0.189.195
  o linux-image-powerpc-e500mc - 4.4.0.189.195
  o linux-image-powerpc-smp - 4.4.0.189.195
  o linux-image-powerpc64-emb - 4.4.0.189.195
  o linux-image-powerpc64-smp - 4.4.0.189.195
  o linux-image-raspi2 - 4.4.0.1138.138
  o linux-image-snapdragon - 4.4.0.1142.134
  o linux-image-virtual - 4.4.0.189.195

Ubuntu 14.04

  o linux-image-4.4.0-1077-aws - 4.4.0-1077.81
  o linux-image-4.4.0-189-generic - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-generic-lpae - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-lowlatency - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-powerpc-e500mc - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-powerpc-smp - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-powerpc64-emb - 4.4.0-189.219~14.04.1
  o linux-image-4.4.0-189-powerpc64-smp - 4.4.0-189.219~14.04.1
  o linux-image-aws - 4.4.0.1077.74
  o linux-image-generic-lpae-lts-xenial - 4.4.0.189.165
  o linux-image-generic-lts-xenial - 4.4.0.189.165
  o linux-image-lowlatency-lts-xenial - 4.4.0.189.165
  o linux-image-powerpc-e500mc-lts-xenial - 4.4.0.189.165
  o linux-image-powerpc-smp-lts-xenial - 4.4.0.189.165
  o linux-image-powerpc64-emb-lts-xenial - 4.4.0.189.165
  o linux-image-powerpc64-smp-lts-xenial - 4.4.0.189.165
  o linux-image-virtual-lts-xenial - 4.4.0.189.165

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2018-10323

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX085oONLKJtyKPYoAQj6ww/9EP/OpUiWXeFu2e0eHWoRlJZRo/KBmxi8
Wc2H6G6olMR7j7oRN3MP1uIBlDWTcYhTTnigGpf+OlProt5ilATvLXIsxhRPXfN2
7WClh90hQf95lI40uDf9TzLBQWlmOFJqIRxgKMn23TZbqZc5imwgeW16yE7RmsjY
v6eWqD0xgepzvAk8e9rI4hMY6E+JTIucPdRFBgG5O65RUjRyeduhxk3tuQTCIUkY
19DrdNHDB9sown9FrCQxWP6l7hvGxjKS0iq82zMpGdnZ5v5Ms8mrGuefU2CjKUFI
oBGXEgApSQNNrBwNvqxR2G6ADCIZ+rDyAcU0L+rP8vJICYBPtgEwsyH34wMlKojP
TE0pekGRwSgfddhxOyLgw0keYuVX4bIYjCp27nXbwGsjwzwSloJt4keNefNPcCtS
Un4dKpMJbXlz0s+rzf4JplkBJml0Y7uaXmBLEefr4E5RLGNC8MSo4LZIjacGtcoO
NSKo9M1cYmlNLQpOHdciG+Wqm8y94WFjDkYwzjdnR+s+6rpdMrZIQb1ccQTU2lWZ
EVbSXeN4G/U4va9ajKvcB6UGOpCLC2YYpWZeeYnkVIpRHIjXfG/ZE/BhyZi36L0a
bn7XAhhnHLkiVIkaf6Bh9RLO+k/ujEY4YJG7HjOmPA0N1A7kWWWrSuErNbrlXTPB
K1MAwt/3Quc=
=hu9T
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3012 - [Ubuntu] kernel: Denial of service - Existing account first appeared on Malware Devil.

https://malwaredevil.com/2020/09/02/esb-2020-3012-ubuntu-kernel-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3012-ubuntu-kernel-denial-of-service-existing-account