Network Security News Summary for Monday October 26 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday October 26 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/network-security-news-summary-for-monday-october-26-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-october-26-2020

State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19

Read Coveware’s prepared testimony on defending state and local
organizations from ransomware.

The post State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19 appeared first on Security Boulevard.

Read More

The post State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/state-and-local-cybersecurity-defending-our-communities-from-cyber-threats-amid-covid-19/?utm_source=rss&utm_medium=rss&utm_campaign=state-and-local-cybersecurity-defending-our-communities-from-cyber-threats-amid-covid-19

DEF CON 28 Safe Mode BioHacking Village – Lucia C. Savage’s ‘What’s Up With Proposed Privacy Legislation’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode BioHacking Village – Lucia C. Savage’s ‘What’s Up With Proposed Privacy Legislation’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode BioHacking Village – Lucia C. Savage’s ‘What’s Up With Proposed Privacy Legislation’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/def-con-28-safe-mode-biohacking-village-lucia-c-savages-whats-up-with-proposed-privacy-legislation/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-biohacking-village-lucia-c-savages-whats-up-with-proposed-privacy-legislation

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 300’

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Permalink

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 300’ appeared first on Security Boulevard.

Read More

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 300’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/robert-m-lees-jeff-haas-little-bobby-comics-week-300/?utm_source=rss&utm_medium=rss&utm_campaign=robert-m-lees-jeff-haas-little-bobby-comics-week-300

DEF CON 28 Safe Mode BioHacking Village – Veronica Schmitt’s ‘Medical Tech: How Do We Unf*ck Things’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode BioHacking Village – Veronica Schmitt’s ‘Medical Tech: How Do We Unf*ck Things’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode BioHacking Village – Veronica Schmitt’s ‘Medical Tech: How Do We Unf*ck Things’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/def-con-28-safe-mode-biohacking-village-veronica-schmitts-medical-tech-how-do-we-unfck-things/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-biohacking-village-veronica-schmitts-medical-tech-how-do-we-unfck-things

How Vulnerable Is Critical Infrastructure to a Cyberattack?

On Thursday Oct. 22, 2020, the Australian Home Affairs Minister Peter Dutton warned attendees at The Age‘s National Security Summit that they must prepare to counter prolonged and catastrophic cyberattacks on critical infrastructure that could disrupt entire industries. The message to Australia and the world: “The potential consequences of a successful attack could be catastrophic…

The post How Vulnerable Is Critical Infrastructure to a Cyberattack? appeared first on Security Boulevard.

Read More

The post How Vulnerable Is Critical Infrastructure to a Cyberattack? appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/how-vulnerable-is-critical-infrastructure-to-a-cyberattack/?utm_source=rss&utm_medium=rss&utm_campaign=how-vulnerable-is-critical-infrastructure-to-a-cyberattack

Video: Pascal Strings, (Sun, Oct 25th)

Programs written in the Object Pascal (Delphi) programming language, have their strings stored in the executable file as Pascal strings. A Pascal string (or P-string) is a string that is internally stored with a length-prefix: an integer that counts the number of characters inside the string.

When analyzing Delphi malware, it is useful to extract its Pascal strings (in stead of extracting all strings). You can do this now with an update to my strings.py tool.

I’ve also recorded a video showing this new feature:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Video: Pascal Strings, (Sun, Oct 25th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/video-pascal-strings-sun-oct-25th/?utm_source=rss&utm_medium=rss&utm_campaign=video-pascal-strings-sun-oct-25th

End that Zoom call and take a step back…

If you are the CISO of a mid-sized enterprise, end that zoom call and take a step back. You probably spent 60+ hrs in Zoom meetings this week. Your team has been working really hard over the last few months dealing with the change to a work-from-home workforce. Lots of sweat (and hopefully no blood). …

Read More

The post End that Zoom call and take a step back… appeared first on Security Boulevard.

Read More

The post End that Zoom call and take a step back… appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/end-that-zoom-call-and-take-a-step-back/?utm_source=rss&utm_medium=rss&utm_campaign=end-that-zoom-call-and-take-a-step-back

An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1, (Sat, Oct 24th)

I have well over 2 years of honeypot logs and only started seeing CensysInspect user-agent in my logs about 2 months ago. Most of us are familiar with Shodan and often use it to find what is or was exposed to the Internet. This is an alternative site to search the same data with 3 available search options, by IPv4, websites and certificates.

This is an example of what can be seen in webserver logs:

20201024-071114: 192.168.25.9:80-167.248.133.52:54072 data ‘GET / HTTP/1.1rnHost: 70.50.xx.xxrnUser-Agent: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)rnAccept: */*rnAccept-Encoding: gziprnrn’

Planning to do more than 10 queries per day, you need to register, it is free and check this page that show examples on how to to query de data.

This scanner works by grabbing banner and collecting all information being leaked by insecure devices which get categorized and stored for “research” purposes. According to their FAQ, it uses Zmap which “[…] can scan the entire public IPv4 address space in under 45 minutes.” and uses “ZGrab can perform a TLS connection and collect the root HTTP page of all hosts ZMap finds on TCP/443.” The information captured is like what Shodan provides:

This is an alternative to find Internet-facing systems, finding open ports and services that listen on a port. Censys probes for more than just the standard known ports. This is some of the ports starting with the top (total in 2 months > 1000 ports).

IP Ranges included in the probes:

74.120.14.33-74.120.14.52
162.142.125.23-162.142.125.57
167.248.133.33-167.248.133.52
192.35.168.193-192.35.168.251

[1] https://censys.io
[2] https://www.shodan.io
[3] https://censys.io/ipv4/help
[4] https://support.censys.io/hc/en-us/articles/360038378552-Frequently-Asked-Questions-FAQ
[5] https://zmap.io
[6] https://isc.sans.edu/ipinfo.html?ip=167.248.133.52

———–
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1, (Sat, Oct 24th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/an-alternative-to-shodan-censys-with-user-agent-censysinspect-1-1-sat-oct-24th/?utm_source=rss&utm_medium=rss&utm_campaign=an-alternative-to-shodan-censys-with-user-agent-censysinspect-1-1-sat-oct-24th

DEF CON 28 Safe Mode BioHacking Village – Meg Doerr’s ‘Cybersecurity Informed Consent 4 Medical Devices’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode BioHacking Village – Meg Doerr’s ‘Cybersecurity Informed Consent 4 Medical Devices’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode BioHacking Village – Meg Doerr’s ‘Cybersecurity Informed Consent 4 Medical Devices’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/def-con-28-safe-mode-biohacking-village-meg-doerrs-cybersecurity-informed-consent-4-medical-devices/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-biohacking-village-meg-doerrs-cybersecurity-informed-consent-4-medical-devices

Microsoft Image AI Increases Accuracy To Rival Humans

Skynet just took a step closer to becoming a reality. The word, of course, refers back to the hit movie, ‘Terminator,’ in which a computer network gained sentience and decided to do away with the human race.

While Microsoft’s latest advances in AI aren’t Skynet, their new, and recently touted AI image description routine is so good that it’s scary.

Describing an image accurately is a really tough problem for a computer, because of course, humans have a vast, rich body of experience to draw from when defining and ultimately describing what we see. Codifying that so a computer can draw on it has proven to be a daunting task.

It hasn’t stopped companies from trying though, and in 2016, Google was the first company to make a big breakthrough, reporting that their AI could caption images nearly as well as humans, with a shocking 94 percent accuracy. This is big news.

In the words of Eric Boyd, the CVP of Azure AI:

“Image captioning is one of the hardest problems in AI. It represents not only understanding the objects in a scene, but how they’re interacting, and how to describe them.”

Now, Microsoft has upped the ante with their ‘Seeing AI’ app, built for visually impaired users, which creates a real time, running narrative of the world around the person using the app. According to a recent Microsoft blog post, their new routine is nearly 99 percent accurate, and the new app will make it easier than ever for visually impaired users to navigate the web.

This is big, exciting news, and it’s interesting that the company is rushing the product to market. Beating a benchmark is one thing, but it remains to be seen how effective the new app will be. One thing’s for sure though, we’re anxious to find out, and also, possibly a shade nervous too.

Used with permission from Article Aggregator

Read More

The post Microsoft Image AI Increases Accuracy To Rival Humans appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/microsoft-image-ai-increases-accuracy-to-rival-humans/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-image-ai-increases-accuracy-to-rival-humans

Google’s Certificate Authority as a Service x AppViewX – a Future-fit Solution for the Enterprise

Google’s Certificate Authority as a Service x AppViewX – a Future-fit Solution for the Enterprise

Public key cryptography has proven to be a reliable way to protect networks and data, ensure privacy of critical transactions and communications, and authenticate the digital identity of people and devices. The public key infrastructure relies on certificates that are issued by a Certificate Authority – a public or private entity that is typically hosted […]

The post Google’s Certificate Authority as a Service x AppViewX – a Future-fit Solution for the Enterprise appeared first on AppViewX.

The post Google’s Certificate Authority as a Service x AppViewX – a Future-fit Solution for the Enterprise appeared first on Security Boulevard.

Read More

The post Google’s Certificate Authority as a Service x AppViewX – a Future-fit Solution for the Enterprise appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/googles-certificate-authority-as-a-service-x-appviewx-a-future-fit-solution-for-the-enterprise/?utm_source=rss&utm_medium=rss&utm_campaign=googles-certificate-authority-as-a-service-x-appviewx-a-future-fit-solution-for-the-enterprise

US Treasury Sanctions Russian Institution Linked to Triton Malware

Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

The post US Treasury Sanctions Russian Institution Linked to Triton Malware appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/us-treasury-sanctions-russian-institution-linked-to-triton-malware-2/?utm_source=rss&utm_medium=rss&utm_campaign=us-treasury-sanctions-russian-institution-linked-to-triton-malware-2

Cybercriminals Could be Coming After Your Coffee

Researchers show no IoT device is too small to fall victim to ransomware techniques.

The post Cybercriminals Could be Coming After Your Coffee appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/cybercriminals-could-be-coming-after-your-coffee/?utm_source=rss&utm_medium=rss&utm_campaign=cybercriminals-could-be-coming-after-your-coffee

Flurry of Warnings Highlight Cyber Threats to US Elections

FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.

The post Flurry of Warnings Highlight Cyber Threats to US Elections appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/flurry-of-warnings-highlight-cyber-threats-to-us-elections/?utm_source=rss&utm_medium=rss&utm_campaign=flurry-of-warnings-highlight-cyber-threats-to-us-elections

Manage your Palo Alto Network NGFW Policies with App-ID, Content-ID, User-ID, and more with Tufin

Today, enterprises are increasingly turning to Next-Generation Firewall (NGFW) features with the goal of moving toward a more proactive user and application-aware approach to enterprise security.  A long-term Palo Alto Networks partner, Tufin provides some of the industry’s best support for PanOS

The post Manage your Palo Alto Network NGFW Policies with App-ID, Content-ID, User-ID, and more with Tufin appeared first on Security Boulevard.

Read More

The post Manage your Palo Alto Network NGFW Policies with App-ID, Content-ID, User-ID, and more with Tufin appeared first on Malware Devil.

https://malwaredevil.com/2020/10/24/manage-your-palo-alto-network-ngfw-policies-with-app-id-content-id-user-id-and-more-with-tufin/?utm_source=rss&utm_medium=rss&utm_campaign=manage-your-palo-alto-network-ngfw-policies-with-app-id-content-id-user-id-and-more-with-tufin

US Treasury Sanctions Russian Institution Linked to Triton Malware

Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

The post US Treasury Sanctions Russian Institution Linked to Triton Malware appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/us-treasury-sanctions-russian-institution-linked-to-triton-malware/?utm_source=rss&utm_medium=rss&utm_campaign=us-treasury-sanctions-russian-institution-linked-to-triton-malware

Cybercrime: It’s Not About How, But Why?

When most people think about cybercrime, especially when they are victims of a data breach or business interruption by hackers, they tend to focus on the how. While tempting, this rarely leads to the culprit or a better defense.

The post Cybercrime: It’s Not About How, But Why? appeared first on BehavioSec.

The post Cybercrime: It’s Not About How, But Why? appeared first on Security Boulevard.

Read More

The post Cybercrime: It’s Not About How, But Why? appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/cybercrime-its-not-about-how-but-why/?utm_source=rss&utm_medium=rss&utm_campaign=cybercrime-its-not-about-how-but-why

Casos de uso de seguridad informática para mejorar la gestión de la fuerza de trabajo remota

En la «nueva normalidad», si su empresa ha elegido continuar con las operaciones remotas, podría atraer atacantes maliciosos. Los hackers atacan a la fuerza de trabajo remota cuya vulnerabilidad ha aumentado de varias maneras. Si bien algunas preocupaciones infraestructurales son …

The post Casos de uso de seguridad informática para mejorar la gestión de la fuerza de trabajo remota appeared first on ManageEngine Blog.

The post Casos de uso de seguridad informática para mejorar la gestión de la fuerza de trabajo remota appeared first on Security Boulevard.

Read More

The post Casos de uso de seguridad informática para mejorar la gestión de la fuerza de trabajo remota appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/casos-de-uso-de-seguridad-informatica-para-mejorar-la-gestion-de-la-fuerza-de-trabajo-remota/?utm_source=rss&utm_medium=rss&utm_campaign=casos-de-uso-de-seguridad-informatica-para-mejorar-la-gestion-de-la-fuerza-de-trabajo-remota

Five worthy reads: Preparing an incident response plan for the pandemic and beyond

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. With the rising concern over cyberattacks in the distributed workforce, this week we explore the concept of cybersecurity incident response during …

The post Five worthy reads: Preparing an incident response plan for the pandemic and beyond appeared first on ManageEngine Blog.

The post Five worthy reads: Preparing an incident response plan for the pandemic and beyond appeared first on Security Boulevard.

Read More

The post Five worthy reads: Preparing an incident response plan for the pandemic and beyond appeared first on Malware Devil.

https://malwaredevil.com/2020/10/23/five-worthy-reads-preparing-an-incident-response-plan-for-the-pandemic-and-beyond/?utm_source=rss&utm_medium=rss&utm_campaign=five-worthy-reads-preparing-an-incident-response-plan-for-the-pandemic-and-beyond