Malware Devil

Monday, February 8, 2021

Hacker Raised Chemical Settings at Water Treatment Plant to Dangerous Levels

Subscribe to Newsletters

Webinar Archives

White Papers

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

DevOps Guide to Terraform Security

Reducing Data Breach Risk From Your Remote Workforce

Annual Cybercrime Report – Cybersecurity Ventures

2020 End of Year Phishing Report

More White Papers

Video

All Videos

Cartoon

Billions of Passwords Offered for $2 in Cyber-Underground

About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.
Read More

The post Billions of Passwords Offered for $2 in Cyber-Underground appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/billions-of-passwords-offered-for-2-in-cyber-underground/?utm_source=rss&utm_medium=rss&utm_campaign=billions-of-passwords-offered-for-2-in-cyber-underground

Critical WordPress Plugin Flaw Allows Site Takeover

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.
Read More

The post Critical WordPress Plugin Flaw Allows Site Takeover appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/critical-wordpress-plugin-flaw-allows-site-takeover/?utm_source=rss&utm_medium=rss&utm_campaign=critical-wordpress-plugin-flaw-allows-site-takeover

Ransomware Demands Spike 320%, Payments Rise

Remote work continues to fueling a spike in phishing and cyberattacks, particularly in the U.S.
Read More

The post Ransomware Demands Spike 320%, Payments Rise appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/ransomware-demands-spike-320-payments-rise/?utm_source=rss&utm_medium=rss&utm_campaign=ransomware-demands-spike-320-payments-rise

What’s the Difference Between ‘Observability’ and ‘Visibility’ in Security?

To drive holistic security success, we have to start with the interlinking of visibility and observability.

Question: What’s the difference between “observability” and “visibility” in security?

Joe Vadakkan, global cloud security leader, Optiv Security: As enterprises digitally transform, they are naturally undergoing security modernization as well. These efforts are dependent on mapping various security elements to keep up with dynamic environments in cloud, K8 clusters, infrastructure-as-code (IaC) deployment, and third-party toolsets. To drive holistic security success, though, we have to start with the interlinking of visibility and observability.

“Visibility” is achieved through monitoring systems, networks, applications, performance, through-point, or several-point solutions and aggregating that data. In the past, organizations wanted visibility into everything and went on shopping sprees for every point solution product out there. API-driven architecture allowed us to aggregate more logs, which gave us a single pane of glass and the first generation of security analytics. It also turned aggregated security logs into a data landfill.

“Observability” expands on that monitoring and enables correlation and inspection of the raw data to provide much deeper insights. With the proper instrumentation, observability allows an enterprise, both inside and outside of the security organization, to solve an extensive number of use cases. Observability requires several elements of logs, metrics, and deep tracing. All data from security, business, and technology sources is pipelined for enrichment and modeling. It opens us up to the second generation of analytics. We’re now able to mine the data, build patterns, make useful calculations out of artificial intelligence and machine learning samples, and improve remediation with proactive and reactive hyper-automation.

In my opinion, observability is the latest, most important fabric within a security modernization program. The more we expand the baseline understanding of our systems, the more proactive we can be in continuously improving our efforts.

Joe Vadakkan brings more than 18 years of global infrastructure architecture and security experience, focusing on all aspects of cyber and data security to his role of global practice leader, cloud security, for Optiv. Vadakkan’s expertise in information security and IT … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Optimizing App Performance in the Cloud

More Webcasts

White Papers

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

Stopping Phishing Attacks: Closing the Mobile-Gap

More White Papers

Reports

Assessing Cybersecurity Risk in Today’s Enterprises

Email Security Threat Report 2020

More Reports

The post What’s the Difference Between ‘Observability’ and ‘Visibility’ in Security? appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/whats-the-difference-between-observability-and-visibility-in-security/?utm_source=rss&utm_medium=rss&utm_campaign=whats-the-difference-between-observability-and-visibility-in-security

DLP for the Virtual Enterprise with DTEX InTERCEPT

Legacy Endpoint Data Loss Prevention (DLP) solutions have left organizations with a mountain of challenges and many headaches. With the new release of InTERCEPT 6.5, DTEX brings together the capabilities of user and entity behavior analytics (UEBA), endpoint data loss prevention, digital forensics and insider threat management into a cloud-native platform to empower customers to mitigate … Continued

The post DLP for the Virtual Enterprise with DTEX InTERCEPT appeared first on Dtex Systems Inc.

The post DLP for the Virtual Enterprise with DTEX InTERCEPT appeared first on Security Boulevard.

The post DLP for the Virtual Enterprise with DTEX InTERCEPT appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/dlp-for-the-virtual-enterprise-with-dtex-intercept/?utm_source=rss&utm_medium=rss&utm_campaign=dlp-for-the-virtual-enterprise-with-dtex-intercept

Android App Infects Millions of Devices With a Single Update

Subscribe to Newsletters

Webinar Archives

White Papers

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

DevOps Guide to Terraform Security

Reducing Data Breach Risk From Your Remote Workforce

Annual Cybercrime Report – Cybersecurity Ventures

2020 End of Year Phishing Report

More White Papers

Video

All Videos

Cartoon

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust controls that prevent adversaries from moving laterally across a network, as in the case of SolarWinds.

The post GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools appeared first on AttackIQ.

The post GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools appeared first on Security Boulevard.

The post GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/gao-finds-gaps-in-dod-cyberdefenses-highlights-importance-of-breach-and-attack-simulation-tools/?utm_source=rss&utm_medium=rss&utm_campaign=gao-finds-gaps-in-dod-cyberdefenses-highlights-importance-of-breach-and-attack-simulation-tools

How NOT to fail at PDF redaction

The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward.

Recently, the European Commission published a PDF version of the contract it had with AstraZeneca, a multinational pharmaceutical company based in the UK, over the availability and delivery of a certain number COVID-19 vaccine doses for Europeans.

The EU prefinanced 400 million doses from the pharma and expected it to deliver all of them as per contract. However, AstraZeneca said that it would only be delivering 40 percent of those doses.

To put pressure on AstraZeneca to fulfill its agreement with the EU, the bloc decided to make the contract public.

Although the document that was published on their website was supposed to be heavily redacted, whoever is responsible for making the document look “clean” forgot to redact the contents of the PDF’s bookmarks, which revealed significant portions of the redacted text.

There is a first time for everything.
This is not it.

We will have you know that there had been similar incidents in the past where improper obscuring of sensitive information about something has made history.

In 2011, the UK government accidentally breached itself by publishing a document containing certain secrets of Britain’s nuclear submarines. The PDF redaction was done by putting a black background behind the document’s black text. A simple copy and paste of its contents into a text editor, such as Windows Notepad, revealed the redacted PDF contents. Thankfully, these “secrets” weren’t as exciting as one would have expected.

This similar copy-and-pasting strategy worked with other purportedly redacted documents, such as that time when a judge’s a nalyses of the Apple versus Samsung ruling was revealed in an initially released PDF document.

If you can’t remember that, maybe you remember the time a reporter from The Guardian was able to reveal the full contents of the document in the case against Paul Manafort, Donald Trump’s former campaign chairman, containing details of his relationship with a former associate who had Russian ties.

Redacting PDFs 101

These are only a handful of stories from dozens more that have been reported and eventually buried (unless you start digging). Thankfully, embarrassing blunders like these can be avoided.

Here’s a caveat, however. You may find that digitally redacting documents may not be as straightforward as picking up a black permanent market and gliding the tip over the words you want to conceal (and if you think it is, you’re probably doing it wrong). Although technology is there to help make things quick for us, there are certain things that may need a bit of fiddling to ensure they’re done right and proper.

Adobe has a page dedicated to removing sensitive information from PDF documents that you can read in glorious detail here. But long story short, no matter how good your redactions look, they aren’t safe until you flip the Sanitize And Remove Hidden Information toggle when you save it.

Hope this helps!

The post How NOT to fail at PDF redaction appeared first on Malwarebytes Labs.

The post How NOT to fail at PDF redaction appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/how-not-to-fail-at-pdf-redaction-2/?utm_source=rss&utm_medium=rss&utm_campaign=how-not-to-fail-at-pdf-redaction-2

How NOT to fail at PDF redaction

The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward.

The EU prefinanced 400 million doses from the pharma and expected it to deliver all of them as per contract. However, AstraZeneca said that it would only be delivering 40 percent of those doses.

To put pressure on AstraZeneca to fulfill its agreement with the EU, the bloc decided to make the contract public.

There is a first time for everything.
This is not it.

We will have you know that there had been similar incidents in the past where improper obscuring of sensitive information about something has made history.

Redacting PDFs 101

These are only a handful of stories from dozens more that have been reported and eventually buried (unless you start digging). Thankfully, embarrassing blunders like these can be avoided.

Hope this helps!

The post How NOT to fail at PDF redaction appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/how-not-to-fail-at-pdf-redaction/?utm_source=rss&utm_medium=rss&utm_campaign=how-not-to-fail-at-pdf-redaction

Being a Serial Entrepreneur, Business Leader, & Hacker – Alissa Knight – ASW #139

Alissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published author, her recent vulnerability research in hacking law enforcement vehicles, mHealth apps and APIs, her recent screenplay for her new TV series, her life as a hacker, and barriers she’s broken down in business.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw139

The post Being a Serial Entrepreneur, Business Leader, & Hacker – Alissa Knight – ASW #139 appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/being-a-serial-entrepreneur-business-leader-hacker-alissa-knight-asw-139/?utm_source=rss&utm_medium=rss&utm_campaign=being-a-serial-entrepreneur-business-leader-hacker-alissa-knight-asw-139

Quickie: tshark & Malware Analysis, (Mon, Feb 8th)

The following screenshot drew my attention when I read Brad’s diary entry “Excel spreadsheets push SystemBC malware“:

This shellcode is encoded, each byte is represented with printable characters: xHH where HH are hexadecimal characters.

And that is something that can easily be decoded with my tool base64dump.py (this tools supports many encodings, not only base64).

I was able to export this encoded shellcode as a file with Wireshark (File / Export Objects / HTTP), and then decode it.

But then I was wondering: can I avoid saving this shellcode to disk? Can I pipe together commands to analyze the shellcode?

And I found a solution with tshark (Wireshark’s console version).

Here’s how I did this:

I read Brad’s pcap file (option -r) and apply a display filter (-Y) to select packets that contain xfc (the start of the encoded shellcode, minus the backslash): “http.file_data contains xfc”. And I display the content of field http.file_data (options -Tfields and -e).

I can pipe this directly into my base64dump.py tool:

Like Brad mentioned, the shellcode is downloaded twice. And here we can see that it’s the same shellcode (same hash).

And this looks indeed like shellcode (notice the IP address at the end of the hex/ascii dump):

That IP address (plus 0x00 byte) is followed by 4 bytes: that’s most likely the Cobalt Strike license ID/watermark.

I can check this with my tool 1768.py to analyze Cobalt Strike beacons:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Quickie: tshark & Malware Analysis, (Mon, Feb 8th) appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/quickie-tshark-malware-analysis-mon-feb-8th/?utm_source=rss&utm_medium=rss&utm_campaign=quickie-tshark-malware-analysis-mon-feb-8th

BSidesSF 2020 – Reed Loden’s ‘Day Two Opening Remarks’

Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group’s BSidesSF 2020 Conference, and on the Organization’s YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!

Permalink

The post BSidesSF 2020 – Reed Loden’s ‘Day Two Opening Remarks’ appeared first on Security Boulevard.

The post BSidesSF 2020 – Reed Loden’s ‘Day Two Opening Remarks’ appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/bsidessf-2020-reed-lodens-day-two-opening-remarks/?utm_source=rss&utm_medium=rss&utm_campaign=bsidessf-2020-reed-lodens-day-two-opening-remarks

Extortionists Publish Data Stolen from Two Healthcare Service Providers

An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money. On February 5, NBC News reported that a well-known ransomware group had published tens of thousands of files to a data leaks website on the dark web. Among those files were scanned diagnostic results, letters to health insurers and a folder containing background checks on employees.

The post Extortionists Publish Data Stolen from Two Healthcare Service Providers appeared first on Security Boulevard.

The post Extortionists Publish Data Stolen from Two Healthcare Service Providers appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/extortionists-publish-data-stolen-from-two-healthcare-service-providers-2/?utm_source=rss&utm_medium=rss&utm_campaign=extortionists-publish-data-stolen-from-two-healthcare-service-providers-2

Customer Demand Drives New Eclypsium Integration with Kenna.VM

Organizations Apply Risk-Based Vulnerability Management to Firmware and Hardware Infrastructure

The post Customer Demand Drives New Eclypsium Integration with Kenna.VM appeared first on Security Boulevard.

The post Customer Demand Drives New Eclypsium Integration with Kenna.VM appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/customer-demand-drives-new-eclypsium-integration-with-kenna-vm/?utm_source=rss&utm_medium=rss&utm_campaign=customer-demand-drives-new-eclypsium-integration-with-kenna-vm

JumpCloud Introduces New Packages

Beginning in 2021, JumpCloud admins have new packages to choose from in a simplified pricing model designed to provide the most value for your use case.

The post JumpCloud Introduces New Packages appeared first on JumpCloud.

The post JumpCloud Introduces New Packages appeared first on Security Boulevard.

The post JumpCloud Introduces New Packages appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/jumpcloud-introduces-new-packages/?utm_source=rss&utm_medium=rss&utm_campaign=jumpcloud-introduces-new-packages

Malware Devil

Malware Devil

Monday, February 8, 2021

Hacker Raised Chemical Settings at Water Treatment Plant to Dangerous Levels

Billions of Passwords Offered for $2 in Cyber-Underground

Critical WordPress Plugin Flaw Allows Site Takeover

Ransomware Demands Spike 320%, Payments Rise

What’s the Difference Between ‘Observability’ and ‘Visibility’ in Security?

DLP for the Virtual Enterprise with DTEX InTERCEPT

Android App Infects Millions of Devices With a Single Update

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

How NOT to fail at PDF redaction

There is a first time for everything.
This is not it.

Redacting PDFs 101

How NOT to fail at PDF redaction

There is a first time for everything.
This is not it.

Redacting PDFs 101

Being a Serial Entrepreneur, Business Leader, & Hacker – Alissa Knight – ASW #139

Quickie: tshark & Malware Analysis, (Mon, Feb 8th)

BSidesSF 2020 – Reed Loden’s ‘Day Two Opening Remarks’

Extortionists Publish Data Stolen from Two Healthcare Service Providers

Customer Demand Drives New Eclypsium Integration with Kenna.VM

JumpCloud Introduces New Packages

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me

Malware Devil

Monday, February 8, 2021

There is a first time for everything. This is not it.

Redacting PDFs 101

There is a first time for everything. This is not it.

Redacting PDFs 101

Blog Archive

About Me

There is a first time for everything.
This is not it.

There is a first time for everything.
This is not it.