Author: Blog

“To date, FEMA has found no indicators to suggest survivor data has been compromised. FEMA has also worked with the contractor to remove the unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security (DHS) cybersecurity and information-sharing standards. As an added measure, FEMA instructed contracted staff to complete additional DHS privacy training.”

Following the news that cybersecurity firm Barracuda Networks has published a report on spear phishing which reveals that over 80% of attempts involve brand impersonation, Corin Imai, Senior Security Advisor at DomainTools commented below.

German Foreign Minister Heiko Maas called last week for action to ensure human control of lethal weapons, but is pushing a non-binding declaration rather than a global ban, given opposition by the United States, Russia and China. The United Nations and European Union have called for a global ban, but discussions so far have not yielded a clear commitment to conclude a treaty. Activists from over 100 non-governmental groups gathered in Berlin this week to pressure Maas and the German government to take more decisive action after twice endorsing a ban on fully autonomous weapons in their 2013 and 2018 coalition accords.

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring – 33-year-old Freedom Hosting operator Eric Eoin Marques – was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland’s Supreme Court cleared the way for Marques to be extradited to the United States.

A fully patched Mozilla Firefox web browser was no match for researchers at the Pwn2Own competition, though Mozilla found itself up to the task and has already patched the issue. Firefox wasn’t the only thing hacked at Pwn2Own as researchers were also able to exploit the internet browser on a Tesla Model 3 as well.

Heathcare kiosks, a home-cooked food marketplace, and a way for startups to earn interest on their funding topped our list of high-potential companies from Y Combinator’s Winter 2019 Demo Day 2. 88 startups launched on stage at the lauded accelerator, though some of the best skipped the stage as they’d already raised tons of money.

A Security Incident and Event Management (SIEM) tool ingests logs from your environment, correlates the data and can disseminate insights via alerting, visual dashboards or reports. SIEMs normalize data into a readable format for the common layman.

A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target’s computer. 

Leading up to the AWS Santa Clara Summit, we’re sharing our conversation with Nathan Case, who will be presenting at the event, so you can learn more about him and some of the interesting work that he’s doing.

Safeguarding against the security pitfalls of Cloud-Based Platforms

Majority of us are intimately familiar with the concept of ‘the Cloud’, the seemingly omnipresent information sharing and storage solution.  But how much do you know about the security systems that defend it?  Most of you may already be using cloud-based programs such as GoogleDocs, DropBox or, more commonly, Microsoft Office 365 – the near ubiquitous email collaboration platform commonly found in most offices.  However, as fears surrounding data security grow, an understanding of the risks and rewards of cloud computing is more important than ever.

Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims’ devices via a commercial program that steals photos and recordings from their devices.

The BBC has today reported that scams in which criminals trick bank customers into paying them money out of their bank accounts jumped by 45% in the second half of last year. Over the whole of last year, more than 84,000 bank customers fell victim, some losing tens of thousands of pounds. Banks say scam merchants are shifting their attention from trying to penetrate banking systems to conning members of the public directly. Business are being targeted as well, with a similar sharp rise to £209m in suspicious transfers unwittingly authorised by staff members. 

By Zane Pokorny on March 22, 2019

Should you open that attachment? Determining whether a file is safe to open, or whether it comes from a reputable source, is getting to be tricky business these days. Without quick context from threat intelligence, determining file reputation is becoming increasingly complicated.

Welcome to Tripwire Patch Madness!Comprised of 26 vulnerabilities divided into two conferences and four divisions, the goal of this tournament is to declare which named vulnerability is king of Patch Madness! The original list of named vulnerabilities was taken from Hanno Böck’s named vulnerabilities repo. Any entries that did not have published CVSSv2 scores were dropped (not enough of the entries had CVSSv3 scores) and the list was topped up with other named vulnerabilities to give us a total of 13 vulnerabilities per conference.Over the years named vulnerabilities have been used to draw attention to critical issues and as a cry for attention from those that discovered them. In many cases, the criticality of the issue warrants the name, an easy to reference identifier for those that don’t enjoy keeping CVEs in their heads. There have been times though when those that discovered a vulnerability simply wanted attention. For that reason, each division, containing either 6 or 7 named vulnerabilities, has been seeded using each vulnerability’s CVSSv2 score.The rules:Each conference is comprised of 13 teams.Teams were randomly assigned conferences and divisions.Each conference consists of a 7-team division and a 6-team division.Each division was seeded using CVSSv2 base scores.Byes
a. Within the 6-team division, the highest seeded team receives a bye in the second round.
b. Within the 7-team division, the highest seeded team receives a bye in the first round.While we’re not ready to reveal just how we’ve determined the winning vulnerability in each round of the tournament, we invite you to play along and tweet your thoughts on the winners using #PatchMadness.Feel free to take the initial bracket release and complete it fully, sharing your thoughts on the outcome of the tournament.

Many WordPress themes and a plugin suffer from open redirection vulnerabilities. Age-Verification plugins version 0.5 is affected. Themes affected include Ev version 1.x, Nine-Day version 1.6, Aibbt version 1.0, itiis version 1.x, ifxPro.Cn version 5.0, 2kqq version 5.2, Azzxx version 1.2.1, BigChrome version 5.2, clsn-003 version 1.0, Concise version 2.8, TaozHuji version 5.2, UsaMusic-PC version 1.0, Wngzs version 1.0, 2018110612035976 version 1.7.3, Begin4.6 version 4.6, Begin5.2 version 5.2, Begin44 version 4.4, BeginLTS version 6, Zangai version 1.1.0, Deep version 5.4, and Wopus version 1.0.

It has been reported that a zero-day WordPress plugin has been exploited in the wild by at least two hacker groups. The vulnerability can be used to change site settings, create admin accounts to use as backdoors and then hijack traffic from the hacked sites. 

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Golang is gaining popularity by malware authors, and more golang based malware is being found in the wild. It is also one of my favourite programming languages, especially for all network related applications, for the reasons of:

Written by Jeff Stone
Mar 22, 2019 | CYBERSCOOP

The Department of Homeland Security has issued an advisory warning that a vulnerability in Medtronic heart defibrillators could allow hackers to change the settings in a medical device from within radio range.