Fity Feeds Archives

Offices Resort To Sensors In Futile Attempts To Keep Workers Apart

An anonymous reader quotes a report from Bloomberg: Millions of workers in recent months have returned to offices outfitted with new pandemic protocols meant to keep them healthy and safe. But temperature checks and plexiglass barriers between desks can’t prevent one of the most dangerous workplace behaviors for the spread of Covid-19 — the irresistible desire to mingle. “If you have people coming into the office, it’s very rare for them consistently to be six feet apart,” said Kanav Dhir, the head of product at VergeSense, a company that has 30,000 object-recognition sensors deployed in office buildings around the world tracking worker whereabouts.

Since the worldwide coronavirus outbreak, the company has found that 60% of interactions among North American workers violate the U.S. Centers for Disease Control and Prevention’s six-foot distancing guidelines, as do an even higher share in Asia, where offices usually are smaller. […] For those employers pushing ahead with a return to the office, sensors that measure room occupancy are proving to be a necessity, said Doug Stewart, co-head of digital buildings at the technology unit Cushman & Wakefield, which manages about 785-million-square feet of commercial space in North and South America. Most offices are already fitted with sensors of some kind, even if it’s just a badging system or security cameras. Those lagging on such capabilities are now scrambling to add more, he said. The systems were used before the pandemic to jam as many people together in the most cost-effective way, not limit workplace crowding or keep employees away from each other, Stewart said. With that in mind, companies can analyze the data all they want, but changing human behavior — we’re social creatures, after all — is harder, he said.

TrickBot really is on the run after Microsoft, Cyber Command disruption

Written by Tim Starks
Oct 20, 2020 | CYBERSCOOP

Why A Gamer Started A Web Of Disinformation Sites Aimed At Latino Americans

This article was written in collaboration with First Draft, a nonprofit organization that provides investigative research to newsrooms tracking and reporting on mis- and disinformation.

Now may be the best time to become a full-stack developer

Sergio Granada Contributor

Sergio Granada is the CTO of Talos Digital, a global team of professional software developers that partners with agencies and businesses in multiple industries providing software development and consulting services for their tech needs.

In the world of software development, one term you’re sure to hear a lot of is full-stack development. Job recruiters are constantly posting open positions for full-stack developers and the industry is abuzz with this in-demand title.

Microsoft’s Flight Simulator 2020 Blurs the Line Between Tools and Toys

Ubuntu Security Notice USN-4593-1

=========================================================================
Ubuntu Security Notice USN-4593-1
October 20, 2020

How US security officials are watching for threats ahead of Election Day

Written by Sean Lyngaas
Oct 20, 2020 | CYBERSCOOP

Why Are Your Favorite Fictional Characters Endorsing Biden?

Screenshot via HBO, Instagram Sticker via Giphy

What do Tony Soprano from The Sopranos and Jack Pearson from This Is Us have in common? They both, apparently, support Joe Biden for President, according to the artists that had a hand in creating them.

Why social media disinformation represents such a security threat

Written by Jeff Stone
Oct 20, 2020 | CYBERSCOOP

DEF CON 28 Safe Mode AppSec Village – Christian Schneider’s ‘Threagile: Agile Threat Modeling’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Crane lifting Scala onto Code Property Graph to conduct vulnerability analysis

The Scala language has continued to gain popularity over the last several years, thanks to its excellent combination of functional and object-oriented software development principles, and its implementation on top of the proven Java Virtual Machine (JVM). Although Scala compiles to Java bytecode, it is designed to improve on many of the perceived shortcomings of the Java language. Offering full functional programming support, Scala’s core syntax contains many implicit structures that have to be built explicitly by Java programmers, some involving considerable complexity.

Scala fuses object-oriented and functional programming in a type-safe way. From the object-oriented world, Scala takes the concept of class, and follows the principle that “everything is an object”. From the functional world, it brings in algebraic data types, pattern matching, anonymous functions and closures. Staying true to the above principle, algebraic data types are encoded as classes (case classes), pattern matches as partial functions or extractor objects, functions as generic interfaces of one method and finally closures as objects implementing a function interface

As Scala gains popularity, the need grows for program analysis tools for it that automate tasks such as vulnerability analysis, verification and whole-program optimization. Besides the abstract syntax tree and control flow, such tools typically need call graphs to approximate the behavior of method calls.

Several Scala features such as traits, abstract type members, and closures leading to indirect function calls make call graphs constructions even harder. Furthermore, the Scala compiler translates certain language features using hard-to-analyze reflection. While solutions exist for analyzing programs that use reflection, such approaches tend to be computationally expensive or they make very conservative assumptions that result in a loss of precision.

The ability to grow the language through libraries is a key aspect of Scala. Its syntax allows users to write code that looks like built-in features, keeping the language small. For instance, the standard library provides a BigInt class that is indistinguishable from the standard Int type, and the for loop on integers is provided through a Range class.

This approach is elegant and gives programmers the power of language designers. However, everything comes at a price, and in this case the price is complexity in security analysis and performance penalties. Familiar looking code, like an assert statement or a for loop may conceal unexpected costs. While library designers are usually aware of these implications, users are often surprised by such performance hits

Let us illustrate few features of Scala that make it suitable for developing, further leading to complexity in security analysis.

Higher-order functions

Scala supports higher-order functions and has convenient syntax for function literals. For instance, method foreach is defined like this:

def foreach[U](f: A => U) = // ..

Here, foreach takes a function from type A (we assume foreach is defined inside a generic collection of elements of type A) to U (most of the times U is instantiated to Unit). Iterating over such a collection is then done like this

xs foreach { x =>
// x is bound successively to each element in xs
}

Training by security console

The notable shortage of cybersecurity specialists on the market in recent years has become particularly problematic in 2020. The pandemic, which has led to a widespread shift to remote working, has also highlighted the need to change security strategies at many companies. Even small firms have realized that the skills of their IT administrators are no longer sufficient to ensure business continuity and protect corporate information.

How to automate incident response in the AWS Cloud for EC2 instances

One of the security epics core to the AWS Cloud Adoption Framework (AWS CAF) is a focus on incident response and preparedness to address unauthorized activity. Multiple methods exist in Amazon Web Services (AWS) for automating classic incident response techniques, and the AWS Security Incident Response Guide outlines many of these methods. This post demonstrates one specific method for instantaneous response and acquisition of infrastructure data from Amazon Elastic Compute Cloud (Amazon EC2) instances.

Incident response starts with detection, progresses to investigation, and then follows with remediation. This process is no different in AWS. AWS services such as Amazon GuardDuty, Amazon Macie, and Amazon Inspector provide detection capabilities. Amazon Detective assists with investigation, including tracking and gathering information. Then, after your security organization decides to take action, pre-planned and pre-provisioned runbooks enable faster action towards a resolution. One principle outlined in the incident response whitepaper and the AWS Well-Architected Framework is the notion of pre-provisioning systems and policies to allow you to react quickly to an incident response event. The solution I present here provides a pre-provisioned architecture for an incident response system that you can use to respond to a suspect EC2 instance.

Infrastructure overview

The architecture that I outline in this blog post automates these standard actions on a suspect compute instance:

Capture all the persistent disks.
Capture the instance state at the time the incident response mechanism is started.
Isolate the instance and protect against accidental instance termination.
Perform operating system–level information gathering, such as memory captures and other parameters.
Notify the administrator of these actions.

The solution in this blog post accomplishes these tasks through the following logical flow of AWS services, illustrated in Figure 1.

Figure 1: Infrastructure deployed by the accompanying AWS CloudFormation template and associated task flow when invoking the main API

A user or application calls an API with an EC2 instance ID to start data collection.
Amazon API Gateway initiates the core logic of the process by instantiating an AWS Lambda function.
The Lambda function performs the following data gathering steps before making any changes to the infrastructure:
1. Save instance metadata to the SecResponse Amazon Simple Storage Service (Amazon S3) bucket.
2. Save a snapshot of the instance console to the SecResponse S3 bucket.
3. Initiate an Amazon Elastic Block Store (Amazon EBS) snapshot of all persistent block storage volumes.
The Lambda function then modifies the infrastructure to continue gathering information, by doing the following steps:
1. Set the Amazon EC2 termination protection flag on the instance.
2. Remove any existing EC2 instance profile from the instance.
3. If the instance is managed by AWS Systems Manager:
  1. Attach an EC2 instance profile with minimal privileges for operating system–level information gathering.
  2. Perform operating system–level information gathering actions through Systems Manager on the EC2 instance.
  3. Remove the instance profile after Systems Manager has completed its actions.
  Create a quarantine security group that lacks both ingress and egress rules. Move the instance into the created quarantine security group for isolation. Send an administrative notification through the configured Amazon Simple Notification Service (Amazon SNS) topic.
  Solution features
  
  By using the mechanisms outlined in this post to codify your incident response runbooks, you can see the following benefits to your incident response plan.
  
  Preparation for incident response before an incident occurs
  
  Both the AWS CAF and Well-Architected Framework recommend that customers formulate known procedures for incident response, and test those runbooks before an incident. Testing these processes before an event occurs decreases the time it takes you to respond in a production environment. The sample infrastructure shown in this post demonstrates how you can standardize those procedures.
  
  Consistent incident response artifact gathering
  
  Codifying your processes into set code and infrastructure prepares you for the need to collect data, but also standardizes the collection process into a repeatable and auditable sequence of What information was collected when and how. This reduces the likelihood of missing data for future investigations.
  
  Walkthrough: Deploying infrastructure and starting the process
  
  To implement the solution outlined in this post, you first need to deploy the infrastructure, and then start the data collection process by issuing an API call.
  
  The code example in this blog post requires that you provision an AWS CloudFormation stack, which creates an S3 bucket for storing your event artifacts and a serverless API that uses API Gateway and Lambda. You then execute a query against this API to take action on a target EC2 instance.
  
  The infrastructure deployed by the AWS CloudFormation stack is a set of AWS components as depicted previously in Figure 1. The stack includes all the services and configurations to deploy the demo. It doesn’t include a target EC2 instance that you can use to test the mechanism used in this post.
  
  Cost
  
  The cost for this demo is minimal because the base infrastructure is completely serverless. With AWS, you only pay for the infrastructure that you use, so the single API call issued in this demo costs fractions of a cent. Artifact storage costs will incur S3 storage prices, and Amazon EC2 snapshots will be stored at their respective prices.
  
  Deploy the AWS CloudFormation stack
  
  In future posts and updates, we will show how to set up this security response mechanism inside a separate account designated for security, but for the purposes of this post, your demo stack must reside in the same AWS account as the target instance that you set up in the next section.
  
  First, start by deploying the AWS CloudFormation template to provision the infrastructure.
  
  To deploy this template in the us-east-1 region
  1. Choose the Launch Stack button to open the AWS CloudFormation console pre-loaded with the template:
  2. (Optional) In the AWS CloudFormation console, on the Specify Details page, customize the stack name.
  3. For the LambdaS3BucketLocation and LambdaZipFileName fields, leave the default values for the purposes of this blog. Customizing this field allows you to customize this code example for your own purposes and store it in an S3 bucket of your choosing.
  4. Customize the S3BucketName field. This needs to be a globally unique S3 bucket name. This bucket is where gathered artifacts are stored for the demo in this blog. You must customize it beyond the default value for the template to instantiate properly.
  5. (Optional) Customize the SNSTopicName field. This name provides a meaningful label for the SNS topic that notifies the administrator of the actions that were performed.
  6. Choose Next to configure the stack options and leave all default settings in place.
  7. Choose Next to review and scroll to the bottom of the page. Select all three check boxes under the Capabilities and Transforms section, next to each of the three acknowledgements:
    - I acknowledge that AWS CloudFormation might create IAM resources.
    - I acknowledge that AWS CloudFormation might create IAM resources with custom names.
    - I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  8. Choose Create Stack.
  Set up a target EC2 instance
  
  In order to demonstrate the functionality of this mechanism, you need a target host. Provision any EC2 instance in your account to act as a target for the security response mechanism to act upon for information collection and quarantine. To optimize affordability and demonstrate full functionality, I recommend choosing a small instance size (for example, t2.nano) and optionally joining the instance into Systems Manager for the ability to later execute Run Command API queries. For more details on configuring Systems Manager, refer to the AWS Systems Manager User Guide.
  
  Retrieve required information for system initiation
  
  The entire security response mechanism triggers through an API call. To successfully initiate this call, you first need to gather the API URI and key information.
  
  To find the API URI and key information
  1. Navigate to the AWS CloudFormation console and choose the stack that you’ve instantiated.
  2. Choose the Outputs tab and save the value for the key APIBaseURI. This is the base URI for the API Gateway. It will resemble https://abcdefgh12.execute-api.us-east-1.amazonaws.com.
  3. Next, navigate to the API Gateway console and choose the API with the name SecurityResponse.
  4. Choose API Keys, and then choose the only key present.
  5. Next to the API key field, choose Show to reveal the key, and then save this value to a notepad for later use.
  (Optional) Configure administrative notification through the created SNS topic
  
  One aspect of this mechanism is that it sends notifications through SNS topics. You can optionally subscribe your email or another notification pipeline mechanism to the created SNS topic in order to receive notifications on actions taken by the system.
  
  Initiate the security response mechanism
  
  Note that, in this demo code, you’re using a simple API key for limiting access to API Gateway. In production applications, you would use an authentication mechanism such as Amazon Cognito to control access to your API.
  
  To kick off the security response mechanism, initiate a REST API query against the API that was created in the AWS CloudFormation template. You first create this API call by using a curl command to be run from a Linux system.
  
  To create the API initiation curl command
  Copy the following example curl command.
  curl -v -X POST -i -H "x-api-key: 012345ABCDefGHIjkLMS20tGRJ7othuyag" https://abcdefghi.execute-api.us-east-1.amazonaws.com/DEMO/secresponse -d '{ "instance_id":"i-123457890" }'

Meadow launches a powerful mobile marketing tool for cannabis dispensaries

Meadow was once called the Amazon of weed. Now it’s trying to be the Salesforce of weed, too.

6 Takeaways: Russian Spies Accused of Destructive Hacking

Cyberwarfare / Nation-State Attacks , Forensics , Fraud Management & Cybercrime

A week in security (October 12 – October 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, and the absence of Deepfakes from the 2020 US elections.

CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats

This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our threat intelligence. It allows us to respond swiftly and effectively, addressing one of the most difficult challenges for any security team. For Microsoft, our threat protection is built on an unparalleled cloud ecosystem that powers scalability, pattern recognition, and signal processing to detect threats at speed, while correlating these signals accurately to understand how the threat entered your environment, what it affected, and how it currently impacts your organization. The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals from a wide variety of products, services, and feeds from around the globe. Because the data is diverse, AI and machine learning algorithms can detect threats in milliseconds.

What Cybersecurity and Traveling Have in Common

My favorite thing about my career in cybersecurity has been a constant opportunity to learn new topics. Cybersecurity weaves itself through every aspect of our lives: the phone in your pocket, the smart TV in your home, and on and on. And the idea that each of these devices allows me to gain new knowledge is fascinating. It can also be daunting when there is always so much to learn. I want to share a learning method I’ve developed to help you quickly learn new concepts. I have been using this mental model since I started in the industry. It works equally well whether you are new to the field or if you are adding to years of experience.

Cost of non-compliance: 8 largest data breach fines and penalties

Introduction

Different regulations and laws will slap organizations with fines and penalties for data breaches. This is because the organization did not take the privacy of their data seriously. However, the authorities take this responsibility very seriously and will not hesitate to punish with fines and penalties that are sometimes in the hundreds of millions of dollars, if not more.

Microsoft Azure job outlook

Introduction

The business world is relocating to the cloud and the trend is strong. It has been predicted that by the end of 2020, 83% of all businesses will be in the cloud and by 2021, the percentage of workloads processed in cloud data centers will reach 94%. By 2022, cloud services will be three times the size of the overall IT services provided. The future is cloud-based, and the COVID-19 pandemic will only strengthen this trend.

Higher-order functions

Infrastructure overview

Solution features

Preparation for incident response before an incident occurs

Consistent incident response artifact gathering

Walkthrough: Deploying infrastructure and starting the process

Cost

Deploy the AWS CloudFormation stack

To deploy this template in the us-east-1 region

Set up a target EC2 instance

Retrieve required information for system initiation

To find the API URI and key information

(Optional) Configure administrative notification through the created SNS topic

Initiate the security response mechanism

To create the API initiation curl command

Introduction

Introduction