The Role PCI-DSS Plays in Security

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security breaches. Credit card issuers and companies that store, process, and transmit card information implement the rules defined by the PCI-DSS. Here’s what you need to know about these standards.

Q&A On Big Telnet IoT Data Leak | Avast

A hacker recently leaked a list of more than a half-million Telnet credentials for servers, home routers, and smart devices, leaving them vulnerable to attack. Marko Zbirka, an Internet of Things threat researcher at Avast, answered key questions related to the incident – and why it matters to consumers.

Morphisec Protects Customers Against Internet Explorer Scripting Zero Day

Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means in practice is that any application that supports embedding Internet Explorer or its scripting engine can be leveraged as an attack vector.

Cruise doubles down on hardware

Ten months ago, Cruise declared it would hire at least 1,000 engineers by the end of the year, an aggressive target — even for a company with a $7.25 billion war chest — in the cutthroat autonomous vehicle industry, where startups, automakers and tech giants are battling over talent.

DEF CON 27, Aviation Village, Zoltan Madarassy’s ‘Behind The Scenes Of Hacking Airplanes’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IgKsH6BzQWY

Notorious Crime Gang Targets Internet Routers Using Tomato Firmware

An anonymous reader quotes a report from Ars Technica: Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday. The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress.

On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers. The exploits use already infected devices to scan the Internet for Tomato routers and, when found, to check if they use the default username and password of “admin:admin” or “root:admin” for remote administration. The exploit causes Tomato routers that haven’t been locked down with a strong password to join an IRC server that’s used to control the botnet. The infection also causes the routers to scan the Internet for servers or devices running WordPress, Webuzo, or WebLogic packages that are vulnerable.

Report: A Cyberattack Could Severely Disrupt the US Financial System

A new staff report from the Federal Reserve Bank of New York highlights the risk and potential fallout that a sophisticated cyberattack might have on the United States. In the report, analysts examined a scenario in which a single-day shock hits the country’s payment network, Fedwire, measuring the broad impact it would have on the economy. The results? A significant 38 percent of the network would be affected on average by significant spillovers to other banks, damaging the stability of the broader financial system in the United States.

DEF CON 27, Aviation Village, Tarah Wheeler’s ‘Common Online Security Fails In Pilot Training’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/xyvmux45860

Reminder: Safeguard Websites from Cyberattacks

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.   

Breaking down a two-year run of Vivin’s cryptominers

News Summary

  • There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017.
  • “Vivin” has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign.

By Andrew Windsor.

Talos has identified a new threat actor, internally tracked as “Vivin,” conducting a long-term cryptomining campaign. We first began linking different samples of malware dropping illicit coin miners to the same actor in November of 2019. However, upon further investigation, Talos established a much longer timeline of activity. Observable evidence shows that Vivin has been active since at least November 2017 and is responsible for mining thousands of U.S. dollars in Monero cryptocurrency off of their infected hosts.

When CISOs Lose Their Jobs…

In his recent CSO Online article, 7 Security Incidents That Cost CISOs Their Jobs, writer Dan Swinhoe looks at some of the most high profile breaches in recent history that resulted in the CISO either leaving or being fired. In the article, Swinhoe quotes Dr. Steve Purser, head of core operations at ENISA, who says of his time spent as a CISO, “the big lessons, even in those days, was how do you communicate successfully when you’re under pressure? How do you concentrate on the right things, exchange the right information, and make sure that you are doing things in a prioritized order?”

Mitsubishi Electric Discloses Cyber-Attack

While it is currently unknown who was behind the attack on Mitsubishi Electric, it is important to note that many attackers will reuse different pieces of personal and corporate data from one company to aid in targeting others. Payment invoices, work orders, contracts, and other communicates provide attackers valuable insight into how different companies work and interact with each other, while also helping them identify personnel to target within various organizations. When an attacker is able to spoof an email that appears to come from a person that someone has already had dealings with and is able to include details from previous interactions, it makes the message appear more legitimate. Any time that an attacker is able to make an email seem more legitimate, it increases the likelihood significantly that their phishing attack will be successful. Detecting lateral movement within the network can be a vital first indicator in catching an attacker and keeping them from gaining access deeper into systems. End-point monitoring solutions, such as Binary Defense’s MDR, Managed Detection and Response, can help to detect lateral movement early on so that infected systems can be quickly identified and quarantined. More information on this incident can be found at https://www3.nhk.or.jp/nhkworld/en/news/20200120_18/