UK’s Traffic Control Systems Under Threat From Cyber Attack

Speaking with the BBC Today programme, and reported by the Daily Telegraph, General Sir Christopher Deverell has warned that the UK’s traffic control systems are under threat from cyber attack, with road systems one of several potential points that could be targeted by countries including Russia. IT security experts commented below.

SSTIC 2018 Wrap-Up Day #2

The second day started with a topic this had a lot of interest for me: Docker containers or “Audit de sécurité d’un environnement Docker” by Julien Raeis and Matthieu Buffet. Docker is everywhere today and, like new technologies, is not always mature when deployed, sometimes in a corner by developers. They explained (for those that are living on the moon) what is Docker in 30 seconds. The idea of the talk was not to propose a tool (you can have a look here). Based on their research, most containers are deployed with the default configuration. Images are downloaded without security pre-checks. If Docker is very popular on Linux systems, it is also available for Windows. In this case, there are two working modes: Via the Windows Server Containers (based on objects of type “job”) or Hyper-V container. They reviewed different aspects of the containers like privilege escalation, abuse of resources and capabilities. Some nice demonstrations were presented like privilege escalation and access to a file on the host from the container. Keep in mind that Docker is not considered as a security tool by the developers! Interesting talks but with a lack of practical stuff that could help auditors. The next talk was also oriented to virtualization and, more precisely, how to protect them from a guest point of view. This was presented by Jean-Baptiste Galet. The scenario was: “if the hypervisor is already compromized by an attacker, how to protect the VMs running on top of it? We can face the same kind of issues with a rogue admin. By design, an admin has full access to the virtual hosts. The goal is to reach the following requirements;
  • To use a trusted hypervisor
  • To verify the boot sequence integrity
  • To encrypt disks (and snapshots!)
  • To protect memory
  • To perform a safe migration between different hypervisors
  • To restrict access to console, ports, etc.

Some features have already been implemented by VMware in 2016 like an ESXi secure boot procedure, VM encryption and VMotion data encryption. Jean-Baptiste explained in detail how to implement such controls. For example, to implement a safe boot, UEFI & a TPM chip can be used.

Kaspersky Halts Europol Partnership After Controversial EU Parliament Vote

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company’s decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a “confirmed as malicious” software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

Healthcare: Security in Crisis?

The other day my wife went to the doctor, and a few weeks before that we took our son to the dentist. We had to fill out all the paperwork and give them all the usual PII, including name, address, phone number, alternate contacts, SS#, DOB, driver’s license, insurance info, weight, height, underwear size (just kidding), then we paid them with our credit card. All the while trusting that they are keeping our information safe and secure. Well, they are keeping the information we entrust them with secure, right? How do we know if they are?

Kaspersky Halts Europol Partnreship After Controversial EU Parliament Vote

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company’s decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a “confirmed as malicious” software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

SEC says Ether isn’t a security, but tokens based on Ether can be

“In cases where there is no… central enterprise being invested in or where the digital asset is sold only to be used to purchase a good or service available through the network on which it was created,” that digital asset is “out of the purview of U.S. securities laws”, according to William Hinman, the director of the division of corporation finance at the U.S. Securities and Exchange Commission.

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature

Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able to unlock phones.

How are people’s instagram accounts hacked?

Someone I follow on instagram reported that their account was hacked, the screenname changed but everything else basically stayed the same. He started up a new account with the screen name he used before but IG is basically telling him to piss up a rope and wont help him. My curiosity as someone interested in security and pen testing is the ‘how.’ How do malicious actors break in to IG accounts? Is it just brute force with a dictionary? Buying credentials from someone? What’s the magic?

Google Removing Option To Get Chrome Extensions From Remote Sites

Google has removed the option of installing Chrome extensions from remote sites so users will only be able to get the extensions from the official Chrome Web Store. Google has removed this option in the wake of a wave of malicious Chrome extensions on third party sites. Chris Olson, CEO at The Media Trust commented below.