Nearly two weeks after the city of Baltimore’s internal networks were compromised by the Samsam ransomware worm (previously), the city is still weeks away from recovering services — that’s weeks during which the city is unable to process utility payments or municipal fines, register house sales, or perform other basic functions of city governance.
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.
It has been reported that Google has suspended Huawei’s access to updates of its Android operating system and chipmakers have reportedly cut off supplies to the Chinese telecoms company, complying with orders from the US government as it seeks to blacklist Huawei around the world. According to the story, Chipmakers such as Intel, Qualcomm, Xilinx, and Broadcom have told employees they will not supply chips to Huawei until further notice, Bloomberg reported on Monday, citing people familiar with the matter.
By Zane Pokorny on May 21, 2019
Recorded Future’s database now includes over one billion Intelligence Cards.
DevSecOps can be challenging for many organizations when you consider all the areas of the DevOps process that require security testing. Organizations that begin to shift security “left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to most organizations and are more recently starting to become “mainstream.” For example, we’re seeing more customers adopting microservices, utilizing cloud storage through Amazon S3, MongoDB, and Elasticsearch, deploying applications using containers, and managing those containers with newer orchestration technology like Kubernetes.
Written by Sean Lyngaas
Criminals accustomed to planting backdoors in software may be getting a taste of their own medicine.
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain.
Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic:
There is no bulletproof digital network, and blockchain doesn’t stand out from the rest in this regard. However, the attacks targeting distributed ledgers differ from the ones used to compromise conventional computer networks. These exploitation scenarios rely on tampering with the process of achieving consensus to alter the data added to the ledger.
Name: Dawn Cappelli
Title and company: VP Global Security and CISO, Rockwell Automation
Gigamon Application Intelligence provides visibility into complex digital apps, helping companies with their digital transformation
Another day, another unsecured AWS instance: This time, it’s the sensitive data of almost 50 million Instagram “influencers” leaked and at risk.
Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.
The intelligence in this week’s iteration discuss the following threats: Data theft, Banking malware, Magecart, RCE, Threat group, targeted attacks, Website compromise, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
|Spirent First to Incorporate NetSecOPEN Test Suite into Security and
Performance Testing Platform
CyberFlood solution simplifies network testing for industry body’s open-standards compliance
SAN JOSE, Calif., May 21, 2019 – Spirent Communications plc (LSE:SPT), the trusted provider of test, measurement, assurance, and analytics solutions for next-generation devices and networks, today announced that it has fully incorporated the NetSecOPEN test suite into its CyberFlood testing platform. The new built-in capabilities provide CyberFlood users with the ability to easily perform assessments of their security systems using the full breadth of NetSecOPEN’s open network security test standard methodologies.
NetSecOPEN is a vendor-independent standards body that brings together leading testing solutions vendors, security vendors, and testing labs to develop transparent, open, and public standards-based cybersecurity performance testing. Spirent Communications joined NetSecOPEN as a founding member in 2017, and has played an important role in developing the organization’s open testing standard for next-generation firewalls (NGFW).
Spirent’s CyberFlood is the first assessment solution to integrate all current NetSecOPEN tests. With this latest version, users can easily access NetSecOPEN’s standards-based methodologies to assess and validate how deployment-ready security solutions impact network performance. These methodologies cover a wide range of use cases, including enterprise perimeter security mix traffic, cybersecurity assessment with pre-defined attack and malware scenarios, and a growing set of primary performance tests for bandwidth and capacity based on fully open and transparent standards.
“The combination of CyberFlood and NetSecOPEN enables every enterprise to adopt an open-standards approach to infrastructure security assessments,” said Jurrie van den Breekel, vice president, business development and product management at Spirent Communications. “With CyberFlood’s NetSecOPEN tests, users can immediately see the impact on performance, while optimizing infrastructure security policies.”
Spirent CyberFlood is a powerful, easy-to-use test solution that enables enterprises, service providers, and network equipment manufacturers to gauge the security, performance, scalability, and efficacy of their application-aware network infrastructures. Unlike test solutions that merely simulate or mimic attacks, CyberFlood emulates hacker, malware, and attack behavior using realistic and up-to-date threats – including malicious payloads seen in the real world – to provide a highly accurate security evaluation of an organization’s networks and devices.
Brian Monkman, executive director of NetSecOPEN said: “Incorporating the NetSecOPEN test suite into Spirent’s CyberFlood is a great step forward for the industry and brings us closer to full, cross-industry adoption of a truly open standard for apples-to-apples performance testing of security solutions. Now CyberFlood puts our specification of realistic, repeatable testing into the hands of enterprise organizations, labs, and vendors.”
CyberFlood version 19.1.2, featuring the expanded NetSecOPEN test suite as a standard component, is available now. For more information, please visit https://www.spirent.com/products/cyberflood, while more details about NetSecOPEN are available at www.netsecopen.org.
# # #
According to Gartner1, “Applying behavioral analysis to network traffic is helping enterprises detect suspicious traffic that other security tools are missing.”
Written by Shannon Vavra
Political parties in Europe and the U.S. have cybersecurity practices that fail to meet basic standards, leaving them vulnerable to hackers and foreign influence operations with elections rapidly approaching, according to security researchers.
Attributed to: Ian Woolley, Chief Revenue Officer of Ensighten