Beware Used or Discount Devices

Posted on January 18, 2015 by Carmelo

Because of the introduction of BadUSB, some cybercriminals have been modifying hardware peripherals with some extra storage, some wireless and remote connectivity, and a lot of quality hacker ingenuity.

keyboard_animation
Keyboard with a hardware keylogger built into it

This type of genius is nothing new in the hacker scenes, as far back as four years ago, a security company was able to create the “Trojan Mouse” as described in Forbes, where a mouse was opened up, a USB drive was placed into it, and it was resealed and mailed to a specific user at the target company. When the mouse was eventually plugged in, the malware ran, opened a connection to the outside, and allowed full access into the company.

Many instructions are online on how to open up USB peripherals and attach a USB to them, opening the door for cyber theft and spying. Sale of these devices are now common through garage sales, flea markets, and Craigslist and eBay among other popular sale websites. If a cyber criminal is going to convince you to buy a hardware exploit to use on you, he/she might as well get paid!

When shopping for mice, keyboards, or anything that has USB, try to go for new, factory sealed devices. Though there is speculation that the NSA (very interesting read) and Chinese manufacturers are trying to infect the source of the supply line, at least the company will be there to assist with replacement of the devices or in the very least, a company to sue.

Posted in Security Blog | Tagged , , , , , , , , , , , , , | Comments Off on Beware Used or Discount Devices

Hacker’s List

Posted on January 17, 2015 by Carmelo

A new service is online where a person posts a problem to solve as a job and another person bids on the work if they know how to solve it.

So far, most problems look to be in regards to:

  • Hacking iPhones
  • Hacking Facebook Accounts
  • Changing someone’s grades
  • Cracking Android games
  • Removing defamatory comments from a blog post
  • Taking down a small website

Seem questionable? See their FAQ

 

Posted in Security Blog | Tagged , , | Comments Off on Hacker’s List

19,000 French Websites Either Defaced or DDoS’ed

Posted on January 16, 2015 by Carmelo

Since the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers. Defacements had the message: ‘The Islamic State Stay Inchallah, Free Palestine, Death to France, Death to Charlie.’

The French military’s head of cyberdefense, Admiral Arnaud Coustilliere, says most of these attacks were carried out by three Islamic hacker groups: Middle East Cyber Army, Fallaga team and Cyber Caliphate.

Two of the Paris terror attackers claimed allegiances to Al-Qaida in Yemen and a third to the Islamic State group.

Cyber activist group Anonymous on Thursday launched an operation dubbed #OpCharlieHebdo, whose aim is to target and takedown jihadists websites and social network accounts belonging to terrorists. They have the public to participate by reporting Twitter accounts of suspected terrorists.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on 19,000 French Websites Either Defaced or DDoS’ed

LinkedIn Phishing

Posted on January 16, 2015 by Carmelo

There has been a lot of phishing emails claiming to be from LinkedIn Support, designed to fool recipients into giving up their login credentials. The email uses a lowercase I instead of a capital i when spelling ‘Linkedln’

linkedin-ssl-html-source

I promote the use of 2 Factor authentication for most online services, where it is offered. Here is how to enable 2 Factor for LinkedIn. I also strongly suggest that separate passwords are used for separate online services.

Here are some services that offer two-step.

Go enable them and feel a little more confident in the security of some services you use!

Posted in Security Blog | Tagged , , , , , , | Comments Off on LinkedIn Phishing

20150415 = Changes to CISSP Domains

Posted on January 15, 2015 by Carmelo

Q: How is the CISSP exam changing?

A: The CISSP exam is being updated to stay relevant amidst the changes occurring in the information security field. Refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

As a result of the content refresh, we have updated some of the domain names to describe the topics accurately.

CISSP Domains, Effective April 15, 2015

  • Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  • Asset Security (Protecting Security of Assets)
  • Security Engineering (Engineering and Management of Security)
  • Communications and Network Security (Designing and Protecting Network Security)
  • Identity and Access Management (Controlling Access and Managing Identity)
  • Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • Software Development Security (Understanding, Applying, and Enforcing Software Security)

Via the ISC2.Org website. P.S. Always check the authoritative source for changes.

Posted in CISSP-Study | Tagged , , | Comments Off on 20150415 = Changes to CISSP Domains

New Scam, Don’t Click Court Ordered Appearance Notification

Posted on January 14, 2015 by Carmelo

Bad guys are sending emails claiming to come from a real law firm called ‘Baker & McKenzie’. The email states you are scheduled to appear in court and should click a link to view a copy of the court notice. It is an attempt by the bad guys to trick you into trying to “prevent a negative consequence” (See KnowBe4). If you click on the link, you download and install malware.

The email looks like this.

Posted in Security Blog | Tagged , , , , , , | Comments Off on New Scam, Don’t Click Court Ordered Appearance Notification

Vulnerability Found in Certain AMD Processor

Posted on January 13, 2015 by Carmelo

A vulnerability was found in AMD Processors that insufficiently protected code signatures and other errors in the firmware could be used by hackers to inject software, which could then be executed by the System Management Unit and Accelerated Processing Units.

The System Management Unit (SMU) in the chips is responsible for power saving functionality alongside other configuration tasks. Using his hack, Marek was able to extract SMU code from downloaded BIOS updates on various motherboard manufacturers, and subsequently able to obtain the secret key the company uses for the SHA1 hash in the chips’ code signature.

The vulnerability has been patched, update your AMD firmware.

Here is Marek’s video explaining.

Posted in Security Blog | Tagged , , , , | Comments Off on Vulnerability Found in Certain AMD Processor

Presidential Proposal List

Posted on January 13, 2015 by Carmelo

As part in the President’s State of the Union address, Barack Obama is planning on:

  • Insisting that companies reveal data breaches within 30 days
  • Criminalizing the sale of botnets
  • Criminalizing the sale of stolen U.S financial data

The President’s twitter feed is full of promoting CyberSecurity.

Posted in Security Blog | Tagged , , , , , | Comments Off on Presidential Proposal List

Non-Oracle sites offering Oracle ‘Fixes’/Malware

Posted on January 13, 2015 by Carmelo

Oracle put out a press release, it reads:

Warning

It has come to our attention that there are non-Oracle sites offering Oracle ‘fixes’ for genuine Oracle error messages.

You probably already don’t need to be told, however:

Please do not download these fixes as

  • They are not authorized by us in any way and
  • They are more than likely to be dangerous to your system

If you do encounter one of these sites please create a SR and we will rectify the situation.

“We’ve seen lots of industries targeted in the last year or two. Sounds like the bad guys have done some SEO work to lure potential victims to legit-looking sites that offer ‘patches’.”

Posted in Security Blog | Tagged , , , , , | Comments Off on Non-Oracle sites offering Oracle ‘Fixes’/Malware

IBM Z13 Mainframe: Fast and Promotes Secure Process

Posted on January 13, 2015 by Carmelo

IBM unveiled its z13 mainframe, a computer system and says is the most powerful and secure ever built.

When a single transaction triggers, as many as 100 others that must be run in order to analyze past purchases, data encryption and decryption, customer loyalty discounts, and much more. The star-burst effect prevents significant security vulnerabilities, but the z13 can help large companies mitigate those concerns, even when it comes to crucial financial data. The z13 is very fast, IBM says it can process 2.5 billion transactions a day (or the equivalent of 100 Cyber-Mondays every day).

Read more on wired.

Posted in Security Blog | Tagged , , , , | Comments Off on IBM Z13 Mainframe: Fast and Promotes Secure Process