//
you're reading...
Information Security, IT & TECHNOLOGY

Weekly Security Headlines: WannaCry, NSA, Pen Testing and more…


Kazuar, Windows Defender and Worst-Case Scenarios

The WannaCry Ransomware attack continues to dominate the news cycle, and we’re sure you’re closely watching developments and taking appropriate US-CERT precautions.

But from Microsoft issuing an emergency patch for Windows Defender to the NSA director sharing his cyber fears to Gizmodo phishing for Trump administration officials, last week didn’t disappoint in delivering a rich trove of other security news. In case you missed it, here are some other stories that got our attention.

 

Meet Kazuar

From the pages of “Oh great, they’re doing that now?” comes an analysis of the cyber-espionage malware dubbed Kazuar that incorporates an API to reverse C&C communications flow. Detailed over at BleeptingComputer – crediting research from Fox-IT and Palo Alto Networks – the highlights are:

… the most notable and original feature is in Kazuar’s C&C server communications… Kazuar has the ability to reverse the flow of normal C&C server communications. Instead of infected hosts pinging the C&C server for new commands, an attacker can ping the victim whenever he wants and send new instructions.

 

Patch Windows Defender… Like Right Now!

Google’s Project Zero discovered a vulnerability in the malware protection engines of Windows 7, 8, 8.1, 10 and Server 2016. Microsoft quickly responded by issuing an emergency patch. According to Ars Technica:

The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine—websites, file shares—could be used as an attack vector.

 

Government Cyber attacks Double, Trump Signs New Order

As reported by GCN, Dimension Data research found that cyber attacks on government agencies – as a proportion of total attacks – doubled from 7% in 2015 to 14% in 2016, ranking the government sector as a #1 target alongside the financial services industry.

According to GCN:

Government agencies were increasingly hit with ransomware attacks, coming in at 19% of attacks. (Business and professional services sustained 28% of all ransomware attacks.) Phishing and social engineering schemes, which delivered 73% of malware, were less likely to target governments, going after the manufacturing industry primarily.

On a related note, U.S. President Trump signed an executive order on cybersecurity. Subtitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” the order covers a wide array of security policies, issues, risk management and cyber initiatives. Paul Rosenzweig, breaks down the EO for Fifth Domain.

According to reporting by Bloomberg:

The order seeks to improve the often-maligned network security of U.S. government agencies, from which foreign governments and other hackers have pilfered millions of personal records and other forms of sensitive data in recent years.

 

You’d Better Listen to This Guy

The Washington Times reported on recent cybersecurity remarks from NSA Director Adm. Mike Rogers to the Senate Armed Services Committee.

…Adm. Rogers also raised eyebrows by discussing a “worst-case scenario” cyberattack on critical infrastructure that instead of revealing data – such as a WikiLeaks hack – would entail the manipulation of vital national data on a “massive scale.”

“Advanced states continue to demonstrate the ability to combine cyber effects, intelligence, and asymmetric warfare to maintain the initiative just short of war, challenging our ability to react and respond…”

From the Washington Post:

http://www.washingtonpost.com/video/c/embed/1b81037a-34c8-11e7-ab03-aa29f656f13e

 

Ethical Questions Emerge When Journalists Turn Pen Testers

Steve Ragan’s column at CSO raises some interesting ethical questions about Gizmodo’s effort to see if they could get Trump administration officials to click on phishing emails. The article Here’s How Easy It Is to Get Trump Officials to Click on a Fake Link in Email can fill you. Using tactics similar to those that compromised the Democratic National Committee, Gizmodo manufactured a phishing campaign targeting Trump advisors and administration officials and advisors, including then FBI Directory James Comey, Rudy Giuliani and Newt Gingrich, to see how many recipients they could get a click on a fraudulent link. About of half the links sent were clicked.

Ragan’s column asks, “does it cross a line when a news organization creates a Phishing simulation in order to develop news?” His analysis and consideration is worth checking out here.

 

No Basic Training for Military Cyber Operators

As we have noted often, the cyber skills gap continues to accelerate across all sectors, including the military. Ars Technica recently reported on a Senate Armed Services Committee hearing during which the Department of Defense discussed broadening its thinking when it comes to quickly onboarding and retaining cyber talent:

One of the possible solutions that the DOD has looked at is bringing people with experience and skills essential to offensive and defensive cyber operations into the service “laterally.” That means giving them ranks (and pay grades) commensurate to their skills and entirely bypassing the normal recruitment and advancement process.

 

…And What Else?

Naked Security shared details on how to hack a Jeep Cherokee.

Schneier on Security discussed Securing Elections.

BleepingComputer reported using digitally created fingerprints to unlock smartphones.

[(ISC)² Blog]

About @PhilipHungCao

@PhilipHungCao, GICSP, CISM, CCSP, CCSK, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 111,053 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, GICSP, CISM, CCSP, CCSK, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,801 other followers

Twitter Updates

Archives

May 2017
M T W T F S S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: