STE WILLIAMS

Researchers break down the differences in how China and Russia use social media to manipulate American audiences.

RSA CONFERENCE 2019 – San Francisco – Russia and China both leverage social media influence operations to sway opinions in the United States and other Western nations. Each has a unique reason for doing so, and they use markedly different techniques to achieve their goals.

This is the premise behind “Beyond Hybrid War: How China Exploits Social Media to Sway American Opinion,” a Recorded Future report that investigates Chinese influence campaigns and compares them with Russia’s. Researchers analyzed data from Western social platforms from October 2018 through February 2019 to determine how and why China exploits social media.

Researchers and academics across the US have been exploring Russian disinformation tactics since the 2016 US presidential election. There’s an assumption that other state-run influence campaigns must operate in a similar manner; however, this report shows that isn’t the case.

Analysts set out to learn whether China employs the same influence tactics in the English language social media space as it does domestically, and how Chinese state-run influence operations are similar or different from Russian ones, explained Priscilla Moriuchi, head of nation-state research at Recorded Future, in a presentation at this year’s RSA Conference. They found variances in foreign policy and strategic goals contribute to different methodologies.

“President Xi Jinping has different global strategic goals for China than President Vladimir Putin has for Russia; as a result, the social media influence techniques utilized by China are different than those utilized by Russia,” Recorded Future researchers explain in their report.

Russian Strategies: Disruptive, Destructive
“These strategic goals are disruptive,” said Moriuchi in her talk. Russia’s strategic goals are a polycentric international system, to challenge the unity of NATO, manipulate the US electoral system, and divide the US and European Union.

Its goals drive its methodologies: a nominally “private” firm — the Internet Research Agency (IRA), for example, in the 2016 election — is hired to run social media operations. In 2015–2016, IRA employees reported writers were hired to create and spread fake news on social media.

“We saw this type of content move from dissemination of fake news … to hyperpartisan content,” said Moriuchi. Russian social media operations also heavily used memes. They were intended to destabilize, erode trust, promote chaos, and sow discontent across the US.

Researchers pinpointed several trends in election disruption reinforced across social media platforms: a clear preference for one candidate, targeting of specific opponents, real-world impact (voter suppression), and secessionist/insurrectionist messages. Their goals are disruptive and destructive; as a result, their social media operations use similar tactics.

China’s Domestic Model: Control
The Chinese state heavily influences how people within its borders use the Internet. Moriuchi referenced the Golden Shield Project, a nationwide surveillance network, as well as the so-called Great Firewall of China, which aimed to censor content and influence the population.

China uses several technical measures to govern its Internet: URL filtering, man-in-the-middle attacks, mobile app bans, distributed denial-of-service attacks, search engine filtering. “The goal of control is to influence the way their public thinks and acts,” Moriuchi said. “That is the root of influence.”

Today, China employs three primary tactics to control people online, she continued. The first is outright censorship: People are blocked from posting comments or posts on certain topics, and recipients of banned messages don’t receive them. Next up is social media regulation: Platforms including Twitter and Facebook are blocked, and other social media is required to comply with state censorship organizations. Finally, it distributes fake comments.

“[It’s] hogging the seats on the Internet sofa,” Moriuchi explained. The government pays social media commentators to spread fake grassroots comments on news websites and social media to influence public opinion with positive, pro-regime sentiments.

China’s Foreign Tactics: A Model Country
In contrast to Russia’s model, which is built on disruption, China’s strategic goals are geared toward more influence on the international system. It wants to demonstrate how it’s committed to building a globally equal, peaceful world, and its foreign campaigns reflect it. There is little overlap between its domestic and foreign influence techniques, said Moriuchi.

“It’s a very, very positive image,” she explained. China wants to portray the “Chinese dream,” and use its messaging to propagate its role as a positive contributor to society. Russia’s aim is to be divisive; China’s is to influence American’s perception of Chinese policies. There was no large-scale attempt by China to interfere with the US presidential election, though it did disseminate news saying President Trump’s policies were “unstable” and “volatile and erratic.”

State-run media plants the seeds for a coordinated campaign, she added, and it’s common for papers to present the same story and photos. Paid advertisements reflect its goals: China promotes its natural beauty, cultural heritage, overseas leaders’ visits to China, Chinese leaders’ visits abroad, the positive impact China is having in science and tech, and breaking global news.

“China uses the openness of American society to propagate a distorted and dystopian view of its own government,” said Moriuchi.

It’s worth noting China’s social media influence has a tremendous reach: Moriuchi compared two Chinese state-run Instagram accounts with the entire known IRA campaign targeting the US. Whereas the full IRA initiative had 32.5 million engagements, two Chinese accounts had 5.4 million.

Related Content:

• 6 Questions to Ask While Buying a Connected Car
• 4 Ways At-Work Apps Are Vulnerable to Attack
• Facebook Plans Makeover as Privacy-Focused Network
• To Improve Security, We Must Focus on Its People

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/how-china-and-russia-use-social-media-to-sway-the-west/d/d-id/1334108?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.

The growing sophistication of tools and techniques for protecting people against phishing scams is forcing attackers to adapt and evolve their methods.

A Microsoft analysis of data collected from users of its products and services between January 2018 and the end of December showed phishing was the top attack vector for yet another year. The proportion of inbound emails containing phishing messages surged 250% between the beginning and end of 2018. Phishing emails were used to distribute a wide variety of malware, including zero-day payloads.

However, the growing use of anti-phishing controls and advances in enterprise detection, investigation, and response capabilities is forcing attackers to change their strategies as well. Microsoft said.

For one thing, phishing attacks are becoming increasingly polymorphic. Rather than using a single URL, IP address, or domain to send phishing emails, attackers last year began using varied infrastructure to launch attacks, making them harder to filter out and stop.

Microsoft said its analysis shows attackers are trying to avoid detection by using public and hosted cloud infrastructures to hide among legitimate sites and assets. “For example, attackers increasingly use popular document sharing and collaboration sites and services to distribute malicious payloads and fake login forms that are used to steal user credentials,” Microsoft said. “There has also been an increase in the use of compromised accounts to further distribute malicious emails both inside and outside an organization.”

The nature of phishing attacks is changing as well, Microsoft said. Many phishing campaigns last year combined attacks that were active for just a few minutes with much longer-lasting, high-volume attacks. Others were “serial variants attacks,” where attackers sent small volumes of mail on successive days, the software vendor said.

Like they used any malware, criminals last year used phishing in broad-based attacks and in narrowly focused, targeted ones. As one example of a highly targeted campaign, Microsoft pointed to Ursnif, a phishing campaign that used highly localized and customized content to try and trick a relatively small set of recipients into clicking on malicious links. The campaign involved phishing emails with content that appeared to come from a legitimate business in the same city or general geographic area as the intended victim. “Such attacks are quite different from broad-based campaigns and appear to be more legitimate and trustworthy,” Microsoft said.

The continued innovation around phishing is worrisome, says Usman Rahim, digital trust analyst at The Media Trust. On the one hand, phishing-attack costs are increasing for hackers. “Attackers have to put in a lot of effort in terms of creating new techniques using the latest technology,” he says. But even as defenders are getting better at spotting and stopping phishing attacks, threat actors are finding new ways to escape detection, to persist on infected systems, and to find new infection tactics, he says. “New techniques or tools are certainly making it harder for attackers to compromise the network.”

However, once an attacker successfully breaks into a company, network, or service, the reward is also big, he says. Attackers also have a broader range of devices to target in phishing attacks, Rahim says. “Mobile and other IoT devices are getting targeted specifically as they do not have the same defense as other protected devices.”

On another front, Microsoft’s analysis of 2018 threat data showed a significant drop-off in ransomware attacks. The WannaCry and NotPetya outbreaks of 2017 had many believing ransomware attacks would increase last year. However, they declined as much as 60% between March and December 2018 as end users and enterprises became more aware of the threat and how to deal with it. Businesses also exercised greater caution in backing up important files so data could be quickly restored if encrypted in a ransomware attack, Microsoft said.

Related Content:

• Advanced Phishing Scenarios You Will Most Likely Encounter This Year
• Whose Line Is It? When Voice Phishing Attacks Get Sneaky
• Phishing Attacks Exceed 137 Million in Q3: Kaspersky Lab
• 7 Most Prevalent Phishing Subject Lines

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/phishing-attacks-evolve-as-detection-and-response-capabilities-improve-/d/d-id/1334109?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet, according to a new Verizon report.

RSA CONFERENCE 2019 – San Francisco – As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet. That’s one of the big takeaways from Verizon’s “Mobile Security Index 2019,” released here this week.

The report is based on responses from 671 enterprise IT professionals from a wide range of business sizes across a broad array of industries. The picture they paint in their responses is one where mobile security is a major concern that’s getting worse, not better, as time goes on.

More than two-thirds (68%) say the risks of mobile devices have grown in the past year, with 83% now saying their organizations are at risk from mobile threats. Those risks have changed in the year since the first edition of the “Mobile Security Index.”

“In the first iteration, organizations were more nervous about losing access to the device itself” through theft or accidental loss, said Matthew Montgomery, a director with responsibilities for business operations, sales, and marketing at Verizon, in an interview at the RSA Conference. This time, they are worried about ” … having a breach or losing access to the data, because the device became very centric to businesses in the way they work.”

Those worries, though, don’t necessarily translate into effective security efforts. “There’s still this big perception — they think they’re secure, that they’re doing things to help them with mobile security, but yet they’re still telling us that they’re sacrificing mobile security to get the job done faster,” said Justin Blair, executive director of wireless business products at Verizon.

Montgomery said the sacrifice and inability to put effective security in place is not because the organizations don’t understand how to make systems secure. “Most of these organizations have really strong or world-class security in their traditional framework. Their networks, their Windows machines, their firewalls — they take very good care of the cybersecurity,” he said.

The breakdown comes in applying those security practices to mobile devices. Part of the problem has to do with the way employees work, Blair said. “It’s 10% of the time these devices are showing up on corporate networks, while 90% of the time they’re either on a cellular network, on a public Wi-Fi network, or on a home Wi-Fi network,” he explained.

And those remote connections contribute to the way organizations think about their employees as threat actors. According to the report, “At 38%, employees topped the list of actors that respondents were most concerned about.”

Unfortunately, it’s not just accidental employee-driven data loss that worries companies; 46% say personal gain is the leading motivator for employee security breaches, while accidents come in second, at 36%.

How can companies get better? An easy step forward would come from strong policies. The survey results show that less than half of companies (45%) have acceptable use policies (AUPs). Of those that do have such policies, only 21% have policies that could be considered comprehensive, with sections that deal explicitly with mobile devices, external network connections, and acceptable content on enterprise-connected devices.

Related Content:

• Debunking 5 Myths About Zero Trust Security
• Cybersecurity and the Human Element: We’re All Fallible
• 4 Payment Security Trends for 2019
• Remote Access the Diminishing Security Perimeter

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/mobile/companies-having-trouble-translating-security-to-mobile-devices/d/d-id/1334111?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Researchers have uncovered a network of GitHub accounts containing backdoored versions of legitimate software. In some cases, the doctored applications secretly downloaded bot software that could be used to remotely bid on high-value sneakers.

Researchers at DFIR.it seem to favour quality over quantity. They blog roughly once each year, but when they do it’s a doozy. This year’s blog contains a detailed investigation into a network of over 300 accounts on GitHub, an online service that allows people to store and collaborate on software projects. The accounts promoted a mixture of Windows, Linux and Mac OS software with malware backdoors.

The researcher, who goes by the name JJ, found what claimed to be an installer for JXplorer, a Java-based LDAP browser and editor. They found that the fake installer included functionality not in the official JXplorer installer, which led them down a rabbit hole of fake software and dummy accounts.

The installer downloaded and executed code from a free dynamic DNS provider designed to run in Microsoft’s Powershell command line shell. Powershell is a legitimate tool for sysadmins, but intruders also often use it to execute commands because it allows low-level access to the operating system. Downloading and executing Powershell code is an unusual thing for an installer to do.

The installer also installed blazebot, which is a software bot that enables people to keep trying to buy new, limited edition sneakers as they become available on e-commerce sites. The bot was connected to supremenewyork.com.

Why would anyone do that? As it turns out, sneakerbots are big business. The world of ticket bots, which constantly hammer online ticket sales sites to buy tickets when they first appear, is relatively well-known. The sneaker-buying subculture is less public, but ‘sneakerheads’ will pay hundreds of dollars for the mere chance of buying the latest soft shoe brands.

The bot seemed to match Supreme New York Blaze Bot, a sneakerbot demonstrated on YouTube. The person who uploaded that video has the same name as the person who owns the blazebot repository on GitHub.

JJ analysed other code in the fake installer and found it calling out to hardcoded URLs, from which it downloaded more code that looked like a remote access tool (RAT). This in turn communicated with backend command and control servers from which it could download new code. Finally, it also extracted the username from a user’s .gitconfig file, which is the file containing settings for the git software repository used on many developer machines.

Digging further, JJ searched for JXplorer on GitHub and found repositories using its name. Rather than clones of the real repository (which people often create if they’re working on new open source features), these were unique repositories. Some of them ranked higher than the official repository, with more GitHub stars. Checking the Linux JXplorer installer in one of these repos, JJ found more malicious code that infected the host machine.

JJ analysed other GitHub accounts that starred or followed the fake JXplorer repository and found telltale signs of dummy accounts created automatically. These included clusters of accounts created at the same time, often hosting only one or even no repositories. These accounts all starred or subscribed to each other’s repositories, creating a network of dummy GitHub accounts that bolstered each other’s reputation.

Analysing one of these accounts, JJ found backdoored software containing malicious code that tried to download a file from a SourceForge project. That project seemed to belong to the same person that owned the original blazebot repo on GitHub. GitHub has taken down practically all the accounts in the network, although the account containing the blazebot repository is still up at the time of writing.

What’s the takeaway here? There are several.

First: JJ’s blog is a great example of online digital investigations, and worth reading for anyone interested in getting involved in the field.

Second: Sneakerbots. Who knew?

Third: Creating subnetworks of accounts to bolster reputation for malicious purposes is a thing, and people are doing it on GitHub now.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/3TSkDPHFs5I/

A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers.

Security company Imperva used Shodan to find open ports running Docker, finding 3,822 on which the platform’s remote API was publicly exposed.

Of these, around 400 had accessible IP addresses on port 2735/2736, the API’s listening ports.  The majority turned out to be running cryptominers, with legitimate MySQL and Apache production servers on a smaller number.

Used to configure containers, Docker’s API ports shouldn’t be accessible externally. Combined with CVE-2019-5736, a critical root access vulnerability in Docker’s default container runtime, runC, this will could quickly lead to a full compromise.

As bad as cryptocurrency mining sounds, the researchers explain that attackers could do a lot worse with pwned Docker hosts, including stealing credentials to attack the internal network, hosting phishing and malware campaigns, and creating botnets:

The possibilities for attackers after spawning a container on hacked Docker hosts are endless.

Not to mention that these hosts are still busily mining Monero for criminal gain:

Monero transactions are obfuscated, meaning it is nearly impossible to track the source, amount, or destination of a transaction.

What to do

The worry is that hundreds of Docker hosts have already been compromised with many more potentially on offer. Clearly, if the runC flaw is being exploited, that means admins haven’t patched it. Given how serious it is, that’s a surprise.

Updating Docker to v18.09.2 or later should fix that flaw although it’s still important to ensure it’s been securely implemented in the first place (Imperva saw credentials stored insecurely as environment variables, for example).

Last June, sites running the Drupal CMS were hit by the ‘Drupalgeddon 2’ Monero cryptomining attack months after the vulnerability making that possible, CVE-2018-7600, was patched.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/9RgFH_0LGQE/

The US National Security Agency (NSA) has created a boatload of buzz over the past few days with these two headline-makers:

First, a senior Republican congressional aide suggested over the weekend that the agency might be shuttering its phone metadata slurping program instead of renewing it in December (suppress your glee: the news is less encouraging for surveillance-adverse citizenry than it appears at first blush) and….

…Second, by releasing Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade.

First, the political cat-and-mouse game:

Will the USA Patriot Act really die?

News of the NSA potentially killing off its mass phone-spying program – exposed by whistleblower Edward Snowden in 2013 – came on Saturday in the form of a Lawfare podcast interview with Luke Murry, national security advisor to House minority leader Kevin McCarthy.

At 5 minutes in, Murry said that the NSA hasn’t been using its metadata collecting system for spying on US citizens for the past six months, due to “problems with the way in which that information was collected, and possibly collecting on US citizens.” The program is due for Congressional reauthorization in December 2019, but Murry suggested that the administration might not bother:

I’m not actually certain that the administration will want to start that back up given where they’ve been in the last six months.

News outlets jumped on the notion that the NSA might end a widely disliked spying program: one that courts have dubbed illegal, that privacy advocates have protested, and which legislators have filibustered against, given that it indiscriminately snoops on America’s own citizens.

If you’re wondering which spying program Murry was talking about, join the club. Was it the USA Patriot Act, whose Section 215 supported the NSA’s bulk collection of telephone records, which resulted in the agency having collected the phone records of millions of US persons not suspected of any crime? Or was it the USA Freedom Act, signed into law in 2015 as what was supposed to be a way to clip the NSA’s powers?

Section 215 expired at the end of May 2015 but was re-enabled through to the end of 2019 via the USA Freedom Act, which passed the following month, as well as being extended via various other legal maneuvers.

In the interview with Lawfare, Murry muddled the two laws. When asked about national security topics coming up this year, he said:

One which may be must-pass, may actually not be must-pass, is Section 215 of USA Freedom Act, where you have this bulk collection of, basically metadata on telephone conversations – not the actual content of the conversations but we’re talking about length of call, time of call, who’s calling – and that expires at the end of this year.

Again, Section 215 is actually from the Patriot Act. But whatever law Murry referred to, we shouldn’t be too excited by the notion that it will go away, because if history is any guide, it won’t. Rather, it will likely be reinterpreted and spring up in a new form. The Register has done a thorough rundown of how the NSA works that, and it’s well worth a read.

For example, Section 215 goes far beyond authorizing the collection of phone metadata, but the truth is that the secretive NSA hasn’t told us about the other 97% of data collection it authorizes. From the Register:

In 2014, for example, there were 180 orders authorized by the US government’s special FISA Court under Section 215, but only five of them related to metadata; the rest cover, well, the truth is that we don’t know what they cover because it remains secret.

It could be that Section 215 covers collection of emails and instant messages, search engine searches, and video uploads, for example. The law says that the NSA can collect “tangible things”, which could mean just about anything.

After the blanket surveillance program was reauthorized in 2015, the Office of the Director of National Intelligence (ODNI) issued an official statement that sure did sound good: the NSA would stop analyzing old bulk telephony metadata and start deleting it. What it would shift to, the DNI said, was the Freedom Act’s new, “targeted production” of records.

It turns out that the phone data collection didn’t stop, however. In a June 2018 statement, the ODNI said that the NSA had begun deleting all the call detail records that it had gotten its hands on – after that new, “targeted” approach.

The NSA blamed “technical irregularities in some data received from telecommunications service providers” for the junking of the phone records – problems that, it promised, had been resolved, clearing the way for yet more future records collection.

Murry said the program never got rebooted, though, and that he doesn’t believe it will. This undoubtedly has something to do with strenuous efforts by two US senators, Ron Wyden and Rand Paul, who’ve both been waging war against the NSA’s spying.

During their wrangling, which has gone on for over a year and has focused on getting more control of Section 702 of the Foreign Intelligence Surveillance Act (FISA), the NSA has avoided answering Rand’s questions (PDF), such as whether the NSA is collecting domestic communications. It’s also gotten creative with coming up with secret interpretations of the law.

The Register suggests that the fact that the public only knows about the telephone metadata aspects of the far broader Section 215 could be an advantage to the NSA, as it continues to find ways to keeping getting the data it wants. From the Register:

If the NSA offers to give up its phone metadata collection voluntarily, it opens up several opportunities for the agency. For one, it doesn’t have to explain what its secret legal interpretations of the law are and so can continue to use them. Second, it can repeat the same feat as in 2015 – give Congress the illusion of bringing the security services to heel. And third, it can continue to do exactly what it was doing while looking to everyone else that it has scaled back.

On a far more security-crowd-pleasing note, there’s the NSA’s release of Ghidra:

Ghidra

The NSA released Ghidra, a software reverse engineering tool, at the RSA security conference on Wednesday. It marked the first public demonstration of the tool, which the agency has been using internally and which helps to analyze malicious code and malware tracks down potential vulnerabilities in networks and systems.

ZDNet, reporting from the conference, said that the NSA’s plan is to get security researchers comfortable working with the tool before they apply for government cybersecurity positions, be those jobs at the NSA or at the other government intelligence agencies with which the NSA has privately shared Ghidra.

At this point, Ghidra is available for download only through its official website, but the NSA also plans to release its source code under an open source license on GitHub.

The initial reviews have been, overall, positive, in large measure because “free” is a lot cheaper than the alternative tool, IDA Pro. The commercial license for IDA Pro costs thousands of US dollars per year. Here are some early reviews from well-known security pros:

@zglozman @jcase @matalaz Yes, I’m going to start using it for all new projects. So far, it looks like it can repla… twitter.com/i/web/status/1…

—
Tavis Ormandy (@taviso) March 06, 2019

The good things:

– The decompiler is fucking awesome.
– The decompiler supports anything that you can disassembl… twitter.com/i/web/status/1…

—
Joxean Koret (@matalaz) March 06, 2019

If you haven’t tried out Ghidra yet, you can get more information on the official website or on the GitHub repo.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/pLDFf9kQYak/

A 13-year-old Japanese schoolgirl was brought in, questioned, and charged with posting the code for an unclosable browser popup on an internet billboard, the Japanese news agency NHK reported on Monday.

According to ZDNet, you could close the popup in some desktop browsers, including Edge and Firefox, but you couldn’t close it on desktop Chrome and most mobile browsers.

Police said that the girl, from the city of Kariya, didn’t create the malicious code, but she did share it. You can see the popup on this archived page, but stay away from it if you’re on a mobile device, ZDNet warned.

I wasn’t. I clicked. This is what I saw on desktop Chrome:

According to the Google-translated NHK story, the message translates to…

It’s useless to close many times

NHK reported that police also searched the house of a 47-year-old male construction worker from Kagoshima, as well as that of an unemployed man from Yamaguchi. Police also said that they’re investigating three other people – they aren’t acquainted with each other – who allegedly copied and pasted the code elsewhere online.

Silly prank

On Reddit, users reacting to the story of the 13-year-old’s arrest reminisced about their own history with writing infinite-loop codes like this. Here’s CryptoNoob:

I remember cooking up one of these in Javascript class. It would open 10 of “itself” if you closed one of its windows. Pretty quickly the whole computer would slow to a crawl, and the only way out was a reboot, because ending its task after ctrl + Alt + delete was the same as closing it.

I would copy it to unsuspecting victim’s computers while they weren’t in the room, then rename it to something like “read this” or “porn”.

The old trick to screenshot someone’s desktop with icons, set it as desktop background and hide all the desktop icons, then watch the person trying to open their desktop apps wasn’t fun anymore.

Sometimes I would also copy my Javascript virus to the windows startup folder. Then a reboot gets you right back where you started, a web page telling you that you have 9999 button clicks left to go to close the window (a For loop) or a dare to try and close the window manually.

When somebody asked, Why? CryptoNoob said they did it for the lulz:

Comedy! That’s what I told myself. Now I see, maybe it was just pure evil.

Unfortunately, Japanese police don’t LOL at this sort of thing.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/-PYCxr1FQZA/

Cisco has published patches for a plethora of problems with its products, including vulns that could trigger denial-of-service conditions – and a sneaky one that “could allow an authenticated, remote attacker to execute arbitrary commands with root privileges”.

The root vuln exists in the NX-API feature of Cisco’s NX-OS switch operating system and comes about because NX-API does not correctly validate user-inputted data.

According to Cisco: “An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled.” These packets are seemingly not authenticated, allowing a random person to gain full control over the target device.

NX-API is disabled by default. The vuln affects a large number of Cisco’s Nexus (n)000 series switches as well as the MDS 9000 Series. Although the vuln has been allocated a CVE number (2019-1614), no further details of the exploit are publicly available at the time of writing. Patches are available from the Cisco website.

D’ohS

Another NX-OS vuln disclosed by Switchzilla today exists in the OS’s network stack. It allows a miscreant to trigger a denial-of-service condition by crapflooding switches running NX-OS with “crafted TCP streams” in a “sustained” way. This causes the stack to “run out of available buffers”, in Cisco’s words, eventually overwhelming the switch and causing it to go and curl up in the corner for a while, gently rocking and murmuring to itself about load balancing.

NX-OS has also been patched for a second DoS trigger, this time one that exists in Cisco’s implementation of LDAP in both NX-OS and Cisco FXOS. Improper parsing of LDAP packets causes a condition that could be exploited by an attacker who has the IP address “of an LDAP server configured on the targeted device”. A successful exploit causes the target device to reboot, triggering a temporary DoS condition. Patches are available here.

Cisco’s full set of patches issued this week for NX-OS and FXOS devices are all available on its website. Last year a slightly more critical set of NX-OS and FXOS were pushed out in June. Happy installing! ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/03/07/cisco_nx_os_patches/

The adtech industry was unable to muster even a single speaker to fill a 10-minute slot to discuss the security implications of programmatic advertising at a much-anticipated event yesterday.

The talks were run by the Information Commissioner’s Office at an undisclosed location in central London as part of efforts to dig into the murky depths of targeted ads and the real-time auctions that drive the field.

It was badged as a fact-finding mission, and the ICO had emphasised that it wanted to hear “diverging views” from all sides and all parts of the advertising chain.

“In order to develop our understanding of all aspects of this complex ecosystem, our next step is to… bring together a range of representatives from across the adtech industry to explore each of our key themes,” Simon McDougall, executive director for tech policy at the ICO, said in a blog post last month.

However, industry representatives declined to appear on stage to give their side of things in the security-focused section of the programme – one of three prongs McDougall had outlined for investigation.

This was not through a lack of trying on the ICO’s behalf; as late as 3.45pm on the day before the event, an email went round to attendees searching for participants.

The mail, seen by The Reg, offered delegates from the adtech industry the chance to take a 10-minute slot in the afternoon session on security of personal data.

“Industry has thus far appeared reluctant to speak during this session and, while all delegates will be able to participate from the floor during the moderated discussions, there is an opportunity here for AdTech to put forward its views alongside those of the regulator and civil society,” the email stated.

McDougall said in advance of the event that the ICO was particularly interested in how organisations “can have confidence and provide assurances that any onward transfers of data will be secure”.

The issue is that programmatic advertising relies on the rapid sharing of users’ personal data, which includes everything from the site they’re on and the device they’re using to their GPS coordinates. In a fraction of a second, this info is pinged around hundreds of publishers and exchanges.

Critics question whether it is possible to ensure the security of this data both as it whizzes between organisations and after the auction has finished – and forms part of a complaint lodged with European data protection agencies about the Interactive Advertising Bureau and Google.

The fact adtech industry reps didn’t give their side of the security story at the event is like a red rag to a bull, allowing those critics to argue the reason they failed to appear is because they don’t have a leg to stand on.

It is of course possible adtech bods didn’t feel up to facing the wrath of the privacy warriors no doubt in attendance – an argument slightly undermined by the fact there was a better balance in other sessions.

Indeed, the ICO had brought industry to the event – although the nature of Chatham House rules means no one can name names – and they are said to have spoken in sessions on the other two strands of the ICO’s potential probe.

These were transparency and personal data – what people are told about how their data is used for online advertising and how accurate those disclosures are – and the lawful basis for processing of personal data.

On the latter point, McDougall said ahead of the event that there were “several schools of thought around the suitability of various basis for processing personal data”, which the ICO wanted to assess.

However, it is understood that the ICO is accepting written submissions from those who didn’t get to speak on the day – so the adtech groups still have time to offer their thoughts on security.

We’ve approached the ICO for comment. The body is also set to publish a blog about the event soon. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/03/07/ico_adtech_talks/

WhiteHat Security will continue to operate as an independent subsidiary of NTT Security following the deal.

NTT Security, a specialized security firm and division of NTT Group, has confirmed plans to buy application security provider WhiteHat Security.

WhiteHat is a privately held company founded by professional hacker Jeremiah Grossman in 2001. For the past 15 years it has been focusing on app security; its cloud-based application security platform aims to help businesses better build security into the development process. NTT Security is a subset of Tokyo-based NTT (Nippon Telegraph and Telephone Corporation).

Now, NTT Security wants to use WhiteHat’s tech as part of its strategy to integrate application security and DevSecOps into its portfolio. WhiteHat customers will have access to NTT Security’s consulting and advisory services, along with its Managed Security Services. The two plan to tackle enterprise security needs from critical infrastructure to business applications.

Following the close of the acquisition, WhiteHat Security will operate as an independent, wholly-owned subsidiary of NTT Security, officials say, and the companies will continue to invest in emerging security technologies. Terms of the deal were not disclosed. WhiteHat has raised $50.6 million in funding since it was founded and now has 251-500 employees.

Read more details here.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/application-security/ntt-security-confirms-whitehat-acquisition/d/d-id/1334075?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple