Tag Archives: Blog Post Shout Out

Blog Post Shout-Out March 2020

With ransomware attacks continuing to be prevalent if you have an unaffected backup you won’t need to pay the ransom. However, how you backup your data (how many copies do you create?), the software you use and how it is configured can all make a difference.

Recommendation for how to create your corporate backups and how to better secure it are provide in the following article (which also includes details gathered from ransomware operators).

Ransomware Attackers Use Your Cloud Backups Against You by Lawrence Abrams (Bleeping Computer)

In previous posts I have provided recommendations for better securing Internet of Things (IoT) devices, to re-emphasise the basic steps, I also wish to provide a respectful shout-out to the following article highlighting the publication of guidance from the UK National Cyber Security Centre (NCSC):

UK NCSC Releases Tips on Securing Smart Security Cameras by Sergiu Gatlan (Bleeping Computer)

Full-disclosure: I am not affiliated or sponsored by Bleeping Computer in any way. I simply wish to more widely highlight good advice on topical security issues.

Thank you.

Blog Post Shout-out: Potential for Ransomware to Leverage Windows EFS

Related to my previous post detailing my tests of anti-ransomware software that could compliment existing anti-malware software, I wish to provide a respectful shout-out to the following post from SafeBreach. It details their results testing a proof of concept of using the built-in Encrypting File System (EFS) capability of Windows in order to encrypt a victim’s files rather than writing their own means of doing so:

https://safebreach.com/Post/EFS-Ransomware

Please review the list of anti-malware and anti-ransomware solutions available within the SafeBreach post. If yours is not on the list, contact the vendor to ask if such a change will be added soon? If you are certain you will not being EFS, disable it using the Windows Registry (defined) changes suggested in their post.

Thank you.

Blog Post Shout Out November 2019

While patching workstations and servers within organisations can be time consuming and occasionally disruptive to operations; critical infrastructure must remain online or at least minimise downtime.  I wish to provide a respectful shout-out to the following article from Amir Levintal,CEO and Co-Founder of Cylus who discusses these challenges and provides suggestions e.g. more resources, increased security awareness, and increased lobbying among regulators (among other suggestions) to overcome them:

How to Secure Critical Infrastructure When Patching Isn’t Possible: Kaspersky ThreatPost by Amir Levintal

I also wish to provide a respectful shout-out for the following article which highlights possible upcoming software updates for Amazon Kindles since vulnerabilities in the Universal Boot Loader were recently resolved:

Amazon Kindle, Embedded Devices Open to Code-Execution: Kaspersky ThreatPost by Tara Seals

Full-disclosure: I am not affiliated or sponsored by Kaspersky ThreatPost in any way. I simply wish to more widely highlight good advice on topical security issues.

Thank you.

Blog Post Shout Out March 2019

TL DR: If a device that stores your personal information has reached the end of it’s life, please strongly consider erasing it correctly before recycling or disposing of it.

A security researcher from Rapid7 purchased 85 used pieces of technology to check them for data left behind by their previous owners. 80 of the devices had data still remaining on them.

He was able to uncover the following:

  • 214,019 images, 3,406 documents and 148,903 email messages
  • 611 email addresses, 50 dates of birth, 41 Social Security numbers, 19 credit-card numbers, six driver’s license numbers and two passport numbers.

For these reasons I wanted to provide a respectful shout out to the following blog post by Josh Frantz of Rapid7:

https://blog.rapid7.com/2019/03/19/buy-one-device-get-data-free-private-information-remains-on-donated-devices/

When our devices have reached the end of their useful life we need to become better at removing our data from them. Please find below recommended guides for Apple iPhones, Google Android device and hard disks (both RAID and simple disk set ups). My thanks to Mr. Josh Frantz for collecting these links within his post.

Thank you.

====================
Apple iPhone:
https://support.apple.com/en-us/HT201351

Google Android:
https://www.greenbot.com/article/2451612/how-to-properly-and-securely-erase-your-android-device.html

Hard disks (typically how they are set up):
https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148

Hard disks (when used in a RAID configuration):
https://linhost.info/2010/06/parted-magic-erase-a-hard-drive/
====================

Blog Post Shout Out: June 2018

A number of varied security issues have come to my attention this week which I wanted to keep you informed of. I will provide a respectable shout out to the following sources:

Apple Encrypted Drive Information Disclosure:
At this time Apple macOS has an information disclosure vulnerability that affects encrypted drives in general (encrypted Apple HFS+ / APFS+ and VeraCrypt) that provide the potential for an attacker to obtain details of the files an encrypted hard drive is storing.

This vulnerability originates from the quick look feature of macOS; which allows a user to preview photos, files and folders quickly without having to open them. This feature stores the thumbnails (defined) of the files centrally in a non-encrypted area of the hard disk. This issue can also occur when a USB memory drive is inserted; the same feature stores thumbnails on the external drive and on the boot drive of the macOS system.

If you use an encrypted hard disk or value your privacy when using external drives, please run the following command documented at the end of the following news article after you have viewed sensitive info and want to clear that history/activity:

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives: BleepingComputer by Catalin Cimpanu

This suggestion is a workaround until (and if) Apple patches this.

=================
Yubico WebUSB Bypass:
The two-factor authentication/secure login vendor, Yubico has published a security advisory for the use of their YubiKeys. The vulnerability does not reside within the hardware keys themselves but in the authentication steps a web browser (e.g. Google Chrome) uses to authenticate an individual.

In summary, if you are using Google Chrome, please ensure it is updated to version 67 or later and follow the additional suggestion from Yubico in their security advisory:

Security Advisory 2018-03-02 – WebUSB Bypass of U2F Phishing Protection: Yubico

Windows 10 Persistent Malware:
The security vendor BitDefender have published a 104 page report detailing a spyware (defined) which uses rootkit functionality (defined). This malware is noteworthy due to its longevity (dating back to 2012) and it’s ability to install even on modern versions of Windows e.g. Windows 10:

Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation: BitDefenders Labs

=================
On a side note I am not too surprised this infection can persist on Windows 10. If a user is tricked into running malware e.g. by clicking a link or opening an attachment either of which can be contained in  a phishing (defined) email or an even more convincing spear phishing (defined) email from an organization or colleague you trust; strong defences won’t always keep you from becoming infected.

The BitDefender report can be downloaded from the above link (it does not request any personal information).

=================
The following news article links to 2 detailed but still easy to follow removal guides. If you are experiencing un-wanted adverts showing within websites that don’t usually show them (even though you are using an ad blocker) or are experiencing re-directs namely you wish to visit website A but are actually sent to website B, please follow these guides to remove this malware:

Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US: BleepingComputer: by Catalin Cimpanu
=================

Thank you.

Blog Post Shout Out: Security Advice for Summer Holidays/Travel

With the Summer holiday season approaching I wanted to provide a respectful shout out to the following security tips/articles while travelling. Even when we are out of the office and our homes; we should maintain vigilance to stay secure and safe.

Many of these tips you may already be using and many of them are simple to use but can make a real difference to ensure your time away runs smoothly and with no unwanted surprises when you return back home:

Tips such as being mindful before using a public charging station I have discussed before but these series of tips group them together for ease of use and convenience.

Some of the most important tips are:

  • Ensuring your portable devices are encrypted
  • Portable devise are carried with you or safely locked away
  • Ensure you changes passwords (from a system you own) after you have used a publically available computer
  • Enabling two factor authentication (more on this below)
  • Not making it obvious you have expensive devices with you (the tips from the US CERT below will clarify this advice)

Securing Mobile Devices During Summer Travel: US CERT
Holiday Traveling with Personal Internet-Enabled Devices: US CERT
Protecting Portable Devices: Physical Security: US CERT
International Mobile Safety Tips: US CERT
Cybersecurity for Electronic Devices: US CERT

====================
How to set up 2FA on eBay – go do it now!: Sophos Naked Security blog: by Maria Varmazis
Enabling 2FA for any online account is a great security measure and will be particularly useful when travelling to provide that every layer of security.
====================

How digital spring cleaning can protect your personal information: WMBF News: Christina Lob
Digital spring cleaning involves (among other steps) removing apps from your smartphones/tablets/computer systems that you don’t use. This enhances security since there will be less for attackers to target in terms of software vulnerabilities (reduced attack surface (defined) and the personal information these apps may store or provide access to. It will make it easier for you to maintain the device while travelling since there will fewer apps to update and the device will have more free space should you need it.

When you are back home; this spring cleaning advices further steps e.g. regularly checking your bank account and credit cards for signs of unusual or unknown transactions and reporting them as soon as possible. This is a good practice just in case any of your cards were unknowingly compromised while abroad.

For the final tips this article describes; I wanted to provide clarification:

Clearing out email inboxes is a good idea but will only enhance security if your account was compromised or you are being shoulder surfed by those around you; if you are following password and email best practices this shouldn’t happen.

Its advice on passwords could be better (this advice from Sophos is more secure) and emptying recycle bins while useful doesn’t truly delete data beyond recovery.

Thank you.

Blog Post Shout Out: Cisco IOS XE and Drupal Security Updates

I wish to provide a respectful shout to the following security advisories and news articles for their coverage of critical security vulnerabilities within Cisco IOS XE and the Drupal CMS (defined) released on the 28th and 29th of March respectively.

The backdoor (defined) account being remediated within the Cisco IOS XE update could have allowed an unauthenticated attack to remotely access the Cisco router or an affected switch and carry out any action allowed by privilege level 15

Meanwhile the Drupal vulnerability (dubbed “Drupalgeddon2”) is rated as highly critical since the vulnerability is both remotely exploitable and easy for an attacker to leverage allowing the attacker to carry out any action they choose.

Please follow the advice within the below linked to advisories and update any affected installations of these products that your organisation may have:

March 2018 Semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Cisco Removes Backdoor Account from IOS XE Software (includes mitigations if patching is not possible) by Catalin Cimpanu (Bleeping Computer)

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002

Drupal Issues Highly Critical Patch: Over 1m Sites Vulnerable by Tom Spring (Kaspersky ThreatPost)

Thank you.