Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Anything under the umbrella of IT Security, Computer Security, IT Controls
Microsoft and Bank of America Merrill Lynch are collaborating on a new pilot project aimed at automating trade finance transactions using blockchain technology, the companies announced yesterday.
Blockchain is best known as the distributed database technology at the heart of cryptocurrencies like Bitcoin. It is hardened against tampering, preventing even its operators from revising or otherwise meddling with its continuously growing list of records.
via https://ift.tt/2dbc1PR
OSquery
, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.
But now the social network has announced that the company has developed a
Windows version of its osquery tool
, too.
When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.
OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.
Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.
In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.
This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.
This open source endpoint security tool has become one of the most popular security projects on
since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.
So, if your organization was running a Windows environment, you were out of luck.
But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.
“
As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,
” reads the earlier version of Facebook’s blog post provided to The Hacker News.
“
We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.
”
To get started with the OSquery developer kit for Windows, check this official
, the development environment, and a single
. The build is easy to install, and you can start coding right away.
You can read the full documentation of the development process of the OSquery developer kit for Windows on the
by Trail of Bits.
via https://ift.tt/2ddd1TW
The Enterprise Mobility and Security blog posted the first of a new series of informational articles that will be delving deeper into the new conditional feature.
via https://ift.tt/2dq7IiT
Today’s savvy bank robbers don’t break into vaults looking for gold or diamonds: They’re more likely to be hacking networks looking for access to the Swift payment system. Illusive Networks wants to catch them in the act.
via https://ift.tt/2dfAmpQ
OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.
By reducing this burden we hope pen testers will have more time to:
This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.
You can download OWASP OWTF here:
|
|
wget –N https://raw.githubusercontent.com/owtf/bootstrap-script/master/bootstrap.sh; bash bootstrap.sh |
Or read more here.
via https://ift.tt/2dpJqsK
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 51 has been released today.
via https://ift.tt/2cIYmjt
When Yahoo said on Thursday that data from at least 500 million user accounts had been hacked, it wasn’t just admitting to a huge failing in data security — it was admitting to the biggest hack the world has ever seen. Until Thursday, the previous largest known hack was the 2008 breach that hit almost 360 million MySpace accounts, according to a ranking by the "Have I been pwned" website.
via https://ift.tt/2deEZ58
Yahoo says it was the victim of state-sponsored hackers who stole information associated with 500 million accounts.
Yahoo CISO Bob Lord said the attack happened on the company’s network in late 2014; he did not name the country responsible.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Lord said in a statement. “The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
Yahoo, which said law enforcement is investigating the breach, believes the attackers are no longer on its network. The confirmation of the attack comes as Verizon continues its $4.83 billion acquisition of Yahoo’s core business. It’s unknown how the news of the attack will impact the deal going forward.
Affected users are going to be notified via email and Yahoo will force a password reset and also urge the use of multifactor authentication, including its Yahoo Account Key. Yahoo has also invalidated unencrypted security questions and answers for affected accounts, and recommends that all users change their passwords if they haven’t done so since 2014.
“An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries,” Lord said. “Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”
Yahoo’s confirmation comes after an Aug. 1 report that said a cache of 200 million Yahoo user credentials were put up for sale on a dark web site called The Read Deal by a hacker who goes by the handle “Peace” or “peace_of_mind.” The asking price was 3 Bitcoin, or about $1,800 USD.
Initially, it was believed that the data stolen in the attack dated back to 2012. Given that users will reuse passwords over and over for different accounts online, the stolen credentials can give the attackers access to multiple accounts belonging to the same victim.
Already this year, a number of high-profile websites have had user account information and credentials dumped online. Most of those leaks, however, have been data accumulated from a number of locations online stolen in a number of older breaches.
The Yahoo breach represents the largest number of stolen credentials to date this year (a collection of 470,000 MySpace credentials was put online earlier this year).
LeakedSource, an subscriber-based aggregator of personal data found online, told Threatpost that two files containing Yahoo credentials have been available for years, including a sample text file containing 5,000 credentials, and an encrypted file containing 40 text files claiming to be from Yahoo. “We have both of them as well as the decryption key for the 40 text files which we determined to be fake,” LeakedSource said. “The 5,000 sample however may be real and provide enough evidence for Yahoo to begin resetting passwords.”
via https://ift.tt/2cGuSRh
A site that’s been warning the public about data breaches might actually be doing more harm than good.
Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts — including the passwords — is probably in it.
via https://ift.tt/2cngOjv
Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive.
The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to researchers at Morphus Labs in Brazil. It was discovered by the company in response to an infection at a customer in the energy sector in Brazil with subsidiaries in the U.S. and India.
Renato Marinho, a researcher with Morphus Labs, told Threatpost that the ransomware is likely being spread via phishing emails. Once it infects a machine, it overwrites the existing Master Boot Record with a custom MBR, and from there, encrypts the hard drive.
“Mamba encrypts the whole partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”
The malware is a Windows threat, and it prevents the infected computer’s operating system from booting up with out a password, which is the decryption key.
The victims are presented with a ransom note demanding one Bitcoin per infected host in exchange for the decryption key and it also includes an ID number for the compromised computer, and an email address where to request the key.
Mamba joins Petya as ransomware targeting computers at the disk level. Petya encrypted the Master File Table on machines it infected. Mamba, however, uses an open source disk encryption tool called DiskCryptor to lock up the compromised hard drives.
Petya was a game-changer among ransomware families. It spread initially among German companies targeting human resources offices. Emails were sent that contained a link to a Dropbox file that installed the ransomware. The malware showed the victim a phony CHKDSK process while it encrypted the Master File Table in the background.
Researchers quickly analyzed Petya’s inner workings and by understanding its behavior, were able to build a decryptor shortly after the first infections were disclosed.
More than a month after Petya surfaced, a variant was found that included a new installer. If the installer failed to install Petya on the compromised machine, it installed a less troublesome ransomware strain known as Mischa. Petya included an executable requesting admin privileges that caused Windows to flash a UAC prompt; if the victim declined at the prompt, the malware would install Mischa instead of Petya.
Mischa behaves like most of the ransomware many are familiar with. Once the victim executes link sent in a spam or phishing email, the malware encrypts local files and demands a ransom of 1.93 Bitcoin, or about $875 to recover the scrambled files.
via https://ift.tt/2cFo7RQ