Top InfoSec Posts From Peerlyst, 2/14/2017–2/18/2017

Top User Posts

Deception — turning the tables on your adversaries, by Henrik Johansen — A lot of the tooling that companies use to defend their assets focuses on the upper part of the kill chain … very little however is usually available on the very last piece of that chain; Actions on Objective. I work in an environment where samples of malware are plentiful — we detonate a lot of stuff in our sandboxes and feed the generated IOCs back into our security pipeline but I felt that we were missing out on something important — full exploitation.

Stuck in Traffic vlog #273 — Persistence in Group Policy, by J. Wolfgang Goerlich — Persistence is a stage in an attack lifecycle‍. Once in, stay in. One way we’re seeing persistence done is with Active Directory Group Policy‍. Here’s how to do it, and how to detect it.

Infosec Basics: Definition of and understanding self-healing malware, by Gina Robertson — The infosec basics‍ series: Antimalware programs will sometimes delete or quarantine malware only partially. A user might also in theory detect and delete suspicious files or folders on a computer that contain parts of a malware package running. Self-healing malware has the ability to detect that it has lost a part of it’s functionality and redownload or redeploy these pieces from for example an embedded zip archive inside remaining files.

GDPR and Cybersecurity, a Very Limited Partnership, by David Froud — If a security vendor has ever told you that the GDPR is imposing fines of up to 4% of annual global revenue for data breaches, they are either: ignorant of the standard; and/or lying to you. Being generous, they may not actually know they are lying, the General Data Protection Regulation (GDPR) isn’t exactly easy to decipher, but even a cursory review tells a rather obvious story.

Top News Stories

REMCOS: A New RAT In The Wild, by Fortinet — Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. Have you seen Remcos yet?

New ASLR-busting JavaScript is about to make drive-by exploits much nastier, by Arstechnica — For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities. Did you hear about this?

Decoding Chrome’s HTTPS UX, by Noncombatant — In this post Chris tries to illuminate and explain Chrome’s HTTPS-, TLS-, and X.509-related security UX surfaces. They are a bit complicated, and they’ve changed recently, and the Web PKI is very weird, so he thinks they bear some explanation.

New Android trojan mimics user clicks to download dangerous malware, by ESET — Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute additional malware of the attackers’ choice. Have you gotten hit with this yet?

Biometric tracking in the enterprise, by CSOOnline — From company issued Fitbits to staff ID badges equipped with microphones, the field of employee biometrics has developed a great deal over the past few years. While many companies track workforce data, this has traditionally been basic HR information like headcount, succession plans and competencies. How do you feel about being tracked in the workplace?

CrowdStrike attempts to sue NSS Labs to prevent test release, court denies request, by CSOOnline — Did you hear that….Last week, before the start of the RSA conference in San Francisco, CrowdStrike filed for a restraining order and injunction in a federal court, seeking to prevent NSS Labs from releasing the results of a recent NSS’ Advanced Endpoint Protection (AEP) group test?

Metadata: The secret data trail, by HelpNetSecurity — Every phone call, text message, even activated cell phones, leaves a trail of data across a network. In many cases this data is aggregated with other data and metadata including social media, web browsing, app data, GPS, shared pictures and other associated data to provide greater context. What does your metadata say about you?

Next-Generation Security Software: Myths and Marketing, by ESET — There is a view of the current security market that is often recycled by the media these days. It assumes a split between ‘first-gen(eration)’ or ‘traditional’ (or even ‘fossil’ or ‘dinosaur’) malware detection technology — which is invariably claimed to rely on reactive signature detection — and (allegedly) superior technologies using ‘next-gen(eration)’ signature-less detection. What Gen Do you Deploy?

Unix: A Game Changer in the Ransomware Landscape?, by Trend Micro — 2016 was the year when ransomware reigned. Bad guys further weaponized extortion into malware, turning enterprises and end users into their cash cows by taking their crown jewels hostage. With 146 families discovered last year compared to 29 in 2015, the rapid expansion and development of ransomware is projected to spur cybercriminals into diversifying and expanding their platforms, capabilities, and techniques in order to accrue more targets.

A Surreal Trip to a Domain-Names Conference, by Nextgov — In addition to being crucial to making the web work, domain names are also a highly political pocket of the web, particularly shaped by the legacy of colonialism. Most of the underlying protocols that make the internet work-including DNS-are encoded in ASCII, which translates bits into letterforms, numbers, and punctuation marks. Have you ever been to a Domain Names Conference?

Researcher develops ransomware attack that targets water supply, by CIO — A security researcher is showing that it’s not hard to hold industrial control systems for ransom. He’s experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked. David Formby, a PhD student at Georgia Institute of Technology, conducted his experiment to warn the industry about the danger of poorly-secured PLCs. Come read up on it!

Hacker Mindset: The Future of Encryption, by Tripwire — In my ongoing blog series “Hacker Mindset,” I explore an attacker’s assumptions, methods, and theories, including how information security professionals can apply this knowledge to increase cybervigilance on the systems and networks they steward. In this article, I explore the intense debate surrounding encryption and what it means for policy makers and consumers alike. Have you seen this series?

How does the board make informed decisions on cyber risk?, by It Security Guru — Picture the scene: your organisations’ name splashed across the papers for all the wrong reasons. Employee data lost, customer data leaked online, passwords stolen. With the number of data breaches increasing every day, this scene is all too familiar. What mistakes have you seen boards make?

Canada will soon force companies to disclose data breaches, by Ottawa Citizen — The federal government is in the final stages of enacting legislation that will require all businesses in Canada to report any cyber security breach as soon as they become aware of it. It’s a step meant to close what critics say has been a major gap in this country’s protection of personal and financial data. Have you heard this major news for Canada? What do you think?

Ransomware-as-a-Service: Rampant in the Underground Black Market, by Fortinet — Given the popularity and success of ransomware, it is no surprise that malware authors have been developing more ransomware than ever before. Last year’s cost of ransomware attacks reached $1 billion, which not only shows how this affects businesses, but for cybercriminals the potential pay-out for cyber-extortion can be very lucrative. Has your company been hit with ransomware yet?

Events & Promotions

Keynotes at nullcon Goa 2017 + Giveaway of one individual pass for the conference!, by — The nullcon‍ Information Security Conference is coming closer, so we would like to share some information about the Keynote Speakers with you. On the 3rd of March — the first day of the conference — the Keynote will be held by Joshua Pennell, Founder and President of IOActive.

RSA Conference Panelists Split on Question of Paying Data Ransoms, by Eweek — A panel of experts recommended different ways of hardening companies against ransomware attacks, including better backups, insurance and perhaps even paying. SAN FRANCISCO-Ransomware will continue to cause pain for companies in 2017, but there continues to be no single successful strategy to prevent or reduce the damage caused by this disruptive malware. What are your strategies for dealing with ransomware?

The Beginner’s Guide to Information Security, by Peerlyst — “The Beginner’s Guide to Information Security” offers insight and resources to help readers embark on a career in one of the 21st century’s most important — and potentially lucrative — fields. Maybe you want to move into information security from IT, say, from a developer or system administrator role. Or maybe you just graduated with your bachelor’s or master’s degree. Whatever your education or prior experience, this book can offer you a great start, with advice from real people who are working in the InfoSec field.

Job Fair at nullcon Goa 2017 + Giveaway of one individual pass for the conference!, by — Nullcon‍ is an annual security event, which is driven by the security community for the security community. We are focused towards serving all kinds of audience and in that course nullcon is excited to host a special Job Fair by null — the open security community, a registered non-profit organization, for security professionals looking for a new opportunities and for organizations looking to hire the best of the talents from the security community.

Training at Nullcon Informational Security Conference in Goa, by — Join Javier-Vazquez Vidal & Ferdinand for Low Level Hardware‍ Reversing‍ (Basic) for 2 days in March at the Nullcon Information Security Conference in Goa next month! This training is oriented for those who have from little to no knowledge on how a system can be reversed on a hardware level. To fully understand an embedded system, you must first know how it works on a physical level. The objective of this training is to provide the attendees a starting point on pure and low- level hardware hacking. There will be zero to little IDA, just digital signals, protocols, and some hex file dumping, which are the core of every embedded system.

Schneier Brings Campaign For IoT Regulation To RSA, by ThreatPost — Bruce Schneier on Tuesday called on technologists to get involved with policy, insisting that as the Internet of things continues to unfold, the knowledge security experts have will become more applicable. Did you see his call to action?