Investigating an Odd DNS Query, (Thu, May 23rd)Thu, 23 May 2019 17:00:31 GMT I have been asked this question a few times, and figure it may be worthwhile to document this in a quick diary. This is typically the result of watching for odd DNS queries (and I highly recommend that). But not all DNS queries are created equal, and sometimes you will see odd, or even malicious, hostnames and domain names in your logs without any wrongdoing on your end.
Using Shodan Monitoring, (Tue, May 21st)Tue, 21 May 2019 00:34:29 GMT Back in March, Shodan started a new service called Shodan Monitor(1). What this service does is notify you of ports that are open on the network you specify. When you initially setup your network, you put in your CIDR to monitor and then select notification triggers where you will get emails for any of these categories that show up on the specified network. In the notification emails, you get a link to be able to whitelist systems. I'm finding that the uncommon ports to be chatty for large networks, and tend to whitelist many of these.
CVE-2019-0604 Attack, (Mon, May 20th)Mon, 20 May 2019 11:18:21 GMT Over the past week, I started seeing attacks on Sharepoint servers using vulnerability CVE-2019-0604. The Zero Day Initiative has a great write up(1) on the exploit of the vulnerability.
Snapchat Privacy Blunder Piques Concerns About Insider ThreatsFri, 24 May 2019 18:33:35 +0000 After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy.
Microsoft Beefs Up Wi-Fi ProtectionFri, 24 May 2019 15:52:54 +0000 The Windows 10 update that's rolling out addresses insecure Wi-Fi hotspots with new user notifications.
News Wrap: Which Companies Are Doing Privacy Right and Which Aren’t?Fri, 24 May 2019 13:42:25 +0000 The Threatpost team breaks down the top privacy-related data incidents of the week - including data leaks from HCL and a golfing app - and highlights some surprisingly good privacy news.
Goodbye Passwords: Hello Identity ManagementThu, 23 May 2019 20:59:32 +0000 As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.
Shade Ransomware Expands to U.S. TargetsThu, 23 May 2019 20:24:34 +0000 Coming to America: The Shade ransomware, which has historically targeted Russian victims, was recently spotted expanding its sights.
Calibration Attack Drills Down on iPhone, Pixel UsersThu, 23 May 2019 20:21:13 +0000 A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can't stop.
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance RecordsFri, 24 May 2019 20:47:11 +0000 The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records -- including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images -- were available without authentication to anyone with a Web browser.
Legal Threats Make Powerful Phishing LuresWed, 22 May 2019 19:26:04 +0000 Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days -- or else. Here's a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
Account Hijacking Forum OGusers HackedSat, 18 May 2019 13:44:20 +0000 Ogusers[.]com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.