Verifying SSL/TLS configuration (part 1), (Tue, Jul 23rd)Tue, 23 Jul 2019 09:58:11 GMT One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is – so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk.
Re-evaluating Network Security - It is Increasingly More Complex, (Sat, Jul 20th)Sat, 20 Jul 2019 20:34:20 GMT I saw an interesting report [1] this week released last month (June 2019) by the Enterprise Strategy Group (ESG) about the increase complexity dealing with network security. The report highlights these three things:
Malicious PHP Script Back on Stage?, (Thu, Jul 18th)Fri, 19 Jul 2019 06:18:58 GMT It's amazing how we can find old scripts coming back to life for some obscure reasons. If today, Powershell or JavaScript (and its derivations) are very common languages used to perform malicious actions, PHP remains also a good candidate. One of my hunting rules is to search for reversed PHP commands using the strrev() function. A few days ago I found a PHP script on pastebin.com that contained the following functions:
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls, (Thu, Jul 18th)Thu, 18 Jul 2019 12:07:49 GMT Today’s story is a short how-to on implementing 802.1x authentication for wired switch ports.  In other words, workstations have to authenticate to be allowed on the wired network (just like your wireless network should be configured).  I was actually surprised to see 802.1x as part of the CIS Critical Control #1, where you’d expect “hardware inventory†stuff to go – it’s actually CC 1.6, 1.7 and 1.8.  But this does make sense, this not only controls where and when your gear can authenticate, but also controls the access that the “not your gear†stuff has (if any) when that stuff tries to connect.
Popular Samsung, LG Android Phones Open to ‘Spearphone’ EavesdroppingTue, 23 Jul 2019 16:49:52 +0000 A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that's played on speakerphone, including calls, music and voice assistant responses.
Critical RCE Flaw in Palo Alto Gateways Hits UberMon, 22 Jul 2019 20:52:06 +0000 The bug is previously unknown but yet still fixed in later releases. However, many organizations are likely still vulnerable.
Tackling the Collaboration ConundrumMon, 22 Jul 2019 19:44:21 +0000 Enterprises should recognize the data security risk that Slack, Teams or TeamViewer could introduce and address it.
Amazon Alexa, Google Home On Collision Course With RegulationMon, 22 Jul 2019 15:00:26 +0000 Threatpost talks to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants?
What You Should Know About the Equifax Data Breach SettlementMon, 22 Jul 2019 19:27:11 +0000 Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here's a brief primer that attempts to break down what this settlement means for you, and what it says about the value of your identity.
QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware AttackFri, 19 Jul 2019 16:40:07 +0000 Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
Party Like a Russian, Carder’s EditionWed, 17 Jul 2019 20:59:09 +0000 KrebsOnSecurity has seen some creative yet truly bizarre ads for cybercrime services in the underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake.