Inside Security - August 4th, 2016

Inside Security (Aug 5th, 2016)

David’s Take
The story behind the terrorism reporter for the NY Times is worth reading to understand her reporting methods and tools that she uses to track ISIS. And there are lots of new attacks available today, including keyboard emulators and a reminder about how having physical access to network infrastructure can be a security issue.
We’d love to hear from you on any of these topics.

-- David Strom, editor of Inside Security
New and noteworthy product
If you need to make instant changes to your network infrastructure so that you can have full data center redundancy with real-time failover or be able to rapidly migrate resources between your physical infrastructure to your VMs, then you might want to take a closer look at the Global IP Namespace feature that is part of a product called Identity Defined Network. If you are looking for a better hybrid cloud orchestration product, the cheapest configuration starts at $10,000, with more typical installations cost in the mid five figures. -- TEMPERED NETWORKS
Methods and tools
This is a fascinating story about how Rukmini Callimachi, a NY Times terrorism reporter, has developed her beat on reporting on ISIS’ methods to communicate via Twitter and Telegraph to organize its converts and set up its reprehensible activities. Callimachi’s latest scoop for the Times was about a captured German ISIS operative who gave a jailhouse interview this week about their activities. Yes, even ISIS has to approve its expense reports. -- WIRED
Microsoft has released an update to its .Net Framework with v4.6.2, tightening security in the Base Class Library along with security-related improvements to the SQL client, Windows Communication Foundation, the Common Language Runtime, and the ASP.Net web framework. These updates improve encryption features and key strengths, along with support for various encryption-related protocols such as TLS and SSL. -- INFOWORLD
Hotel POS machines and magstripe cards can be vulnerable to attacks. Researchers from Rapid7 this week demonstrated methods that allow attackers to turn these point-of-sale devices into keyboards, using magnetic stripe card readers. Often a magstripe reader can be configured as a general-purpose device, or worse yet there is this MagSpoof tool that can be used to emulate one. Either way, an attacker can drop in commands to open a register, open a window, or download and install malware. – DARK READING
Threats and attacks
The paperclip threat is real and an issue for AirBnB hosts and others who freely share their home’s networks with random guests. “If someone can physically reset a router, they now control that device. A bored teenager could do it. If a bored teenager can hack your network, you've got a real problem.” One simple way to compromise your network: input custom DNS settings, which can be used to trick a user into accessing fake websites. -- ZDNET

Security researchers found a series of incorrect implementation of code hooking and injections techniques that could cause numerous vulnerabilities, potentially affecting thousands of products. These hooks allow intrusive software to intercept and monitor API calls and are used by many security products to detect malware. They are also used by malware for man-in-the-browser types of attacks. -- BREAKING MALWARE
A password dump of Yahoo user credentials is now for sale, but it's unclear how old or how accurate the data might be. The collection is rumored to be more than 200 million user IDs. According to a sample of the data, it contains usernames, md5-hashed passwords, dates of birth, and in some cases back-up email addresses. Reporters tested several accounts and some of them seemed still active. -- MOTHERBOARD
How much can one disgruntled employee be fined for damaging his employer’s network? Would you believe more than $77,000? A former Citibank employee was fined that, and also sentenced to almost two years in federal prison, for erasing nine core routers’ configurations. This cut off connectivity to a large part of their North American network operations. Surely a tale of caution for taking insider threats seriously.  – US DOJ

Do you have policies in place to better control disgruntled employees?
With all the news about the Democratic National Committee email hacks, here is a refreshing perspective from someone who actually knows the technology, reformed hacker Kevin Mitnick. In an interview, he said “the people at the DNC would be easy to phish and very easy to exploit." He now works for a consulting firm to help companies be more secure, BTW. -- TECHREPUBLIC
Yes, dropping a random USB stick really is a great way to infect a lot of PCs quickly. An academic study at the University of Illinois Urbana campus shows that a dropped USB stick will be almost immediately picked up, inserted into a PC and scanned by an unsuspecting user.  Likely attacks include “keyboard-spoofing attacks and especially basic social engineering attacks tricking users into opening files.“ -- TRIPWIRE
Reports and evaluations
Security researchers have found a huge increase in SSL-cloaked malware traffic across selected networks in 2015. Traffic jumped from approximately 500 malware samples per month before October 2015 to over 29,000 samples in November and December 2015. The increased use of encryption makes it more difficult to detect malware.  -- BLUECOAT
What is being billed as the largest, most detailed measurement of online tracking ever performed is from a new study by Princeton University. They performed an automated review of the world’s top 1,000,000 sites, as listed by Alexa. The researchers found more than 81,000 trackers showing up on at least two sites. They also found trackers abound on the largest web properties of Google, Twitter, and Facebook, along with news, arts, and sports sites which typically provide content for free. The study results are interesting, along with the fact that the researchers built a complete web privacy measurement framework to capture their massive data. -- NAKED SECURITY
The SANS 2016 State of Application Security: Skills, Configurations and Components, based on a survey of 475 security professionals, concludes that application security programs must be a coordinated effort between developers, architects, and system administrators, and security must be integrated earlier in the application development lifecycle. -- TECHBEACON
Self serving dep’t
Malware that exploits popular topics has always been around. But with the Olympics about to start, the risks of Zika and the popularity of Pokemon Go happening, there are more opportunities for various exploits than ever before. The authors of this post (who work for a vendor that just coincidentally catches these exploits) have found thousands of malicious apps that masquerade as legit Zika warnings, or Pokemon helper apps, or Olympics updates. -- RISKIQ
Bug Bounties
Kaspersky Lab has teamed up with HackerOne to pay a $50k bug bounties over the next six months. The challenge is to find errors in its Internet Security 2017 endpoint protection suite. Rewards will range from $300 to $2000 each, and applicants agree to not disclose their newly found bug until it is fixed.  -- KASPERSKY

Just for fun

Sorry, room 404 not found. -- DEVHUMOR
While not exactly humorous, this is certainly ironic. We finally have a real Nigerian prince of spam and online scams. Nigerian authorities have arrested a man who they claim is the mastermind behind over $60 million worth of online criminal activity, including one person who reported paid out more than $15 million. The criminal had operated a network of at least 40 individuals across Nigeria, Malaysia, and South Africa. This crew provided malware and operations. The arrests were made thanks to Trend Micro and Fortinet working together with INTERPOL   – ARS TECHNICA
How likely are you to recommend Inside Security to a friend or colleague?

Inside Security is supported by Varonis, a leading provider of software solutions that protect data from insider threats and cyberattacks. Learn more about Varonis.
Copyright © 2016 Inside, All rights reserved.

You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security