Inside

THE NETWORK OF EMAIL NEWSLETTERS | Login

Inside Security

Inside Security (Jun 1st, 2017)

David’s Take: time for that DNS upgrade

Have you heard that story about how seven people “control the entire Internet?” Of course it isn’t true, and this piece from ICANN – who does control the deployment of certain critical protocols – explains why. But that brings up a more interesting event which is scheduled to happen later this year. That is when the cryptographic keys that control access to the secure DNS system are being upgraded. ICANN has been preparing for this for quite some time. It will be the first time in seven years that the DNS system has been upgraded. Internet service providers, enterprise network operators and others who operate DNSSEC validation systems must upgrade with the public part of the new key signing data.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: OneLogin breach

When a single sign-on vendor gets hacked, it has big security implications. Since I have used OneLogin in the past, I got notified this morning by the company: “On Wednesday, May 31, 2017, we detected unauthorized access to OneLogin data in our US operating region. At this time, OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised.” The alert mentions that cryptographic materials may have been stolen, and all OneLogin customer passwords need to be reset.  Customers can get further information here. You will need to:

  • Generate new certificates for your apps that use SAML SSO
  • Generate new API credentials and OAuth tokens
  • Generate and apply new directory tokens for Active Directory Connectors and LDAP Directory Connectors.
  • Email gray
  • Permalink gray

Beginner’s corner

By now most of us know that when we receive an email with an Office document, not to just click on it without further thought. This post describes why phishers and other criminals design these attachments with active content so they can compromise our PCs. – BARRACUDA BLOG

  • Email gray
  • Permalink gray

Reports

Securing a virtual desktop requires some special skills. Just because it is virtualized doesn’t mean it is automatically secure. This is a very comprehensive guide on how you can defeat the Citrix Xen Desktop environment. It can be useful for defenders who want to make sure they have covered all their bases, such as abusing the help menus to run a command shell as shown here. – PENTEST PARTNERS

  • Email gray
  • Permalink gray

A research paper published this week described a frightening list of cybersecurity issues plaguing pacemaker devices built by four leading manufacturers, including a lack of authentication and encryption, USB-based exploits and the use of third-party software libraries ravaged by thousands of vulnerabilities. -- WHITESCOPE

  • Email gray
  • Permalink gray

The latest report on trouble spots around the world that includes top-level domains showing malware concentrations, whois privacy services that are masquerading as malware sources, and free email hosting service providers who are sending copious amounts of spam. -- DOMAINTOOLS (Reg. req.)

Email x1 domains
  • Email gray
  • Permalink gray

Ninety-three percent of service providers view DDoS attack mitigation services as a high priority relative to other offerings, according to the second-annual “Future of DDoS Protection” survey from DDoS mitigation services provider Corero Network Security. – (Reg. req.)

  • Email gray
  • Permalink gray

The United Kingdom’s National Crime Agency has published research earlier this year into how and why some young people become involved in cybercrime. The report, which is based on debriefs with offenders and those on the fringes of criminality, emphasizes that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality. – NCA UK

  • Email gray
  • Permalink gray

Attack

Kmart’s POS has been hit again. (The last time was in 2014.) While the company claims no personal data was stolen, certain credit card numbers have been compromised. It doesn’t appear to be affecting every Kmart store, however. Brian Krebs has more here.

  • Email gray
  • Permalink gray

The Docket

A bill proposed in Congress last month would require the NSA to inform representatives of other government agencies about security holes it finds in software like the one that allowed last month's ransomware attacks. The bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. – REUTERS

  • Email gray
  • Permalink gray

Just for fun

Good advice. -- DEVHUMOR

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Small x2 screen shot 2016 08 18 at 10.43.17 am

Inside Daily Brief

A concise roundup of the world's most interesting news

DAILY
Small x2 newspaper

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

Small x2 screen shot 2017 02 01 at 2.23.49 pm

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

TWICE WEEKLY
Small x2 tumblr mfpcr391jj1rqigtoo1 400

Inside Real Estate

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 photo

Inside Trump

Digging into the Trump Presidency, issue by issue

TWICE WEEKLY
Small x2 trump

Inside Trump

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 shutterstock 173668979 680x400

Inside Dev

Breaking news and info for developers

WEEKLY
Small x2 giphy %282%29

Inside Dev

WEEKLY

SUBSCRIBED!

Share via