Inside | Real news, curated by real humans
Inside Security

Inside Security (Nov 27th, 2017)

David’s Take

With the long holiday break, there is a lot of news to report. It is worth noting the different approaches taken by both Uber and Imgur in reporting their breaches to the public. Troy Hunt, who discovered the latter breach, tweeted, “This is really where we're at now: people recognize that data breaches are the new normal and they're judging organizations not on the fact that they've had one, but on how they've handled it when it happened.” Imgur quickly confirmed a hack dating back to 2014 with specifics on how hackers stole 1.7 million email addresses and passwords, scrambled with the now-inferior SHA-256 algorithm. ZDnet has the specifics on how they divulged the hack to Hunt, who gave them props for the quick response over the Thanksgiving holiday.

Contrast that with how Uber responded to a breach that happened last October. Bloomberg broke the story on how hackers stole 57 million customer and driver records, and paid $100K in hush money to the hackers. “At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations.” The new CEO, Dara Khosrowshahi, didn’t pull any punches, which is hopeful, and promised to make changes to how they will do business in the future. John Gunn, the CMO of Vasco Data Security says the concealment is a “violation of their customers’ trust,” and I would agree. Valimail’s CEO in a blog post commends Khosrowshahi for acting quickly (he took the job in September) and “showing real leadership,” in contrast to the people he replaced.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top story: new Mirai variant discovered

A new Mirai variant has been discovered by a security researcher examining honeypot traffic originating mostly from Argentina. It uses the default configuration on some Zyxel routers that was disclosed in January 2016 and uses the Telnet ports 23 and 2323.

  • Email gray
  • Permalink gray

The Docket

The US Department of Justice today unsealed an indictment charging Behzad Mesri, a 29 year-old Iranian national, with a cyberattack earlier this year against HBO and using the stolen content for $6 million worth of bitcoin in an extortion scheme. – US DOJ

  • Email gray
  • Permalink gray

The Department of Immigration & Customs Enforcement is seeking better algorithms to track visitors to the U.S. as part of its latest push towards monitoring their social media consumption. The program is called “Visa Lifecycle Vetting,” and its goal is to predict potential issues by visa holders. – ARS

  • Email gray
  • Permalink gray

Karim Baratov, a 22 year-old Canadian citizen accused by the U.S. of helping Russian intelligence agents break into email accounts as part of the massive 2014 Yahoo breach is expected to plead guilty in a San Francisco federal court this week. -- REUTERS

  • Email gray
  • Permalink gray

Tools

If you haven’t yet tried out Burp’s Collaborator tool that is part of the Pro Suite, you might be motivated after reading this description of its utility. One place it can come in handy is to listen for responses to your pen test payloads by generating unique URLs for out-of-band app testing. – DIGITAL FORENSICS BLOG

  • Email gray
  • Permalink gray

One way to test your security infrastructure is to write your own .EXE programs to see if they are caught by your anti-malware and other endpoint detection products. Here is a simple way to use .Net to do this. – PEEWPE BLOG

  • Email gray
  • Permalink gray

Looking for a way to remote a root cert? Here are step-by-step instructions on how to do it from all the popular endpoint OS's. -- SSLSTORE

  • Email gray
  • Permalink gray

Mozilla has announced an integration of the breach alerting service Have I Been Pwned run by Troy Hunt to alert users about data breaches through the Firefox UI and offer educational information. You can follow the GitHub project here. – INFOSECURITY MAGAZINE

  • Email gray
  • Permalink gray

Security experts at CyberArk Labs have devised a post-intrusion attack defensive tool dubbed Golden SAML that could be used to identify exploits of forged authentication to gain access to federated cloud resources by impersonating users. – SECURITY AFFAIRS

  • Email gray
  • Permalink gray

Funding news of the week

SCADAfence announced today that it had closed a $10M A round led by Jerusalem Venture Partners. Funds will be used to expand the company's R&D. It is based in Tel Aviv and its CTO and co-funder is Ofer Shaked.  

WhiteHawk has begun a $4M IPO for the Australian market, while being based in the DC area. It operates a cybersecurity machine learning threat exchange. Its CEO is Terry Roberts.

  • Email gray
  • Permalink gray

Just for fun

The book, Where the Animals Go, has put together some very interesting data visualizations on tracking specific herds or individual animals across their ranges. Using the latest in GPS trackers, drones, cellphones and digital maps, it can be very illuminating and the maps are very attractive, too. The maps show how warblers detect incoming storms using sonic vibrations, how baboons make decisions, and why storks prefer garbage dumps to wild forage.

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

The best source of in-depth news and analysis about Amazon

Inside Amazon

The best source of in-depth news and analysis about Amazon

TWICE WEEKLY
The best source of in-depth news and analysis about Amazon

Inside Amazon

TWICE WEEKLY

SUBSCRIBED!

Share via

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

TWICE WEEKLY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

TWICE WEEKLY

SUBSCRIBED!

Share via

Explaining the business and consumer sides of social media networks

Inside Social

Explaining the business and consumer sides of social media networks

DAILY
Explaining the business and consumer sides of social media networks

Inside Social

DAILY

SUBSCRIBED!

Share via