Inside | Real news, curated by real humans
Inside Security

Inside Security (Mar 2nd, 2018)

David’s Take

If you aren't yet a Premium subscriber, you missed yesterday's analysis about how the case against Taylor Huddleston and how hard it is to report on the intersection of the law and infosec. Go to our Premium page and sign up, subscription plans start at $10/month with multiple newsletters and corporate plans available. Premium subscribers get an additional Thursday newsletter, usually with a single analysis topic.

We have all been in the embarrassing situation of sending out an email by mistake, hitting “reply all.” Sadly, this was more serious earlier this week when an administrative staffer sent one such message containing more than the personal 20,000 records of US Marines, including truncated social security numbers, bank electronic funds transfer and bank routing numbers and truncated credit card information.

To add insult to injury, Equifax has found an additional 2.4 million U.S. consumers whose partial driver’s license information was stolen, but who were not in the previously identified affected population. The announcement was made on their website. Speaking of Equifax, researchers have discovered a critical remote code execution vulnerability that affects various projects in Pivotal Spring, a web app framework tool. The exploit is similar to what caused the Equifax breach, this time using another tool. Various components of Spring are at issue, and users are urged to upgrade them as soon as possible.

--David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story

This week we were witness to perhaps the most bizarre conflict between two vendors about how not to revoke SSL certs. The Trustico/Digicert saga played out in a series of conflicting blog posts and Tweets. Perhaps the best timeline summary can be found on Bleeping Computer here. The short version: with the transfer of the ineptly handled Symantec cert business to Digicert, Trustico decided to move to another cert vendor and in the process deliberately exposed the certs it previously resold from Symantec, hoping that Digicert would revoke some 50,000 of them. – THE REGISTER  

  • Email gray
  • Permalink gray

Attacks

Earlier this week a variety of security researchers including Akamai, Arbor Networks and Cloudflare observed a new DDoS amplification attack on their memcached servers. Given that there are over 93,000 of them on the public Internet and spread around the world, they are ready for exploitation. These servers can amplify the attack traffic considerably more than was historically found, so this is a very serious matter. Reflection attacks happen when an attacker forges its victim’s IP addresses in order to establish the victim’s systems as the source of requests sent to a massive number of machines. The recipients of those requests then issue an overwhelming flood of responses back to the victim’s network, ultimately crashing that network. Keeping your memcached servers behind a corporate firewall should be standard practice to mitigate the situation. The Cloudflare blog link above has more specific recommendations along with tools that you can use to test your configuration.

This technique was behind the DDoS attack which happened this week to GitHub, who were able to successfully defend themselves using what was learned from the earlier memcached attacks. Wired has the details

  • Email gray
  • Permalink gray

Researchers have recently seen a huge increase in the Marcher mobile banking malware. Marcher targets Android devices with SMS phishing messages, driving downloads of Trojanized banking apps which can take control over the infected smartphone. This post shows how it has evolved since it was first discovered five years ago. – LOOKOUT BLOG

  • Email gray
  • Permalink gray

This post goes into detail about how password stealing malware works. With the advent and increasing usage of saving passwords; however, malware can simply break whatever security mechanism is protecting the passwords and upload them all at once. This makes detection more difficult at the network level since there’s only one burst of traffic to detect before the passwords have been exfiltrated.  – BARRACUDA BLOG

  • Email gray
  • Permalink gray

This excellent post from Talos talks about tracking down who was – and who wasn’t – involved in creating the Olympic Destroyer malware seen last month. Attribution is hard, and getting through the numerous “false flag” indicators in the code can be tedious and tricky in combing through the usual suspects. Sadly, they don’t have enough information to make any definitive call on who did it, although it is clear that pieces of the code were borrowed from numerous malware samples.

  • Email gray
  • Permalink gray

The docket

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. Also, credit reporting agencies will no longer be allowed to charge consumers who place, temporarily lift, or remove security freezes following a data breach.

  • Email gray
  • Permalink gray

Just for fun

It was inevitable that this clip would be created. I am afraid I can't do that Dave. -- YOUTUBE

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

Find out why Global Leaders are trusting HackerOne to test and secure their mission-critical applications

 
   

[YOUR LOGO HERE – click for details]

Subscribe to Inside Security

MORE NEWSLETTERS

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

TWICE WEEKLY
Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

TWICE WEEKLY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

DAILY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

DAILY

SUBSCRIBED!

Share via

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

The present and future of virtual/augmented reality news and technology

Inside VR & AR

The present and future of virtual/augmented reality news and technology

DAILY
The present and future of virtual/augmented reality news and technology

Inside VR & AR

DAILY

SUBSCRIBED!

Share via