Inside | Real news, curated by real humans
Inside Security

Inside Security (Jun 12th, 2018)

By my probably incorrect accounting, this is the 365th edition of this newsletter. My thanks to the continued sponsorship of these newsletters by Endgame. You might be interested in this recent blog post about their efforts to help complement and improve MITRE’s ATT&CK framework through a new open source tool. The post discusses how offensive measures can help improve overall enterprise security by better understanding our adversaries. I have written recently about ATT&CK for CSOonline, first this explainer about the framework and a second piece reviewing various tools that are based on it, including Endgame’s Red Team Automation. You should read all of them if you want to get a head start in this area.

--David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Are you as confused with the new top-level domain names as I am? Back in those simpler times, we had .com and a few others. Now there are more than 1,500 of them.  Brian Krebs summarizes the latest research that shows they are ripe for abuse, including domains that end in .country, .stream, .men, .work and .gdn. On all three, the majority of registered domains are used by spammers, to send malware, or both. Sadly, security experts warned this would happen years ago, but advertisers and domain speculators won out. Many of these new domains can be purchased for less than a buck a year, especially using the registrar Namecheap. To help with this, check out this report from Robert Spotswood: he reviews the alternative DNS services and how they stack up in blocking these domains. – KREBS ON SECURITY

  • Email gray
  • Permalink gray

Learn AWS Security Best Practices for Your AWS Cloud

Join us on June 21 for this free webinar where Reliam CTO, Jonathan LaCour, deep dives into the Security pillar of the AWS Well-Architected Framework. In this webinar you’ll learn in-depth, best practices for architecting secure systems on AWS.

Click here to register for this free webinar.

The APWG has a new report looking at the rise of fake web storefronts in Japan. These pose as shopping sites but just steal customers’ money without actually selling any goods. The report categorizes the various types of fake storefronts that use a number of sneaky tactics, such as the one illustrated below of redirecting traffic through a compromised website. There are several mitigation tactics also suggested.  – ANTI-PHISHING WORKING GROUP REPORT

  • Email gray
  • Permalink gray

CNIL, the French data protection authority, has decided to impose a 250,000 euro (about US$300,000) fine on Optical Center. They are a French company selling eye and hearing aids. The fine was levied because the company failed to secure the data of customers that ordered products via its website. It is their largest fine to date for a security breach and reflects the thousands of IDs and documents leaked. – HELPNET SECURITY

  • Email gray
  • Permalink gray

This post is the end of a series of explainer articles on XSS injection attacks, covering things from the client side. They can happen, even though you have checked all of your server-side inputs. It looks at what causes the attacks, the three different types of scripting attacks, and how to change your code to prevent them. – ALERT LOGIC BLOG

  • Email gray
  • Permalink gray

Yes, there really are Nigerian princes, at least when it comes to collecting money from duped email users. U.S. law enforcement announced today the arrests of 74 people accused of orchestrating email scams through which they stole millions from users across the world. Authorities arrested 42 members of the gang in the U.S. and 29 in Nigeria, among others. They also seized $2.4M from the accounts of the arrested suspects and recovered another $14M in fraudulent wire transfers. The feds are calling this Operation Wire Wire. Funds were stolen from a wide collection of individuals and businesses in several different locations.  – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

Weight Watchers forgot to set a password for the administration console of one of its Kubernetes instances. Researchers found details about the company's internal IT infrastructure, such as AWS access keys, pod specifications, and several dozen AWS S3 buckets holding the company's data. It isn’t clear whether the exposed data was production or on a test system. -- KROMTECH

  • Email gray
  • Permalink gray

This is a very informative article on how to prepare your AWS environment to maximize your security and help you recover from a breach or when a researcher discovers unprotected data (such as the Kromtech piece above). First, take advantage of built-in AWS logging tools such as CloudWatch and Cloudtrail, because not all incidents will be caught immediately, so it’s important to ensure all your logs are not rolled over and lost. Next, create an EC2 Security Group that can be used to isolate any compromised systems in the network. – DELTA RISK BLOG

  • Email gray
  • Permalink gray

If you have enjoyed Baratunde Thurston’s posts in the past on a number of tech blogs (including The Onion), you will find his latest piece both entertaining and informative. Called A New Tech Manifesto, he lists suggestions for tech companies to become really transparent about their data collection, switch their defaults for data to be closed rather than open (since most users never change them), respect users’ rights to own their own data, and implement true diversity hiring practices. There is a lot to take away here. – THURSTON@ MEDIUM

  • Email gray
  • Permalink gray

What do criminals do once they obtain personal health data? They sell it in bulk, called “fullz,” which can be used to further launch fraud attacks and ransomware. There are also cases of selling SMTP servers that can specialize in particular spear phishing campaigns mimicking hospital domains.  – CYNERIO BLOG

  • Email gray
  • Permalink gray

This does seem to be how the process of starting a new cloud service works. -- BOB RESELMAN @ DEVOPS

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

TWICE WEEKLY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

TWICE WEEKLY

SUBSCRIBED!

Share via

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

TWICE WEEKLY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

TWICE WEEKLY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

TWICE WEEKLY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

TWICE WEEKLY

SUBSCRIBED!

Share via

The best source of in-depth news and analysis about Amazon

Inside Amazon

The best source of in-depth news and analysis about Amazon

TWICE WEEKLY
The best source of in-depth news and analysis about Amazon

Inside Amazon

TWICE WEEKLY

SUBSCRIBED!

Share via