-
News & Notes: July 29, 2021
U.S. President Joe Biden: Severe cyberattacks could escalate to ‘real shooting war’ with a major global power: “You know, we’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” Biden said during a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence. “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great…
-
What is the NSO Group Pegasus Spyware Software? How Does Pegasus Hack Phones?
There was a flurry of news this morning about NSO Group, an Israeli tech firm, and the Pegasus spyware that produces. Al Jazzeera has some interesting reporting and have been following the story for a while. Back in December they reported about their journalists being hacked. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal. “This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.…
-
What is a social engineering attack?
Social engineering is using human interaction (social skills) to obtain or compromise data/information about an organization or its computer systems. This information can them be used to deploy an attack and/or penetrate a network further. Social engineering attacks are particularly dangerous because they prey on our human instincts, interactions and dealings with people and our contextual environment. An attacker may not fit the stereotype we hold in our heads. Social engineering preys on the fact that humans will have our guard up for natural signs of danger and natural enemies, but things get fuzzy when the distinction is not so clear. In social engineering, the attacker may seem unassuming, respectable…
-
Russian Hackers Abusing VPNs to Hijack Accounts, U.S. and British Officials Say
According to an article in Reuters, Russian hackers are accused of abusing VPNs. US and British authorities identify Unit 26165, the arm of Russia’s military spy agency, also accused of interfering in the 2016 US presidential election, as a source behind “widespread, distributed and anonymized brute force access attempts against hundreds of government and private sector targets”. None of the targets, mostly in the United States and Europe, were identified by name, but “included government offices, political parties, energy companies, law firms and media organizations”. “Russian hackers are abusing VPNs to hijack accounts, US and UK officials say” via Reuters
You May Also Like
News & Notes: July 27, 2021
News & Notes: July 28, 2021
News & Notes–June 30, 2021
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
What Is a CSIRT vs. CERT vs. CIRT???
CSIRT—Computer Security Incident Response Team is a concrete organizational entity (i.e., one or more staff) that is assigned the responsibility for coordinating and supporting the response to a computer security event or incident. CERT—Computer Emergency Response (Readiness) Team CERT should not be generically used as an acronym because it’s a registered trademark in the United States Patent and Trademark Office, as well as other jurisdictions around the world. Alternative names fur such groups include computer emergency readiness team and computer security incident response team (CSIRT). The name “Computer Emergency Response Team” was fist used in 1988 at Carnegie Mellon University (CMU). CERT is registered as a trademark by Carnegie Mellon…
-
How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password?
That’s all it takes, and usually what it comes down to. Passwords. As the founding contemporary lyrical wordsmith members of Wu-Tang would say, “Protect ya neck!“. Because without it, you’ll lose your head. Same with passwords! Protect ya passwords!!! All a malicious actor would need is a password to an account, and just like that (*finger snap!*), you’ve invited them in, like welcoming Count Dracula through your front door for Sunday dinner. So, Colonial, right…here’s the latest. After an analysis of the cyberattack on Colonial Pipeline, investigators suspect that hackers obtained the password from the dark web (think a marketplace for illicit activity) where such info is available for the…
-
What is a “False Positive”?
A true positive is an outcome where the model correctly predicts the positive case. Ex: Downloaded file is malware, and the A.V. detected it as malware. A true negative is an outcome where the model correctly predicts the negative case. Ex: Downloaded file is NOT malware, and the A.V. did NOT detect it as malware. A false positive is an outcome where the model incorrectly predicts the positive case. Ex: Downloaded file is NOT malware, but the A.V. detected it as malware. A false negative is an outcome where the model incorrectly predicts the negative case. Ex: Downloaded file is a malware, AV did NOT detect it as malware. True…
-
What is Attack Surface?
Attack surface. First thing I start thinking is the surface area, or the exposed area that is susceptible to a cyber onslaught by threat actors, or bad people with malicious intent. According to Wikipedia: “The attack surface of a software environment is the sum of the different points (for “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.” via Wikipedia “KEEPING THE ATTACK SURFACE AS SMALL AS POSSIBLE IS A BASIC SECURITY MEASURE.” **clap, clap** Does that last line stick out to anyone else?? It should.…
-
What is Remote Code Execution?
What is Remote code execution (RCE)? A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE). According to Wikipedia: In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution…
