On June 4, 2019, the CERT Coordination Centre (CERT/CC) Carnegie Mellon’s Computer Emergency Response Team released an advisory regarding discovered behaviour in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions. Microsoft was notified of this finding and has stated that the “behaviour does not meet the Microsoft Security Servicing Criteria for Windows,” meaning there will be no patch available at least for the time being. It is understandable that many organisations still scrambling to ensure their systems are not vulnerable to the recent (“BlueKeep”RDP wormable vulnerability) would not be…
ISB Editorial Staff
Cybercriminals are leveraging Internet Message Access Protocol (IMAP) for password-spray attacks to compromise cloud-based accounts according to Proofpoint. Justin Jett, Director of Audit and Compliance at Plixer: “Password-spraying attacks are extremely dangerous because they often allow hackers to brute force attacks without being locked out or triggering an alert to the IT team. Two-factor authentication inherently can’t work with IMAP, and so it is automatically bypassed when authenticating. Additionally, IT teams should be sure they have network traffic analytics enabled across their network to spot credential misuse. Because password-spraying attacks don’t generate an alarm or lock out a user account,…
Given it is again that time of the year when we may be giving, and/or receiving gifts, we will be mentally tuned to anticipation of a gift arriving in the post, and as such our guard may be down. To that end, those Cyber Criminals and other such persistent threat actors also see the season of good will as an increased opportunity to just keep on giving, which is why I guess I am seeing a higher volume than usual of unsolicited communications arriving in my inbox to inform me that I may track my package, or that I need…
According to the US-CERT, tools and techniques for exploiting networks and the data they hold are by no means the preserve of nation states or criminals on the dark web. Today, malicious tools with a variety of functions are widely and freely available for use by everyone from skilled penetration testers, hostile state actors and organised criminals, to amateur cyber criminals. Commenting on this, Ross Rustici, senior director, threat intelligence at Cybereason, said “This report is like a greatest hits album for a struggling record company. Everything is old, well known, and generally elicits a sense of nostalgia mixed with loathing. Mimikatz, the the elder…
It is being reported that Facebook said an attack on its computer network led to the exposure of information from nearly 50 million of its users. The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials. More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts. Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. The company…
With every day that goes by more IoT (Internet of Things) devices are becoming a part of our normal everyday life both at home and on the job. In recent years it has become evident that IoT devices pose a security risk for any network. While IoT manufacturers are working diligently to make things more convenient for us, privacy and security have been overlooked. Leaving these devices unsecured is like leaving your door closed but unlocked. It might look secure, but it is actually easy to open. Gartner research estimates that there will be over 20 billion connected IoT devices…
This is second video of Tulin’s CyberSec Talk series. In this video, Tulin discusses the seven foundation principles of Privacy by Design. These principles are: Principle 1: Proactive and not reactive Principle 2: Privacy as the default setting Principle 3: Privacy embedded into design Principle 4: Full functionality: positive-sum, not zero-sum Principle 5: End to end security: full lifecycle protection Principle 6: Visibility and transparency Principle 7: Respect for user privacy. [su_youtube url=”https://youtu.be/c2apEJnpKL8″] [su_spacer]
The GDPR (General Data Protection Regulation) is designed to protect the privacy of all EU citizens and this will change the way the organizations store and use EU citizens’ data. Failure to meet the requirements of GDPR could also turn out to be an expensive expense. Here is summary of the penalty as it applied to articles in GDPR. Penalty: Maximum penalty up to 4% of annual global turnover or €20 million, whichever is greater Articles in GDPR: 5 – Principles relating to processing of personal data 6 – Lawfulness of processing 7 – Conditions for consent 9 – Processing…
Microsoft has been working to issue patches in light of the large scale ransomware attack that affected some 99 countries yesterday. Blog here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Commenting on the move is security expert Andrew Clarke, EMEA director for One Identity: “This is an unusual move by Microsoft and serves to demonstrate the seriousness of this type of attack. In an update blog Microsoft declared, “Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003.” IT teams with these type of…
5G technology is the next step in the development of mobile communication. 5G will not only provide voice and data communication but also provide capabilities for new technologies such as Internet of Things. 5G is no longer confined to provide faster mobile services for voice and data communication but instead it will serve vertical industries, which will foster a new form of services. The new networking technologies such as such as Software Defined Network (SDN)/Network Functions Virtualisation (NFV) will further enhance the 5G capability to provide an effective platform for new services/businesses to flourish. These new technologies also bring new…