Things I Hearted this Week, 16th March 2018

March 16, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Last weekend, my daughter and I finally got around to watching Wonder Woman. We quite enjoyed it. There was a part in which Chris Pine’s character said, “My father told me once, he said, "If you see something wrong happening in the world, you can either do nothing, or you can do something". And I already tried nothing."

So, I turned to my daughter and asked, "When you're older will you say awesome quotes and attribute them to your dad so I'll appear all knowing and wise?"

She replied, "Yeah, I'll say 'my father told me if you see something wrong you can either do nothing, or send memes'".

Not sure if that means I’ve succeeded as a Dad or failed miserably. Hopefully she’ll come across one of these posts in the future and realise there was more to me than just memes.

Operation Bayonet

This article gives a fascinating insight into how law enforcement infiltrated and took down a drug market.

As reports of these kinds of operations become available, Hollywood should really be looking to these for inspiration. Far better plots than most fiction!

How many devices are misconfigured… or not configured?

I saw this blog that Anton Chuvakin posted over at Gartner stating that there’s a lot of security technology which is deployed yet misconfigured, not configured optimally, set to default, or deployed broken in other ways.

Broadly speaking, I agree, in the race to get things done, assurance often takes a back seat. But there’s no obvious answer. Testing takes time and expertise. Unless it’s automated. But even then someone needs to look at the results and get things fixed. DevSecOps maybe?

Hacking encrypted phones

Encrypted phone company Ciphr claims it was hacked by a rival company. A preview into how vicious digital rivals can get. And regardless of who is to blame, the fact remains that the real victims here are the users.

Hidden Cobra on Turkish Banks

Bankshot implants are distributed from a domain with a name similar to that of the cryptocurrency-lending platform Falcon Coin, but the similarly named domain is not associated with the legitimate entity. The malicious domain falcancoin.io was created December 27, 2017, and was updated on February 19, only a few days before the implants began to appear. These implants are variations of earlier forms of Bankshot, a remote access tool that gives an attacker full capability on a victim’s system. This implant also contains functionality to wipe files and content from the targeted system to erase evidence or perform other destructive actions. Bankshot was first reported by the Department of Homeland Security on December 13, 2017, and has only recently resurfaced in newly compiled variants. The sample we analyzed is 99% similar to the documented Bankshot variants from 2017.

SWIFT says blockchain not ready for mainstream use

SWIFT, the Brussels-based messaging system which handles around half of all high-value cross-border payments has been playing around with blockchain. It says that while the test went extremely well, it concluded that further progress is needed on the blockchain.

Chris-John Riley summed up the situation on Twitter mused, “Company that makes its money from slow money transfers, says new technology that would make it obsolete isn’t ready yet #MildShock”

The secret life of your login credentials

When your data leaves your machine, where does it go? What happens to it along the way? And what systems have been put in place to ensure that your information is kept private as it travels, and after it arrives at its final destination? The short answer is: quite a lot. So strap in as we take you on a tour of the secret life of your username and password in order to expose the trials and tribulations of keeping a secret on the web.

On the topic of logins

SharpShooter

Getting a foothold is often one of the most complex and time-consuming aspects of an adversary simulation. We typically find much of our effort is spent creating and testing payloads against various OS versions/architectures and against the most commonly used EDR (Endpoint Detection and Response), anti-virus and sandboxing solutions. Many of these solutions have become more focused and aware of PowerShell, as such we’ve naturally moved away from PowerShell to research other techniques for getting into memory and evading endpoint defences. This led to the development of an in-house payload generation framework we named SharpShooter. After using this framework with great success across a number of engagements, we have opted to release the tool.

Former Equifax Executive Charged With Insider Trading

“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard R. Best, Director of the SEC’s Atlanta Regional Office.  “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT