Kategorie

Willie Sutton and mobile attackers have much in common -- but defenses have evolved since the famous bank robber had his heyday.

Chrome od Googlu obsahuje integrovaného správce hesel již dlouho, nyní se al chystá užitečná novinka. Prohlížeč by vás nově měl upozornit, když některé z vašich hesel unikne na internet. Kontrolu úniků hesel aktuálně Google testuje v rámci Canary buildu, tedy velmi rané testovací verze ...

The app purported to stream music - but actually siphoned victims' device contacts and files.

Introduction Cybercriminals are waging a war on our personal data. The latest research from IBM and Ponemon on the cost of cybercrime shows that data record breaches carry a high price tag. The price per exposed data record now stands at a mean of $150 per exposed record. Healthcare records are the costliest when exposed, […]

The post Anonymization and pseudonymization of personal data appeared first on Infosec Resources.

Anonymization and pseudonymization of personal data was first posted on August 22, 2019 at 8:02 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

The role of cybersecurity engineer The role of the cybersecurity engineer has been around for decades. During that time, it has evolved dramatically.  First, responsibilities mostly existed within the Layer 3 (firewall) and the signature-based antivirus product space. With the emergence of more advanced threats, intrusion detection and prevention systems, proxy servers, next-generation firewalls and […]

The post Cybersecurity engineer resume tips appeared first on Infosec Resources.

Cybersecurity engineer resume tips was first posted on August 22, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction In the world of cybersecurity, the position of IT auditor has become very significant and is a growing occupation, with thousands of job openings now available in the U.S. This growth has been fueled by new regulations and compliance requirements such as Sarbanes-Oxley.  If you’re considering a career as an IT auditor, you are […]

The post What does an IT auditor do? appeared first on Infosec Resources.

What does an IT auditor do? was first posted on August 22, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction ICS stands for Industrial Control Systems. ICS is a generic term used to describe various control systems and their instrumentation, used for controlling and monitoring industrial processes. ICS basically integrates hardware, software and their network connectivity for running and supporting critical infrastructure. ICS systems get data from remote sensors and send commands to the […]

The post ICS Protocols appeared first on Infosec Resources.

ICS Protocols was first posted on August 22, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Episode 5 of the Naked Security Podcast is now live - listen now!

The new feature “disconnects,” but doesn't delete, your browsing history. Facebook will still use it for analytics.

Hackeři prakticky neustále vymýšlejí způsoby, jak se dostat do počítačů nic netušících uživatelů. Jedním z jejich posledních kousků je vytvoření falešných webových stránek poskytovatele služeb osobní virtuální privátní sítě NordVPN. Jak zjistili bezpečnostní experti z Doctor Web, útočníci ...

Microsoft has found itself with a large amount of RDP-related patching work during 2019.

Interested in what the future has in store for blockchain? Check out this interesting HelpNetSecurity article:

Tens of thousands of records with financial data were left in plaintext in a database that wasn't protected with a password.

The hacking group, which specialises in stealing from banks, has been spreading its coverage and becoming more sophisticated.

Have you heard that spyware based on two-year-old AhMyth RAT has made it past Play Store's scans, despite not being anything special? Learn more in this interesting ZDNet article:

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to workstations through less-than-strong administrator password.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,r.id=s,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","https://e.infogram.com/js/dist/embed-loader-min.js");

Attempted attacks geography from January through July 2019 (download)

According to our statistics, the majority of such attacks fall on Vietnam (>16%), Russia (~12%), India (~7%), China (~6%), Turkey and Brazil (5% each).

Attack description

Microsoft SQL Server attacks are normally massive in nature and have no particular target: the attackers scan sub-networks in search of a server with a weak password. The attack begins with a remote check of whether the system has MS SQL Server installed; next the intruders proceed to brute-force the account password to access the system. In addition to password brute-forcing, they may also resort to authorization via a user account token, authorized on a previously infected machine.

SQL Server authorization

As soon as penetration is accomplished, the attackers modify server configuration in order to access the command line. That done, they can covertly make the malware secure in the target system using jobs they had created for the SQL Server.

Examples of jobs

Job is a sequence of commands executed by SQL Server agent. It may comprise a broad range of actions, including launching SQL transactions, command line applications, Microsoft ActiveX scripts, Integration Services packages, Analysis Services commands and queries, as well as PowerShell scripts.

A job consists of steps, the code featured in each one being executed at certain intervals, allowing intruders to deliver malicious files to the target computer again and again, should they be deleted.

Below are a few examples of malicious queries:

• Installing a malware download job using the standard ftp.exe utility:
• Downloading malware from a remote resource using JavaScript:
• Writing a malware file into the system followed by its execution:

We have analyzed the payloads delivered to the compromised machines via malicious jobs to learn that most of them were cryptocurrency miners and remote access backdoors. The less common ones included passwords capture and privilege escalation utilities. It should be mentioned, however, that the choice of payload depends on the attackers’ goals and capabilities and is by no means limited to the mentioned options.

To protect your machines from malicious job attacks, we recommend using robust, brute-force-proof passwords for your SQL Server accounts. It will also pay to check Agent SQL Server for third-party jobs.

Kaspersky Lab products return the following verdicts when detecting malware that installs malicious SQL Server jobs:

• Trojan.Multi.GenAutorunSQL.a
• HEUR:Backdoor.Win32.RedDust.gen
• HEUR:Backdoor.MSIL.RedDust.gen

And use proactive detection using the System Watcher component:

• PDM:Trojan.Win32.GenAutorunSqlAgentJobRun.*
• PDM:Trojan.Win32.Generic
• PDM:Exploit.Win32.Generic

MD5

• 6754FA8C783A947414CE6591D6FA8540
• 91A12A4CF437589BA70B1687F5ACAD19
• 98DFA71C361283C4A1509C42F212FB0D
• A3F0B689C7CCFDFAEADD7CBBF1CD92B6
• E2A34F1D48CE4BE330F194E8AEFE9A55

The IT security community overwhelmingly believes that government-mandated encryption backdoors will put countries at a greater risk of election hacking. Are you in agreement? Learn more:

Are phishing simulations pentesting for humans or training? What’s more effective with those folks who can’t stop themselves from clicking on everything: “name and shame” or a private, personal coaching session? We’ve seen it all: organizations that have terminated internet access (or even employees) and employers that take an educational approach to phishing. What’s your […]

The post Phish testing: What to do about so-called “repeat offenders” appeared first on Infosec Resources.

Phish testing: What to do about so-called “repeat offenders” was first posted on August 22, 2019 at 2:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com