Information Security News |
The Register | Oxford Uni opens infosec ivory tower in Melbourne The Register The State of Victoria is cementing its place as Australia's security hub with the launch of an Oxford University national infosec risk centre in Melbourne. The Global Cyber Security Capacity Centre will perform "audits of national cyber security risks ... |
Our own Mark Baggett (@markbaggett) recently reTweeted Sean Metcalfs (@PyroTek3) Tweet about his Active Directory Security post, an Unofficial Guide to Mimikatz Command Reference.
This is a freaking gold mine, well done Sean!
Using Mimikatz as part of red/blue exercises and scenarios is near and dear to my heart, its the attacker basis, along with PowerShell and Metasploit,of my May 2015 toolsmith, Attack Detection: Hunting in-memory adversaries with Rekall and WinPmem.Sean describes Mimikatz and its use with such robust detail, even the uninitiated should be able to grasp the raw power of the tool (both dangerous and useful).
First and foremost, Ill quote one of Seans most important points:
This information is provided to help organizations better understand Mimikatz capability and is not to be used for unlawful activity. Do NOT use Mimikatz on computers you dont own or have been allowed/approved to. In other words, dont pen-test/red-team systems with Mimikatz without a get out of jail free card.
Further, Sean developed this reference after speaking with both hired defenders and attackers, and learned that outside of a couple of the top three mostused Mimikatz commands, not many knew about the full capability of Mimikatz.
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required optional), as well as screenshots and additional context (where possible). Sean indicates there are several that he hasnt dug intofully yet, but expects to in the near future.">Unofficial Guide toMimikatz Command Reference on your immediate must read and bookmark list and find safe ways to explore its capabilities.
Again, if your one of those folks who spend time in both red and blue team actvities, it">|">@holisticinfosec
The MYK-78 "Clipper" chip, the 1990's version of the "golden key."
In the face of a Federal Bureau of Investigation proposal requesting backdoors into encrypted communications, a noted encryption expert urged Congress not to adopt the requirements due to technical faults in the plan. The shortcomings in question would allow anyone to easily defeat the measure with little technical effort.
Please note, the testimony referenced above was delivered on May 11, 1993. However, that doesn't change its applicability today. In fact, current pressure being applied by law enforcement and intelligence officials over end-to-end encrypted communications appears eerily reminiscent of a similar battle nearly 25 years ago.
Last week, FBI Director James Comey again pushed forward arguments for law enforcement "backdoors" into encrypted communication applications. Comey claimed that the gunmen who attempted to attack a Texas anti-Muslim cartoon event used encrypted communications several times on the day of the attack to contact an overseas individual tied to terrorism. The revelation is part of a renewed lobbying effort to get technology providers to provide what Comey once described as a "golden key" to access encrypted communications. Though the FBI director reluctantly dropped his lobbying efforts for such a backdoor this summer, the attacks in Paris and San Bernardino have raised the issue again. Even President Obama recently asked for technology companies to help give the government access to communications over messaging applications and social media.
Read 18 remaining paragraphs | Comments
I feel our data is best used to provide context to your own logs. So far, there wasnt an easy way to lookup a good number of IP addresses to annotate your logs. We do have an API, but that requires scripting on your end to use. Our most recent experiment makes annotating your logs as easy as copy / paste. All you need to do it copy and paste a log snippet to our Color My Logs page, and the snippet will be marked up with our data.
Any IPs found in your log will be Colored based on our risk rating. We are still refining the risk rating, so any feedback is very welcome. Please let us know ifyou run into a log that isnt parsed correctly or if you experience any other issues.
For a quick run through and some additional details, see this YouTube video.
---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn
Enlarge / An payload that's been modified so it can't be misused. Malicious hackers are using it to perform an object injection attack that leads to a full remote command execution. (credit: Sucuri)
Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.
A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.
"Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked," the blog post reported. "That means that probably every other Joomla site out there is being targeted as well."
Read 2 remaining paragraphs | Comments
Enlarge (credit: @coldhakca)
Twitter has warned dozens of users that their account data may have been targeted by state-sponsored hackers.
In e-mails sent to security researchers, journalists, and activists over the past few days, Twitter officials said there's no evidence the attacks were successful. Still, the messages said Twitter officials are actively investigating the possibility that the accounts were breached. Dozens of users have reported receiving the advisory, with this list showing 36 people and this one listing 32 users.
"As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors," one e-mail warned. "We believe that these actors (possibly associated with a government) may have been trying to obtain information such as e-mail addresses, IP addresses and/or phone numbers."
Read 2 remaining paragraphs | Comments
Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed.
Built on a security-hardened version of the Xen hypervisor, Qubes protects users by allowing them to partition their digital lives into virtual machines. Rather than focus solely on security by correctness, or hide behind security by obscurity, Qubes implements security by isolation—the OS assumes that the device will eventually be breached, and compartmentalises all of its various subsystems to prevent an attacker from gaining full control of the device. Qubes supports Fedora and Debian Linux VMs, and Windows 7 VMs.
One of the biggest problems with Qubes is that hardware support can be tricky. In order to take full advantage of the OS's many innovative security features, you'll need a CPU that supports virtualisation technology, including both Intel VT-x (or AMD-v) and Intel VT-d (or IOMMU), plus a BIOS with TPM (for Anti-Evil Maid). Running a dozen VMs or more, as many Qubes users do, can be resource-intensive, so plenty of RAM and a fast processor are essential.
Read 18 remaining paragraphs | Comments
Posted by InfoSec News on Dec 14
http://www.chicagotribune.com/news/local/breaking/ct-skokie-atm-skimming-met-20151213-story.htmlPosted by InfoSec News on Dec 14
http://arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/Posted by InfoSec News on Dec 14
http://www.networkworld.com/article/3014438/security/us-homeland-security-wants-heavy-duty-iot-protection.htmlPosted by InfoSec News on Dec 14
http://www.golocalprov.com/news/new-hacker-claims-to-have-taken-sensitive-data-from-city-of-providencePosted by InfoSec News on Dec 14
http://www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/