NYTimes - W.T.O. Says American Tariffs on China Broke Global Trade Rules -
A World Trade Organization panel said Tuesday that the United States
violated international trade rules by imposing tariffs on China in 2018
in the midst of President Trump’s trade war.
...
In a statement, Robert E. Lighthizer,
the United States Trade Representative, blasted the World Trade
Organization for trying to prevent the United States from helping its
own workers.
“This panel report
confirms what the Trump Administration has been saying for four years:
The W.T.O. is completely inadequate to stop China’s harmful technology
practices,” Mr. Lighthizer said. “Although the panel did not dispute the
extensive evidence submitted by the United States of intellectual
property theft by China, its decision shows that the W.T.O. provides no
remedy for such misconduct.”
ZDNet - MITRE releases emulation plan for FIN6 hacking group, more to follow -
MITRE and cyber-security industry partners have launched a new
project that promises to offer free emulation plans that mimic today's
biggest hacking groups in order to help train security teams to defend
their networks.
Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity's Center for Threat-Informed Defense.
The project, hosted on GitHub, aims to provide free-to-download emulation plans.
Dark Reading - CISA Issues Alert for Microsoft Netlogon Vulnerability -
The Department of Homeland Security's Cybersecurity and Infrastructure
Security Agency (CISA) has published an advisory warning there is
publicly available exploit code for CVE-2020-1472, a critical elevation
of privilege vulnerability in Microsoft's Netlogon.
"Zerologon," as Secura researchers dubbed
the bug, has a CVSS score of 10.0. It exists when an attacker creates a
vulnerable Netlogon secure channel connection to a domain controller,
using the Netlogon Remote Protocol (MS-NRPC). Microsoft patched the
vulnerability as part of its August Patch Tuesday rollout; it's being
addressed in a two-part rollout, the company reports.
Dark Reading - Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption -
(E)ncrypted traffic inference (ETI) is perhaps the most fascinating of
all emerging alternative approaches. ETI solutions analyze aspects of
encrypted traffic flows to discern whether they are likely to be
malicious, without using decryption.
Based on concepts first published by Cisco Systems researchers in
2016, ETI works by capturing encrypted network flow data attributes --
including DNS metadata, TLS handshake metadata, and HTTP packet headers –
and analyzing them for specific, intricate patterns that indicate
malicious activity.
A number of vendors – including Cisco, Juniper, NTA vendor Corelight,
NDR provider IronNet, and specialist vendor Barac – all offer some
degree of ETI capability today.
Cyberscoop - Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says -
Six suspected Chinese hacking groups have zeroed-in on entities in
the telecommunications sector in the first half of this year, according
to CrowdStrike research published Tuesday.
While CrowdStrike did not identify the groups by name, attackers have
likely been running their hacking operations in an effort to steal
sensitive data about targets, or to conduct intellectual property theft,
researchers at the threat intelligence firm determined. CrowdStrike
also did not identify the targets.
Okta - CrimeOps: The Operational Art of Cyber Crime -
The secret of FIN7’s success is their operational art of cyber crime.
They managed their resources and operations effectively, allowing them
to successfully attack and exploit hundreds of victim organizations.
FIN7 was not the most elite hacker group, but they developed a number of
fascinating innovations. Looking at the process triangle (people,
process, technology), their technology wasn’t sophisticated, but their
people management and business processes were.
Their business… is crime! And every business needs business goals, so I wrote a mock FIN7 mission statement:
Our mission is to proactively leverage existing long-term,
high-impact growth strategies so that we may deliver the kind of results
on the bottom line that our investors expect and deserve.
How does FIN7 actualize this vision? This is CrimeOps:
- Repeatable business process
- CrimeBosses manage workers, projects, data and money.
- CrimeBosses don’t manage technical innovation. They use incremental improvement to TTP to remain effective, but no more
- Frontline workers don’t need to innovate (because the process is repeatable)
BBC - Boeing's 'culture of concealment' to blame for 737 crashes -
The US report is highly critical of both Boeing and the regulator, the Federal Aviation Authority (FAA).
"Boeing
failed in its design and development of the Max, and the FAA failed in
its oversight of Boeing and its certification of the aircraft," the
18-month investigation concluded.
Threatpost - Report Looks at COVID-19’s Massive Impact on Cybersecurity -
Cynet found that cybercriminals are not just “sort of” leveraging the
COVID-19 pandemic, they’re going all in. Cybercriminals are pulling
out their entire arsenal of new attack methods to best ensure attack
success. This is like a sports team using all the new plays they’ve
developed in one game rather than spreading them out across the season.
The report states
that the percentage of attacks using new techniques has historically
been around 20%. That is, 80% of attacks have used well-known
techniques that are easily identified assuming companies have updated
preventative measures in place.
Since the start of the COVID-19 pandemic, Cynet found that new
attacks jumped to roughly 35% of all attacks. New attack techniques
cannot be sufficiently detected by antivirus software alone and can only
be effectively discovered using newer behavioral detection mechanisms.
That is, the new detection approaches must be used to detect the new
attack techniques being deployed.
Help Net Security - How security theater misses critical gaps in attack surface and what to do about it -
The insurance industry
employs actuaries to help quantify and manage the risks insurance
underwriters take. The organizations and individuals that in-turn
purchase insurance policies also look at their own biggest risks and the
likelihood they will occur and opt accordingly for various deductibles
and riders.
Things do not work the same way when it comes to cyber security. For
example: Gartner observed that most breaches are the result of a
vulnerability being exploited. Furthermore, they estimate that 99% of
vulnerabilities exploited are already known by the industry and not
net-new zero-day vulnerabilities.
How is it possible that well known vulnerabilities are a significant
conduit for attackers when organizations collectively spend at least $1B
on vulnerability scanning annually? Among other things, it’s because
organizations are practicing a form of security theater: they are
focusing those vulnerability scanners on what they know and what is
familiar; sometimes they are simply attempting to fulfill a compliance
requirement.
NYTimes - Police or Prosecutor Misconduct Is at Root of Half of Exoneration Cases, Study Finds -
According to the report, by the National Registry of Exonerations,
official misconduct contributed to false convictions in 54 percent of
exonerations, usually with more than one type of misconduct. Over all,
men and Black exonerees “were modestly more likely to experience
misconduct,” although there were larger differences by race when it came
to drug crimes and murder
/r/Netsec - Lateral Movement Detection GPO Settings Cheat Sheet
Twitter -
15 weeks left, publishing my next book. Jam packed with pen testing, GPEN & OSCP prep, exam questions, tools & virtual machines. Looking for testers, RT for coverage