Monday, April 25, 2016

Trying to get back into this - What I am reading 4/25/2016

Starting the new job today.  Have to wear slacks and a button down shirt ... yeech, but I guess you have to do what you have to do.  

Okay, here we go...

Ars Technica -  Active drive-by exploits critical Android bugs, care of Hacking Team -

The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered "root" access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.
It's the first time—or at least one of only a handful of times—Android vulnerabilities have been exploited in real-world drive-by attacks. For years, most Android malware has spread by social engineering campaigns that trick a user into installing a malicious app posing as something useful and benign. The drive-by attack—which has been active for at least the past 60 days and was discovered by security firm Blue Coat Systems—is notable because it's completely stealthy and requires no user interaction on the part of the end user.
The Verge - The US is dropping 'cyberbombs' on ISIS  -

The US has begun launching cyberattacks against ISIS, The New York Times reports, marking a significant shift in its battle against the terrorist organization. According to the Times, the US Cyber Command has been tasked with carrying out the campaign, which aims to disrupt ISIS' communications, recruitment, and financial operations. American officials are also hopeful that their open discussion of the cyber campaign will force ISIS operatives to doubt the security of their communications.
This is going to escalate quickly- and not in a way we are going to like.

Dark Reading - How Best To Back Up Your Data In Case Of A Ransomware Attack -

 There’s no protection from ransomware without backup. The first question a security pro will ask you when you report a ransomware attack is whether you have any backups. In many instances, simply by having a backup copy, you can then erase the drive, reinstall the operating system, restore the backup copy, and then start fresh. So remember:  no backup, no protection from ransomware.
Backups are just a generally accepted part of a disaster recovery or business continuity plan and everyone should be doing them but the plan presented here has some flaws.  1.  It's too complicated for home users.  Most Home users don't understand things like realtime backups and weekly incrementals or taking snapshots during upgrades.  Those recommendations don't really do them much good.  2.  It's unrealistic for businesses.  I can't think of a single organization that just automatically accepts patches from any vendor.  Especially one where data availability is a key concern.  Too many things can and do break.  Now if what they mean is that once you have approved a patch it should be pushed out to the endpoints automatically then yes I agree, but to my knowledge that is a pretty common practice already.

That's it for today.  If I actually had any readers I would apologize for such a crappy post after such a long absence, but I don't so I won't.




Post a Comment

What I am reading (or maybe watching) 10/18/2017

DefCon - ICS Village: Grid Insecurity and How to Really Fix This Shit - I tried to see this talk while at DefCon, but the room they ...