Tuesday, September 15, 2020

What I Am Reading 9/15/2020 - Nothing has really changed 3 years after the Equinox hack and The US has Dropped the Ball On Innovation

 Errata Security - Cliché: Security through obscurity (yet again) -

Obscurity has problems, always, even if it's just an additional layer in your "defense in depth". The entire point of the fallacy is to counteract people's instinct to suppress information. The effort has failed. Instead, people have persevered in believing that obscurity is good, and that this entire conversation is only about specific types of obscurity being bad.

Schneier on Security -  The Third Edition of Ross Anderson’s Security Engineering -

Coming in December 2020

IT Security Guru - Study identifies gaps in corporate cybersecurity systems -

A survey of 13,000 remote workers conducted by Trend Micro has discovered that almost 40% are accessing company data from their personal computers, tablets and phones. 

 Threatpost - Office 365 Phishing Attack Leverages Real-Time Active Directory Validation -

In the phishing attack, access to this immediate feedback “allows the attacker to respond intelligently during the attack,” researchers with Armorblox said on Thursday. “The attacker is also immediately aware of a live compromised credential and allows him to potentially ingratiate himself into the compromised account before any remediation.”

Yahoo - Feds ‘Very Concerned’ About AstraZeneca Vaccine Side Effect -

The Food and Drug Administration is weighing whether to follow British regulators in resuming a coronavirus vaccine trial that was halted when a participant suffered spinal cord damage, even as the National Institutes of Health has launched an investigation of the case.


A great deal of uncertainty remains about what happened to the unnamed patient, to the frustration of those avidly following the progress of vaccine testing. AstraZeneca, which is running the global trial of the vaccine it produced with Oxford University, said the trial volunteer recovered from a severe inflammation of the spinal cord and is no longer hospitalized.

BBC -  Ex-Google boss Eric Schmidt: US 'dropped the ball' on innovation -

In the battle for tech supremacy between the US and China, America has "dropped the ball" in funding for basic research, according to former Google chief executive Eric Schmidt.

And that's one of the key reasons why China has been able to catch up.

Dr Schmidt, who is currently the Chairman of the National Security Commission on Artificial Intelligence, said he thinks the US is still ahead of China in tech innovation, for now.

 Threatpost - Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Monday advisory. CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.

Related - Cyberscoop - Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says -

Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday.

Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA).

 Threatpost - Chinese database detailing 2.4 million influential people, their kids, their addresses, and how to press their buttons revealed -

A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.

That company is Shenzhen Zhenhua and the academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

Balding and security researcher Robert Potter have co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

SC magazine - What’s really changed three years after Equifax breach?   -

“Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon Black.

The breach led to significant fines and the retirement of Equifax’s chief executive and chief information officer, congressional probes and proposed legislative and regulatory changes. It also saw the credit monitoring company take a huge hit to its reputation.

But even with lessons from the Equifax breach looming large, organizations still are caught flat-footed by similar threats, in part because those threats continue to evolve and proliferate – and attackers are persistent. 

Threatpost - Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems -

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems.

The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that’s licensed by many of the top industrial control system (ICS) software vendors, including Rockwell Automation and Siemens. CodeMeter gives these companies tools to bolster security, help with licensing models, and protect against piracy or reverse-engineering.


No comments: