The top three countries countries are Russia, United States, and China. Russia remains at #1. China moved back up to #3. September 2017’s report can be found here.
General
Exploiting Virtual Machines with RAM Row-Hammer Attacks
Jared Hall General No Comments
A “Row-hammer” attack exploits a physical problem that exists in RAM where an attacker can actually cause bit-flips in DRAM memory. This has already been exploited and attacks successfully gained kernel privileges. Researchers have taken this a step further and, by exploiting a Host kernel feature known as “memory de-duplication”, can flip bits in a controller […]
The Cyber Kill-Chain: Revisited
Jared Hall General No Comments
The Nay Sayers Trolling through articles released this week, I came across a review of Lockheed Martin’s “Cyber Kill Chain” that was written by CSO Online: https://www.csoonline.com/article/2134037/cyber-attacks-espionage/strategic-planning-erm-the-practicality-of-the-cyber-kill-chain-approach-to-security.html on 11/7/2017. I found the article to be somewhat disingenuous. The CSO Online article was more of a rehash of a Dark Reading article: https://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542? written on 11/18/2014. “We’re not afraid to […]
Office 365: Lackluster Anti-Spam/Malware Performance
Jared Hall General No Comments
I came across this article in Dark Reading: https://www.darkreading.com/cloud/office-365-missed-34000-phishing-emails-last-month/d/d-id/1330282? As indicated in the post, this is based on the standard Exchange Online Protection (EOP) services offered by Microsoft, not Advanced Threat Protection (ATP). I currently run two manage much smaller Email systems for two ESPs. I’ve always worried about anti-spam measures, trying to be effective, without too […]
Oh Brother (printers): Denial-Of-Service
Jared Hall General No Comments
Brother printers that are connected to a network are vulnerable to a Denial-Of-Service (DOS) attack through the printer’s embedded web server (called “Debut”). Of course, the attacker must have the ability to access the printer’s Web Server. No Brother printer should be exposed to the Internet. You should also put Brother printers on their own […]
Divorce eSecurity: Practical Electronic Security
Jared Hall General, Internet Security No Comments
Author: Jared Hall Revision: 1.1 URL: https://www.jaredsec.com/2017/11/08/divorce-esecurity/ Original Date: 11/11/2010 Revision Date: 11/07/2017 Introduction Separation or divorce is never a good thing. In the case of contested divorces, where the split of assets is complex, the same passion which once brought you and your partner together is often negatively directed to tear each other apart. This […]
WordPress Update
Jared Hall General No Comments
There is an issue with $wpdb->prepare() that can lead to unsafe queries and SQL Injection attacks. This does not occur with WordPress core, but can affect add-on plugins and themes. If you do not have Automatic Updates enabled, please download the new release as soon as possible. The WordPress bulleting is here: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Social(Networking+Engineering) Defeats Physical Security
Jared Hall General No Comments
I found an interesting article on Motherboard from a Pentester named Sophie Daniel. She did more than your standard online cybersecurity Penetration Testers do; she gained unrestricted physical access to a secure facility. Here’s the general process of the attack: Acquired Business Information Solicited business Information through website data, aerial/satellite photographs, and maps. Acquired Personnel […]
Chrome Browser Update: 62.0.3202.75
Jared Hall General No Comments
Google has released Chrome version 62.0.3202.75 for all operating systems. This fixes a high-severity stack-based buffer overflow bug. My Chrome browser did not update automatically, but did so when I went into Settings->Help->About Chrome. Threat Post has a more detailed write-up here: https://threatpost.com/google-patches-high-severity-browser-bug/128661/
Bits on Bitcoin!
Jared Hall General, Internet Security No Comments
Author: Jared Hall Revision: 1.0 URL: https://www.jaredsec.com/2017/11/01/bits-on-bitcoin Date: 11/01/2017 Introduction In the midst of the global financial crisis, a paper was anonymously authored in November of 2008. It described a peer-to-peer, distributed, electronic payment system without the oversight of a “trusted” central party, like a bank, PayPal, or the Federal Reserve. The paper was titled: “Bitcoin“. […]