|
CyberheistNews Vol 4, 32
Editor's Corner
Scam Of The Week: See Robin Williams Last Words On Video
Last night, news broke that Robin Williams was found dead in his home in Marin County, CA. It is suspected that it was either a suicide or an overdose. This is a celebrity death that the bad guys are going to be exploiting in a variety of ways. You have to warn your users right away that a series of scams are underway using the Williams death as social engineering trick. Whatever ruse is being used, your users will wind up with either infected workstations at the house or in the office, giving out personal information or get scammed some other way. Give them a heads-up they need to Think Before They Click related to this topic. For KnowBe4 Customers, there is a new template in the Current Events section that I suggest you send to everyone more or less immediately.
My Black Hat Trip - What Was Scary, Cool, And Interesting?
This is a special issue with all the things I thought were scary, cool and interesting at Black Hat. Like I said, KnowBe4's Chief Hacking Officer Kevin Mitnick was at the show and he signed 700 books in a 3-hour span at the FireMon booth, Whew! Here is the line that ran all the way back to the show floor. Everyone got their picture taken with Kevin, who was incredibly popular. (Third from the left in picture below) So, if you could not make it to Black Hat, this newsletter is a roundup of the things I found. I'm taking the approach of leveraging all the press that covered the show, so I am linking to the best and most informative articles and slideshows out there. Let's start with the scary! NetworkWorld has a slideshow that has the best "terrifying" summary, in the item directly following. More about some of them futher below.
The 10 Most Terrifying Security Nightmares At Black Hat
Hacked planes. Unstoppable, utterly malicious flash drives. Hotel automation gone crazy. These are the 10 most terrifying security stories out of the premier hacker and security conferences in Las Vegas. Remember that most of these exploits are scarier in theory than in fact, but they still offer a startling glimpse into the dangers inherent in an increasingly connected world. Here are the creepiest security stories coming out of Black Hat and Def Con in 2014. http://www.networkworld.com/article/2462896/security0/the-10-most-terrifying-security-nightmares-revealed-at-the-black-hat-and-def-con-hacker.html?
Quotes of the Week
"Truth, like gold, is to be obtained not by its growth, but by washing away from it all that is not gold." - Leo Tolstoy "I don't regret the things I've done, I regret the things I didn't do when I had the chance." - Unknown Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe, you can do that right here
|
CRYPT HAPPENS
The latest ransomware infection vector the bad guys use is via Dropbox or other cloud-storage links. You can try to simply block all zip attachments through your network security appliance, but if a user gets social engineered and clicks on a link to zip file in the cloud and opens it, that's very hard to defend against. Crypt happens. Your backups may fail to restore for one reason or another, and you don't know in advance. The best cure is prevention!
Time to get proactive and step your end-users through effective user education. Find out how affordable Kevin Mitnick Security Awareness Training is for your organization, get a quote now and learn more about our new crypto-ransom guarantee: http://info.knowbe4.com/ransomware-cryptolocker-guarantee_primary_14-08-12
Live from DEF CON - Social Engineering
Right after Black Hat, the DEF CON starts in Vegas, and many people attend both conferences. Steve Ragan wrote: "Social Engineering and DEF CON have always gone hand-in-hand, but after some of the things I've seen on the floor this weekend, it would seem that people have forgotten this – or the surge of new attendees have erased that barrier of awareness. In fact, I'm willing to bet the growth of DEF CON over the last few years has only increased the pool of people completely unaware of Social Engineering, both passive, direct, and indirect. There have been many examples to what I'm thinking about, but I'm just going to stick to what I feel are the biggest examples for this post." He's listing some good social engineering examples: http://www.csoonline.com/article/2463460/social-engineering/salted-hash-live-from-def-con-social-engineering.html
U.S. Should Buy Up Zero Day Attacks For 10 Times Going Rate
The U.S. government should pay 10 times the going rate for zero-day software flaws in order to corner the market and then make those vulnerabilities public to render them less potent for attackers, Black Hat 2014 attendees were told yesterday. That would reduce the overall threats against Internet traffic in general and cost less than the damage that actual exploits cause, says Dan Geer, chief information security officer at In-Q-Tel, the venture capital arm of the Central Intelligence Agency. More: http://www.networkworld.com/article/2462706/security0/black-hat-keynote-u-s-should-buy-up-zero-day-attacks-for-10-times-going-rate.html?
Network-Attached Storage Devices More Vulnerable Than Routers
A security review of network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code.
Jacob Holcomb, a security analyst at Baltimore-based Independent Security Evaluators, is in the process of analyzing NAS devices from 10 manufacturers and has so far found vulnerabilities that could lead to a complete compromise in all of them. More: http://www.networkworld.com/article/2462601/security/networkattached-storage-devices-more-vulnerable-than-routers-researcher-finds.html
Most USB Drives Can Be Reprogrammed To Silently Infect Computers
Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected, security researchers found.
The problem is that the majority of USB thumb drives, and likely other USB peripherals available on the market, do not protect their firmware - the software that runs on the microcontroller inside them, said Karsten Nohl, the founder and chief scientist of Berlin-based Security Research Labs. More: http://www.networkworld.com/article/2460542/security/most-usb-thumb-drives-can-be-reprogrammed-to-silently-infect-computers.html
How To Crack Just About Everything
From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology. Great slide show: http://www.networkworld.com/article/2458470/security/160362-Black-Hat-2014-How-to-crack-just-about-everything.html
TSA Security Equipment Has Backdoors
According to a presentation given by Billy Rios at the Black Hat security conference in Las Vegas, a US Transportation Safety Administration (TSA) system in use at airport checkpoints contains default backdoor passwords. The technician accounts are hardwired into the software, and changing the associated passwords would be disruptive to the system: http://www.scmagazine.com/black-hat-airport-security-equipment-at-risk/article/365044/
Black Hat USA 2014: Scenes From The Show
From tin foil hats to hackable baseball stadiums, there were quite a few interesting and entertaining sights at this year's Black Hat USA: http://www.csoonline.com/article/2463166/security-leadership/black-hat-usa-2014-scenes-from-the-show.html
The Best Swag At Black Hat
The best SWAG at Black Hat, here is a slide show with some fun. I have one of those green Cisco light-up sunglasses, pretty cool: http://www.networkworld.com/article/2462860/security/161261-10-ways-to-get-noticed-at-Black-Hat.html?
The Black Hat Quiz 2014
Black Hat draws the elite of the security world to one place and has earned a reputation for introducing shocking new security exploits, takeovers of seemingly secure gear, means of recruiting botnets and ways to steal identities. The flip side is that all of this malicious education can be used to help protect networks, devices and data. Here is a brief set of questions about past Black Hats to test how well you know the contributions they have made to the infosec community. Keep track of your score and check at the end to see how well you did. http://www.csoonline.com/article/2454281/security/the-black-hat-quiz-2014.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
OK, start with this full screen and HD - Speedflying! Derek Dutton swoops between two high-rise buildings in Hawaii: http://www.flixxy.com/speedflying-between-buildings.htm?utm_source=4
Having just seen the David Copperfield Magic Show in Vegas, he had something similar. Magician Dani Lary and his beautiful assistant Nadina do some amazing "teleportation" for the French TV show "The Worlds's Greatest Cabaret": http://www.flixxy.com/teleportation-magic-by-dani-lary.htm?utm_source=4
Educating College Kids About Human Rights Through Live Music Concerts. This is a worthwhile project! Support it at IndieGoGo: http://igg.me/at/rockforhumanrights/x
Olaf Diegel reveals his first prototype of 3D-printed alto saxophone: http://www.gizmag.com/odd-olaf-diegel-3d-printed-saxophone/33217/?
2015 Dodge Challenger SRT Hellcat - Jay Leno's Garage. Wow..707 HP: https://www.youtube.com/watch?v=MWMjR3r-nsI
The 'Hot-Crazy Matrix' - a funny "engineer's guide" to dating women. Also includes the 'Cute vs Rich Matrix' for women dating men: Note: This is comedy. Any resemblance to real persons is purely coincidental: http://www.flixxy.com/hot-crazy-matrix-a-mans-guide-to-women.htm
Kevin Richardson gives an important message about wildlife conservation, when Tao the lion expresses his opinion on the matter: http://www.flixxy.com/lion-interrupts-an-important-message-about-wildlife-conservation.htm?utm_source=nl
Comedy: Finally a car that is good looking, affordable and runs on clean, environmentally friendly renewable energy: http://www.flixxy.com/a-car-that-runs-on-clean-renewable-energy-comedy.htm?utm_source=4
Amazing training of a flock of ducks by a farmer in Russia: http://www.flixxy.com/impressive-duck-training-by-a-farmer-in-russia.htm
In a study conducted by MIT researcher Abe Davis, vibrations caused by sound are extracted using high-speed video, turning everyday objects into "visual microphones." http://www.washingtonpost.com/posttv/national/health-science/the-visual-microphone-passive-recovery-of-sound-from-video/2014/08/04/098665de-1c0c-11e4-9b6c-12e30cbe86a3_video.html
|
|