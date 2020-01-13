Security Leftovers
Nmap Basics - The Security Practitioner's Swiss Army Knife
To elaborate on Xavier's and Bojan's excellent nmap diaries over the last few days, I thought that today might be a good day to go back to basics on nmap and demonstrate why nmap really is a security practitioner’s swiss army knife and should be in each of our testing toolkits.
SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!
Salt is used for configuring, managing and monitoring servers in datacenters and cloud environments.
The Salt installation is the “master” and each server it monitors runs an API agent called a “minion”. The minions send state reports to the master and the master publishes update messages containing instructions/commands to the minions. The communication between the master and its minions is secured (encrypted).
US drafts rule to allow Huawei and US firms to work together on 5G standards, sources say
The U.S. Department of Commerce is close to signing off on a new rule that would allow U.S. companies to work with China's Huawei Technologies on setting standards for next generation 5G networks, people familiar with the matter said.
Tool fatigue prompts IBM to deploy open-source-based security solution
One problem confronting the enterprise world today is that when data is stored in multiple platforms, it also takes multiple security tools to keep that information safe.
A SANS Institute survey found that nearly half of respondents lacked visibility into data processed within their own organizations and 55% struggled with the lack of integration between security analytics tools and cloud platforms.
OSS vulnerabilities
The enticement of OSS is undeniable, and the vibrant open source community has rallied, resulting in significant contributions to the open source movement. As a result, developers are increasingly turning to OSS to aid their organisation’s transformation.
By embracing OSS, companies realise major economic and productivity benefits, in addition to a positive impact on their bottom line. OSS enables organisations to move even faster by harnessing prefabricated building blocks to bootstrap the software development process and drive forward innovation.
[...]
Open source plays a pivotal role in the success and/or failure of software development teams. However, whilst the benefits of OSS are generally understood by the software developer community, the risks may not. It should be fully understood by developers that OSS is not immune to potential security risks. The core security risks in using OSS are like other types of software assets. All code comes with security risks and developers mustn’t put undue trust in OSS code. As companies use a greater amount of open source code, it introduces vulnerabilities that expose a company to risks and possible breaches.
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware [iophk: Windows TCO]
Overall, Fresenius employs nearly 300,000 people across more than 100 countries, and is ranked 258th on the Forbes Global 2000. The company provides products and services for dialysis, hospitals, and inpatient and outpatient care, with nearly 40 percent of the market share for dialysis in the United States. This is worrisome because COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis machines and supplies.
On Tuesday, a KrebsOnSecurity reader who asked to remain anonymous said a relative working for Fresenius Kabi’s U.S. operations reported that computers in his company’s building had been roped off, and that a cyber attack had affected every part of the company’s operations around the globe.
Snake Ransomware hits Europe’s largest private hospital operator Fresenius during COVID-19 outbreak [iophk: Windows TCO]
Snake ransomware operators, like other ones, also steal unencrypted files before encrypting the infected systems, then they threaten the victims to release the data if they don’t pay the ransom.
[Old] Windows 10 users on alert over terrifying new SNAKE attack [iophk: Windows TCO]
While locking away your treasured data, SNAKE will also automatically disable any remote management tools or remote management software. That means your local IT technicians won’t be able to remote take-over your machine to have a snoop around and try to help resolve the problem. Instead, your computer will now be locked off from the system.
[Old] Snake alert! This ransomware is not a game… [iophk: Windows TCO]
Once it’s scrambled your data, Snake dumps a “What happened to your files?” document on your desktop: [...]
This malware actually writes this file, called Fix-Your-Files.txt, into what Windows calls the ‘public desktop’, usually in the directory C:\Users\Public, where it shows up in the background for every user on the system.
Modern versions of systemd can cause an unmount storm during shutdowns
One of my discoveries about Ubuntu 20.04 is that my test machine can trigger the kernel's out of memory killing during shutdown. My test virtual machine has 4 GB of RAM and 1 GB of swap, but it also has 347 NFS mounts, and after some investigation, what appears to be happening is that in the 20.04 version of systemd (systemd 245 plus whatever changes Ubuntu has made), systemd now seems to try to run umount for all of those filesystems all at once (which also starts a umount.nfs process for each one). On 20.04, this is apparently enough to OOM my test machine.
Report: Microsoft’s GitHub Account Gets [Cr]acked
GitHub is a popular software development platform that provides hosting software to about 40 million developers, who use it for version control of their software. Microsoft acquired GitHub for $7.5 billion in October 2018.
What one cybersecurity company has learned from responding to Maze ransomware [iophk: Windows TCO]
Maze ransomware has wreaked havoc across North America and Europe in the last year, leading to warnings from the FBI and the Department of Homeland Security. They have hit over a dozen sectors, from construction to financial services to transportation. But some of the hackers’ most effective tactics are less novel than reflective of broader trends of how savvy ransomware gangs operate, according to Mandiant, FireEye’s incident response team. Maze is a microcosm for a type of criminality that needs to be studied carefully to be countered.
Like others involved in ransomware, the people behind Maze are not one group but a series of distinct teams with specialties, according to Mandiant. One team develops the malware, another distributes it and, when the victim pays a ransom, the developers get a commission.
This leads to jockeying among criminals looking to maximize their profits.
FreeType 2.10.2 and More
Kernel: EXT4, FSGSBASE, Intel and Torvalds on Working From Home
Android Leftovers
