Category Archives: News

Malware Archaeology Updates Windows Logging Cheat-Sheets

The ‘Windows Logging Cheat Sheet’, ‘Windows File Auditing Cheat Sheet’ and ‘Registry Auditing Cheat Sheet’ have been updated for 2016.  The cheat sheets have been updated in part due to auditing improvments[sic] added by the ‘Windows 10 Anniversary Update’ released earlier this year.  We also took the opportunity to do some cleanup and add more autorun keys to the registry auditing cheat sheet.  Updates are easy to spot, just look for ‘new‘.

Go get ’em and watch for the updated Log-MD!

http://hackerhurricane.blogspot.com/2016/10/the-windows-logging-file-and-registry.html

Try the Critical Stack Intel Client

Richard Bejtlich writes:

You may have seen in my LinkedIn profile that I’m advising a security startup called Critical Stack. If you use Security Onion or run the Bro network security monitoring platform (NSM), you’re ready to try the Critical Stack Intel Client.

Bro is not strictly an intrusion detection system that generates alerts, like Snort. Rather, Bro generates a range of NSM data, including session data, transaction data, extracted content data, statistical data, and even alerts — if you want them.

Read the full article and give it a try!  Initial feedback is good.

“TrueCrypt is not secure,” official SourceForge page abruptly warns

via “TrueCrypt is not secure,” official SourceForge page abruptly warns | Ars Technica:

The advisory, which Ars couldn’t immediately confirm was authentic, touched off a tsunami of comments on Twitter and other social media sites. For than a decade, the open source and freely available TrueCrypt has been the program of choice by many security-minded people for encrypting sensitive files and even entire hard drives. Last year, amid revelations the NSA can decode large swaths of the Internet’s encrypted data, supporters ponied up large sums of money to audit TrueCrypt. Results from phase one of the audit released last month revealed no evidence of any backdoors. Additional audits were pending.

They aren’t sure if the warning is authentic or if it was posted by hackers.  So, as always, take your security with a grain of salt.

Apple Users Fend Off Ransom Attacks Against iPhones & Macs

Happily, the attack can apparently be deterred by having a strong unlock passcode, which you already have set, right?

Owners of Mac and iOS devices have found their iPhones and iPads held for ransom through a hack that targets the Find My iPhone and Find My Mac features on these devices to trigger a remote lock of the device.

The Find My iPhone feature is meant to allow users to track missing devices on a map, remotely lock the phone in the event that the device is lost or stolen and display a message so that those who find it will see that custom message. First surfacing in numerous reports in Australia yesterday, this attack claims through the custom message to be perpetrated by an Oleg Pliss, likely a pseudonym given that the most visible person by that name is a software engineer at Oracle. The malicious hacker responsible asks through the displayed message for users to pay $100 through PayPal for the privilege of unlocking their phones.

via Apple Users Fend Off Ransom Attacks Against iPhones & Macs.

Heartbleed SSL Flaw Angst Aggravated by Broken Disclosure Process

I wasn’t aware that only a handful of companies were notified of the vulnerability before it was published.  That is not best practice.

Via Heartbleed SSL Flaw Angst Aggravated by Broken Disclosure Process:

NEWS ANALYSIS: The decade’s most serious security issue was packaged and branded, but many server administrators and service providers were left in the dark.

[…]

Google and cloud security vendor CloudFlare were among a very small group that somehow got early access to the flaw and were able to be patched on April 7 prior to the public advisory from OpenSSL.

CloudFlare CEO Matthew Prince told eWEEK that his firm was in fact notified early last week by researchers involved in discovering the bug. Other vendors and Web services, including cloud vendors, however, did not apparently get the same message. Cloud services vendor DigitalOcean is among those that was left scrambling on April 7 to patch servers.

Tripwire has a free tool to scan your environment for Heartbleed-vulnerable devices and apps.  Find it here, and good luck!
http://www.tripwire.com/state-of-security/vulnerability-management/how-to-detect-the-heartbleed-openssl-vulnerability-in-your-environment-2/

Patch quickly, patch often.