Video Screencast Help
Cyber Security Group
Showing posts in English
MSS Global Threat Response | 24 Feb 2014 | 0 comments

EXECUTIVE SUMMARY:

On February 20th 2014, Symantec published a blog on a new zero-day vulnerability in Adobe Flash (CVE-2014-0502) being exploited in the wild. Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux in Adobe Security Bulletin APSB14-07. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. 

This Adobe Flash zero-day, Adobe Flash Player and AIR CVE-2014-0502 Remote Code Execution Vulnerability (CVE-2014-0502), is being used in a watering hole attack. This new attack has...

Kevin Haley | 20 Feb 2014 | 0 comments

It’s hard to think of a time when IT Security didn’t feel overburdened, but it’s only going to get worse. As mobile devices and the Internet of Things force their way into corporate structures, the number of risks that IT Security must account for is increasing substantially.

End-users have invaded corporate networks with mobile devices.  These devices have clear advantages for productivity and end-user happiness, but allowing mobile devices to be used for business creates new ways for employees to walk out of the corporation with corporate data, and new ways to walk in with malware.

To compound this potential for additional vulnerability, very few of these end-users realize the risks around these devices.  Research from a Norton Report shows that mobile device users engaged in risky behaviors at a much higher rate than when using a PC.  Many people...

Jeannie Warner | 19 Feb 2014 | 0 comments

I’m excited to see so many changes going on in the areas of cyber security. Our leadership recognizes the future trend of organizations needing to drive intelligent security instead of the older concept of just layering products to address individual issues, which I think responds well to a world where people are realizing that there’s no single solution or product, no ‘silver bullet’ that will keep their organization safe. Even the threats themselves are evolving, with malware coders actively adjusting their attacks with every patch and signature the good guys put out. We’ve built this awareness into our whole security strategy at Symantec, and as our fiscal year comes to a close I can look back on what we’ve done and where we’re going with real enthusiasm.

Looking backward, in the last 12 months in Managed Security Services we’ve re-architected how we handle and process big data to provide a...

MSS Global Threat Response | 19 Feb 2014 | 0 comments

EXECUTIVE SUMMARY:

FireEye published a blog on a new unpatched vulnerability in Microsoft Internet Explorer 10 (CVE-2014-0322) being exploited in the wild on 2/14/2014. The compromised website (vwg[.]org) was injected with an iframe that redirects the user to the attacker’s malicious page, which then runs a Flash file. The Flash file contains shell code and it downloads a PNG file from a remote site upon successful execution of the IE vulnerability. The PNG file has a DLL and EXE embedded at the bottom. The DLL launches the EXE which is the payload.

Data uncovered during Symantec investigation suggests a connection between this attack and the malicious actors known to Symantec as Hidden Lynx. The data indicates the same infrastructure is being leveraged as found in a previous attack by this group who used...

MSS Global Threat Response | 10 Feb 2014 | 0 comments

EXECUTIVE SUMMARY:

Credit and debit card data theft is one of the earliest forms of cybercrime and persists today. Cybercrime gangs organize sophisticated operations to steal vast amounts of data before selling it in underground marketplaces. Criminals can use the data stolen from a card’s magnetic strip to create clones. It’s a potentially lucrative business with individual cards selling for up to $100.

There are several routes attackers can take to steal this data. One option is to gain access to a database where card data is stored.  Another option is to target the point at which a retailer first acquires that card data – the Point of Sale (POS) system.

Modern POS systems are specially configured computers with sales software installed and are equipped with a card reader. Card data can be stolen by installing a device onto the card reader which can read the data off the card’s magnetic strip. This is a process known as “skimming”. As...

vince_kornacki | 10 Feb 2014 | 4 comments

In previous installments we constructed our mobile development toolchain and cross compiled, installed, and executed TCPDUMP on our CyanogenMod Mobile Device. Now it's time to complete our mission by forwarding packets captured by TPCDUMP on our CyanogenMod Mobile Device to Wireshark on our Debian Workstation in order to conduct realtime mobile device network traffic monitoring within a slick GUI interface. First we'll need to download Netcat, the network Swiss army knife. And of course we'll need to cross compile Netcat for ARM processors. I sure hope you were paying attention in the previous installments! First unpack Netcat:

root@debian $ tar zxvf netcat-0.7.1.tar.gz
[OUTPUT TRUNCATED]

Then move into the newly created Netcat directory and set the "CC" environment variable to specify the ARM C compiler and the "LDFLAGS" environment...

vince_kornacki | 10 Feb 2014 | 8 comments

​In previous installments we installed our mobile development toolchain and cross compiled LIBPCAP and TCPDUMP. Now it's finally time to install and execute TCPDUMP! CyanogenMod includes a terminal emulator, however in my humble opinion it's much easier to type commands on a regular workstation keyboard. We can utilize the Android Debug Bridge (ADB) in order to connect to our CyanogenMod Mobile Device from our Debian Workstation. First we'll need to install the ADB package onto our Debian Workstation:

root@debian $ apt-get install android-tools-adb
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
android-tools-adb
[OUTPUT TRUNCATED]

Next we'll need to enable USB debugging on our CyanogenMod Mobile Device. Open the CyanogenMod "Settings" application and notice that there's currently no "Developer...

vince_kornacki | 10 Feb 2014 | 0 comments

In the previous installment we installed our mobile development toolchain. Let's keep the party rockin' and download the latest versions of LIBPCAP and TCPDUMP. LIBPCAP is the packet capture library required by TCPDUMP. First let's unpack LIBPCAP and move into the newly created LIBPCAP directory:

root@debian $ tar zxvf libpcap-1.5.3.tar.gz
libpcap-1.5.3/
libpcap-1.5.3/grammar.y
libpcap-1.5.3/pcap_setnonblock.3pcap
libpcap-1.5.3/fad-glifc.c
[OUTPUT TRUNCATED]

root@debian $ cd libpcap-1.5.3

Now it’s time to make the magic happen! Time to cross compile TCPDUMP! I know that’s not as exciting as pulling a rabbit out of hat or sawing a lovely assistant in half, but you can only do so much in a blog post. First we'll need to set the "CC" environment variable to specify the ARM C compiler:

root@debian $ export CC=arm-linux-gnueabi-gcc

Note this environment variable syntax is specific to Bash and...

vince_kornacki | 10 Feb 2014 | 0 comments

TCPDUMP is extremely useful for monitoring network traffic when debugging applications and performing penetration tests. Unfortunately Android mobile devices do not include the TCPDUMP program. However, do not despair. This blog series will provide step-by-step instructions for cross compiling, installing, and running TCPDUMP on Android mobile devices. As Michael Buffer would say right before Hulk Hogan brings the smack down, "Let’s get ready to rumblllllllllllle!"

First things first. You'll need to root your Android device in order to run TCPDUMP. For the purposes of this blog series we’ll use CyanogenMod 11 (based on Android 4.4 KitKat) on our mobile device and Debian Jessie (the current Testing release) on our workstation. CyanogenMod is mobile device firmware based on the open-source Android operating...

Stuart.Broderick | 03 Feb 2014 | 0 comments

This quotation is very appropriate when we consider protecting information against cyber threats. Putting this quote into context, means that as the maturity of an organizations Information Security Management System (ISMS) increases; the organization becomes less susceptible to successful cyber threats and, in many cases, prevents those threats from causing damage to the organization.

To eliminate any confusion in this blog, let’s define what we mean by “maturity” in this context. Maturity is not about the age of the ISMS program. Although many successful mature ISMSs have been developed and used over multiple years, it’s about the degree or extent of integration between the information security policy, standards and processes together with inter-dependence of associated technologies used to affect the security controls. Additionally, the maturity of the ISMS is also about how well integrated and supportive the program is with the overall goals and objectives of the...