In the news
- Eugene Kaspersky’s security biz saw turnover crash by a quarter in North America following the US government’s decision to remove the antivirus software from federal systems.
- 140 million accounts from MyFitnessPal have appeared for sale on the dark web almost 1 year after the data was stolen.
Research, reports, opinions
- Researchers have shown that it is possible to extract the master password from Locked Password managers including Keepass, Dashlane, 1Password, and LastPass.
- An interesting write-up by Talos on techniques used by malware to evade detection using human interaction prompts and false C2 domains to detect sandbox environments.
- Proof that simple hacks still work; a description of credential stealing malware called Separ that makes no real attempts to hide it’s techniques. Targets are sent a .exe file by email, the executable runs visual basic scripts that use tools from https://securityxploded.com to dump credentials before then uploading to https://www.freehostia.com using a hard coded username and password.
- Another example of malware using modular approaches to download their payload, this time using legitimate remote admin tool Radmin.
- Trivial example of how to bypass IPS/ IDS. When we tested the proof of concept it bypassed Snort IPS without a problem.
- If you use Office 365 and leverage Pass Through Authentication (PTA) here is a good reason to protect your AD Connect server to avoid credential harvesting.
- Cisco has released 18 security advisories in the last week, 7 of which are rated “High”. Items affected include Prime, Hyperflex, and Open Containers.
- SAP has released their February advisories; 13 in total, 4 with a CVE scope above 8.
- Adobe has released updates that includes resolution of an issue recently demonstrated where just opening a file allow NTLM credentials to be captured via SMB.
- Highly Critical vulnerability in Drupal website CMS.
UK industry events
- 7-8 March 2019, London, Identity and Access Management Summit
- 12-13 March 2019, London, Cloud and Cyber Security Expo
- 27-28 March 2019, London, The World Cyber Security Congress
- 14 March 2019, London, CRESTCon
- 24-25 April 2019, Glasgow, CYBERUK
- 25-26 April 2019, London, Cyber Security and Cloud Expo
- 9 May 2019, London, GovSec
- 4-6 June 2019, London, Infosecurity Europe
- June 2019, London, Security BSides
- 9 July, London, The Cyber Security Summit
- 23-24 September, Windsor, Information Security Network
- 9-10 October, London, Cyber Security Europe (part of IP Expo)
- October 2019, London, FT Cyber Security Summit Europe
- 20 November 2019, London, Cyber Security Summit