Archive for June 23, 2022

Horizon3.ai Intros NodeZero App For Splunkbase & Offers Free Trial

Posted in Commentary with tags on June 23, 2022 by itnerd

Horizon3.ai introduced the NodeZero app for Splunk, available via Splunkbase. It enables Splunk environments to leverage NodeZero and the attacker’s perspective to improve the effectiveness of Splunk deployments and ensure they’re logging the right data to get the most out of Splunk. 

The NodeZero app for Splunk can automate data pulls from NodeZero APIs which are then ingested into the Splunk Cloud Platform. The app will integrate with the Splunk user experience to help users: 

  • Find, fix, and verify logging blind spots
  • Decide where to increase and decrease logging based on the criticality of the host
  • Take inventory of assets and reconcile the attacker’s perspective of your cyber terrain

Splunk administrators are often under pressure to maximize their license value – it’s often impossible to log everything, so it’s hard to know if they are expending resources appropriately to ensure they’re logging the right data. NodeZero can help identify where logging is most needed, so that the organization’s resources are deployed for maximum impact.

NodeZero maintains an action log of every command it has executed during a pentest. The NodeZero App for Splunk offers insights to identify blind spots in logging and create a fast feedback loop to find, fix, and verify missing data by using the action log to highlight what should have been detected when particular exploits were executed.

Identifying critical hosts: Not all hosts are critical. Some are important enough to log everything, while others may not have access to data or critical systems and thus have less requirements for logging. NodeZero is able to identify risk on specific hosts with context. For ExampleA “low” criticality server in the CMDB might have enabled an attack path where NodeZero ultimately achieved Domain Admin – NodeZero would dynamically reclassify this host as CRITICAL risk based on the proven attack path and impact during a pentest operation. It lets organizations leverage the attacker’s perspective provided by NodeZero to inform their Splunk logging strategy.

Revealing “ghost hosts” & shadow IT: NodeZero inventories every reachable host within the organization’s environment during a pentest. This can often easily reveal a blind spot: are all those hosts seen in Splunk Cloud Platform? Often organizations will find hosts they didn’t know existed, were unaware had been added, or even rogue devices that aren’t known to anyone (shadow IT). The app lets users reconcile NodeZero-discovered hosts with existing IT assets in Splunk – marrying the traditional and the attacker’s perspectives to achieve greater insight.

Horizon3.ai is also offering a free trial of the NodeZero App for Splunk.

Huawei Showcases The Next Generation Of Cutting-Edge Products

Posted in Commentary with tags on June 23, 2022 by itnerd

Today, Huawei presented its key strategic areas of focus during this challenging time and announced new, cutting-edge products including 16-inch laptops MateBook D 16 & 16s and the latest addition to the audio family of devices, the FreeBuds Pro 2. Huawei also launched the lightest foldable smartphone Mate Xs 2. 

HUAWEI FreeBuds Pro 2: World’s first Hi-Res Dual Sound System TWS

In the Audio category, Huawei has launched a device that will please all fans of crystal-clear music and voice – FreeBuds Pro 2. The new earbuds stand out with exquisite sound quality achieved thanks to their Dual Sound System. Adopting the integrated two digital-to-analogue converters (DAC) chips and a quad-magnet dynamic driver with advanced digital frequency crossover technology, allowing the device to distinguish between high and low frequencies, coupled with LDAC High-Resolution codec, the HUAWEI FreeBuds Pro 2 bring the purest sound quality in the industry. Equipped with the industry’s first Triple MIC ANC TWS system that is able to provide 15%  more noise reduction capabilities as compared to the previous model. In certain scenarios, a maximum of 47dB noise reduction depth can be achieved. HUAWEI FreeBuds Pro 2 is also equipped with three dynamic audio listening optimization algorithms which are able to detect changes in volume, differences in ear canal structure and changes in wearing status in real-time. The new earbuds also support Huawei’s All-Scenario Seamless AI Life approach thanks to easy connectivity with any smartphone operating system and great usability in all daily scenarios.

HUAWEI Mate Xs 2: Huawei’s lightest and flattest foldable smartphone

The HUAWEI Mate Xs 2 is Huawei’s brand-new flagship foldable smartphone with outward folding design and ultra-light, ultra-slim body, marks a milestone in the Huawei’s history, as of this premiere the company owns the most complete portfolio of foldable smartphones, including models with an inner and outer display, and flip phones. When unfolded, the Mate Xs 2’s screen becomes as flat and smooth as a mirror, bringing users a more immersive foldable experience, perfect for both entertainment and work. The smartphone is also equipped with other flagship features, such as a 50MP True-Chroma Camera that supports HUAWEI XD Optics, taking mobile photography to new heights. The new device also dispels the concerns about the unreliable battery in foldable smartphones, boasting a 4600mAh battery, with 66W HUAWEI SuperCharge for ultra-fast charging on the go.

HUAWEI Matebook D 16 & 16s: 16-inch laptop with a traditional 15.6-inch body size for work, study and play

Those of us who work remotely, but miss the traditional office setup with a large monitor, will be pleasantly surprised by the latest additions to Huawei’s laptop portfolio. The company has noticed the consumers’ need for more workspace on their screens, combined with a post-pandemic desire for more flexibility at work, and launched a new product line with a 16-inch FullView display. The HUAWEI MateBook D16 and 16s feature a 16-inch vast display that offers ample space for work and makes managing many tasks at once easy. The MateBook lineup is powered by the 12th Gen Intel® Core™ H- Series Processor with TDP of up to 40W, dual channel RAM and a high-speed solid-state drive, which handles multitasking and complex usage scenarios flawlessly and efficiently, such as data analysis, code compilation, opening multiple webpages, charts, or PowerPoints, allowing users to view content more easily on a larger and taller display area, without the need to compromise on other aspects such as high performance. Moreover, with the D 16 & 16s models, Huawei makes seamless cross-device experiences even more streamlined with multi-device file management and AI search to further enable device collaboration and allow easy file transmission between PC, smartphone, and tablet, breaking the barriers of data sharing between devices. What’s more, users can be productive on the move thanks to the HUAWEI MateBook D 16 & 16s high portability thanks to their light metallic body of weight similar to traditional 15.6-inch laptops.

Availability

HUAWEI FreeBuds Pro 2 and Selected MateBook 16” laptops will be available in Canada soon.

HUAWEI Mate Xs 2 is not available in Canada. 

Guest Post: Blockchain.com, Luno, And Cardano Are The Top-Most Phished Crypto Projects Says Atlas VPN

Posted in Commentary with tags on June 23, 2022 by itnerd

Even with the crypto market experiencing a crash, crypto scams are still going strong. Phishing scams, in particular, are favored among cybercriminals.

According to the data analyzed by the Atlas VPN team, based on the information provided by the CheckPhish URL scanner tool by Bolster, Blockchain is the most commonly phished crypto project, with 662 phishing websites in the last 90 days. 

Blockchain is followed by cryptocurrency wallet Luno and proof-of-stake blockchain platform Cardano with 277 and 191 phishing pages, respectively.

The data features detected cryptocurrency phishing website numbers in the last 90 days till June 22nd, 2022. 

The next top-most phished crypto brand is Poloniex. The crypto exchange has had 72 phishing websites using its brand in the past three months.

Meanwhile,  NFT marketplace Magic Eden and yet another crypto exchange, Bittrex, share the fifth and the sixth spots on the list with 67 and 65 phishing websites each.

The rest of the top ten includes the largest cryptocurrency exchange Binance with 59 phishing websites,  crypto investing service Apex Crypto with 23 phishing websites, open-source cryptocurrency wallet software MyEtherWallet with 21, as well as Bitcoin wallet service Electrum and Australian cryptocurrency assets exchange BTC Markets each with 16 phishing websites.

Ruta Cizinauskaite, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on crypto phishing scams: “Brand impersonation is a common tacting among cybercriminals as people are more likely to trust the brands they know with their money or information. To lure in their victims, scammers develop counterfeit websites using legitimate brand names, similar-looking URLs or appearances. Crypto scams, in particular, are very lucrative to cybercriminals as cryptocurrency payments are irreversible, uncontrolled by central authorities, and many newcomers are not very knowledgeable in how crypto works.

To read the full article, head over to: https://atlasvpn.com/blog/blockchain-com-luno-and-cardano-are-the-top-most-phished-crypto-projects

Overwhelming SecOps Adaptation Challenges And Funding Expectations For Mission-Critical SOC Modernization: Anvilogic

Posted in Commentary with tags on June 23, 2022 by itnerd

Anvilogic has published a report on the movement toward modernization within enterprise SOCs responsible for threat detection at organizations, showing that SecOps teams are reaching a breaking point. 

New strategies are needed to overcome intertwined, cyclical challenges and increase efficiencies and intelligence while enhancing security postures. The data uncovers challenges driving change in security operations and priorities to address a growing attack surface and threat landscape complexity.

It also reveals improving detection engineering, and the shortcomings of current approaches are top of mind for security strategists and forward-looking data on the payoff expected from transforming a SOC and if the organization will fund the changes required. You can have a look at the report here.

New Phishing Attack Exploits Real Quickbooks Email Domain Using Dark Web Double Spear Techniques: Avanan

Posted in Commentary with tags on June 23, 2022 by itnerd

Avanan has released its newest attack brief that reveals its cybersecurity researchers have observed a new phishing campaign in which hackers are creating email accounts using legitimate QuickBooks domains to send malicious invoices via requesting payments directly from the service. 

In this attack, the hacker spoofed brands including Norton and Office 365 in the body of the message. Between built-in legitimacy of actual Quickbooks email to what hackers on the dark web call a double spear, this new attack represents a particularly deceptive and compelling phishing campaign by manipulating the victims into calling a number and paying an invoice to harvest not only credentials but also their telephone numbers for future attacks, whether it’s via text message or WhatsApp.   

Avanan’s new research analyzes how hackers leverage legitimate and popular websites to get into inboxes and steal credentials and money. You can read the report here.

Adobe Acrobat Blocks Anti-Virus Tools From Scanning PDFs…. WTF?

Posted in Commentary on June 23, 2022 by itnerd

From the “what the hell were they thinking department comes this story about security researchers discovering that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens via blocking what are called DLL injections. Which if you guess that this creates a security risk for the users, you get a gold star:

The outcome of Adobe blocking dll injections of security modules could potentially be catastrophic. When a security product is not injected into a process, this basically disables any visibility it may have on the process and hinders detection and prevention capabilities inside the process and inside every created child processes. Actions performed by the Adobe processes and processes created by it would essentially be much harder to monitor, as will be determining context. It would be easy enough for a threat actor to add a command in the ‘OpenAction’ section of a pdf, which can then execute PowerShell, which could for example, download the next stage malware and execute it reflectively. Any of these actions would not be detected if the security product hooks are missing.  

We contacted Adobe for comment, and they answered that this is due to “incompatibility with Adobe Acrobat’s usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues” 

Now Adobe claims to be working with anti-virus vendors to address this. But the fact that we are even having this discussion in 2022 is mind blowing. Because virus payloads via PDF files have been a thing among threat actors for years. And Adobe has effectively created a scenario for however long it lasts where threat actors can launch attacks on a massive scale.

Adobe gets a #EpicFail for this one.

For QNAP, The Hits Keep Coming As Yet Another Security Issue Disclosed

Posted in Commentary with tags on June 23, 2022 by itnerd

Seriously, QNAP can’t catch a break when it comes to security issues related to their NAS devices. Days after announcing this security flaw, comes a brand new one:

A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config. If exploited, the vulnerability allows attackers to gain remote code execution. 

For CVE-2019-11043, there are some prerequisites that need to be met, which are:

  1. nginx is running, and
  2. php-fpm is running.

As QTS, QuTS hero or QuTScloud does not have nginx installed by default, QNAP NAS are not affected by this vulnerability in the default state. If nginx is installed by the user and running, then the update should be applied as soon as possible to mitigate associated risks.

So in English, if you run some non-default software on your QNAP NAS, you could get pwned. Some fixes are already out, but there are more fixes to come. To be honest, I see this vulnerability as an edge case. But given QNAP’s recent history of security issues, it will put the NAS vendor on even more scrutiny than it is now.