1st tip, don’t use what you don’t know. 2nd tip even if you know the company, do a bit of investigating before installing.
3rd tip always back up what you can’t afford to lose. Nothing is ever 100% so you need a way back if what you depend on to keep
you safe, fails.
Closer to home, EFF warned because of the recent 'supply chain" CCleaner attack:
Read:
https://air.mozilla.org/why-and-how-of-reproducible-builds-distrusting-our-own-infrastructure-for-safer-software-releases/
also
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
Why it becomes harder and harder to have trust in Trust!
polonus
A simple analogy. A Restaurant with one excellent cook is pretty trustworthy.
When expansion happens and we now have 10 cooks, that trustworthiness now decreases because it’s harder to trust 10 people.
It also becomes harder to track the responsible person when something goes wrong. It also becomes harder to quickly correct the problem.
Poor Internal Security Measures/Practices Take a Toll:
More data lost or stolen in first half of this year than in all of 2016
http://breachlevelindex.com/assets/Breach-Level-Index-Report-H1-2017-Gemalto.pdf
→ https://www.theregister.co.uk/2017/09/20/gemalto_breach_index/
Wise up, folks, now learn and educate, don’t be sloppy or let yourselves be dumbed down
by legit and illegal data grabbers :o
pol
More concerns about the CCleaner Control and Command Server,
additional malware has been installed to a small number of victims,
approx. 20 servers with 8 organizations, that have infested around 2.2 million users.
Thanks to api-hacker group: “Chinese time zone PRC, APT17/Group 72”.
Read: http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Some more background on this sophisticated hacker group:
https://blogs.cisco.com/security/talos/opening-zxshell & https://attack.mitre.org/wiki/Group/G0001
Information the info stealer gathers:
local hostname
organization
owner
operating system details
CPU speed
total physical memory
polonus
Serious gaping hole in Joomla CMS - update asap: https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
pol
Word Press plug-in developers partnered with spammers and spammed you for 4 to 5 years:
https://www.wordfence.com/blog/2017/09/coordinated-plugin-spam/
It’s all about the money… ;D
pol
Continuing update on the Ccleaner investigation:
https://blog.avast.com/progress-on-ccleaner-investigation
In the light of the recent CCleaner data breach with many victims in my country, the Netherlands I pondered on this info,
that has been available for us all for quite some time. But what can the common end-user do, when no one protects us
against the spooks that instigate this on the infrastructure… :o
Where government agents put us at risk, command-and-control-server with weaknesses and RATs:
Read:
http://searchsecurity.techtarget.com/feature/Command-and-control-servers-The-puppet-masters-that-govern-malware
&
https://campustechnology.com/articles/2017/05/02/industry-tool-detects-thousands-of-c2-server-rats.aspx
&
https://www.fireeye.com/blog/threat-research/2010/09/chasing-cnc-servers-part-2.html
&
https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html
(use Google translate to do a quick and dirty translation into English)
If there is no hardenened server security or low end insecure C2 servers are being used, those entities (groups/firms) these actions are directed against are “food for the birds” soon. Helped by weak implementations, hiding data traffic via non-public clouds with all sorts of holes, like we had cloudbleed, etc. Unsigned versions :o → https://www.theregister.co.uk/2017/09/21/slack_linux/
It is a mess, dear forum folks, and it is going from bad to worse. What they wanna cover?
polonus
This went wrong with the CCleaner compromittal : Wrong low-end server administering.
- One did not have any insight in (non-standard) network traffic;
- No following up/alert for the server being low on diskspace;
- No following up/alert that logging was being removed / Did they have permission (RCE/EoP?);
- No log backup but an external system;
- No follow up/alert that the database was corrupted;
- No follow up/alert that a re-installation of the database had been taken place.
Hopefully avast servers are better being protected…
polonus
Heartbleed, Cloudbleed… Is there more , yes -Optionsbleed:
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
Not always configured as should be: https://simonecarletti.com/blog/2016/08/redirect-domain-http-https-www-apache/
polonus
Another one to join the leakers’band. Verizon: https://www.theregister.co.uk/2017/09/22/verizon_falls_for_the_old_unguarded_aws_s3_bucket_trick_exposes_internal_system/
Data breaches, data breaches and more data breaches: https://mackeepersecurity.com/post/verizon-wireless-employee-exposed-confidential-data-online
polonus
P.S. More clumsiness, Adobe looses a private key online: https://www.theregister.co.uk/2017/09/22/oh_dear_adobe_security_blog_leaks_private_key_info/
D
Hundreds of firms vulnerable to be hacked easily via support ticket:
polonus
Malicious website crypto-mining:
Re: https://unix.stackexchange.com/questions/144412/why-am-i-getting-inconsistent-ip-values-from-icanhazip-com-or-curlmyip-com
and https://forums.malwarebytes.com/topic/167967-2325325467-hxxpicanhazipcom/
and https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-ADRF/detailed-analysis.aspx
polonus
P.S. Also look here: http://www.badbitcoin.org/thebadlist/
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
Interesting, Pondus, very in teresting, all around LA’s ServerCrate C2 server,
and the links to Rumania, shortly a peak into the sordid little world of state actor infostealers.
Not a place to dwell in…
polonus
Activist attacked by advanced targeted PHISHING: https://www.eff.org/deeplinks/2017/09/phish-future
Scary, are Big Brother agents fighting free expression that does not fits them well?
polonus
The Coming Software Apocalypse:
https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/
polonus
Apple computers are at risk from flawed updates, researchers find
https://www.cnet.com/news/apple-macbook-vulnerable-firmware-updates/
[b]Apple may not be alone[/b] Smith said Windows computers likely have similar (or worse) problems, but he doesn't yet have data to support that suspicion.
Internet wide security update on hold: https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016766.html
There are a number of reasons why systems may not be ready to accept the new KSK key:An old configuration with the 2010 key written into the code itself.
A failure to implement the RFC 5011 protocol that will automatically update the key.
Flaws or conflicts in software that prevent the automatic rollover from happening, or accepting the change when it does happen.
No matter what the reason, it is an indication of how incredibly difficult it is to update the internet on a network-wide basis. Just look at IPv6.
pol