bob3160
5461
1st tip, don’t use what you don’t know. 2nd tip even if you know the company, do a bit of investigating before installing.
3rd tip always back up what you can’t afford to lose. Nothing is ever 100% so you need a way back if what you depend on to keep
you safe, fails.
polonus
5462
bob3160
5463
A simple analogy. A Restaurant with one excellent cook is pretty trustworthy.
When expansion happens and we now have 10 cooks, that trustworthiness now decreases because it’s harder to trust 10 people.
It also becomes harder to track the responsible person when something goes wrong. It also becomes harder to quickly correct the problem.
polonus
5464
Poor Internal Security Measures/Practices Take a Toll:
More data lost or stolen in first half of this year than in all of 2016
http://breachlevelindex.com/assets/Breach-Level-Index-Report-H1-2017-Gemalto.pdf
→ https://www.theregister.co.uk/2017/09/20/gemalto_breach_index/
Wise up, folks, now learn and educate, don’t be sloppy or let yourselves be dumbed down
by legit and illegal data grabbers :o
pol
polonus
5465
More concerns about the CCleaner Control and Command Server,
additional malware has been installed to a small number of victims,
approx. 20 servers with 8 organizations, that have infested around 2.2 million users.
Thanks to api-hacker group: “Chinese time zone PRC, APT17/Group 72”.
Read: http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Some more background on this sophisticated hacker group:
https://blogs.cisco.com/security/talos/opening-zxshell & https://attack.mitre.org/wiki/Group/G0001
Information the info stealer gathers:
local hostname
organization
owner
operating system details
CPU speed
total physical memory
polonus
polonus
5466
polonus
5467
Word Press plug-in developers partnered with spammers and spammed you for 4 to 5 years:
https://www.wordfence.com/blog/2017/09/coordinated-plugin-spam/
It’s all about the money… ;D
pol
bob3160
5468
polonus
5469
In the light of the recent CCleaner data breach with many victims in my country, the Netherlands I pondered on this info,
that has been available for us all for quite some time. But what can the common end-user do, when no one protects us
against the spooks that instigate this on the infrastructure… :o
Where government agents put us at risk, command-and-control-server with weaknesses and RATs:
Read:
http://searchsecurity.techtarget.com/feature/Command-and-control-servers-The-puppet-masters-that-govern-malware
&
https://campustechnology.com/articles/2017/05/02/industry-tool-detects-thousands-of-c2-server-rats.aspx
&
https://www.fireeye.com/blog/threat-research/2010/09/chasing-cnc-servers-part-2.html
&
https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html
(use Google translate to do a quick and dirty translation into English)
If there is no hardenened server security or low end insecure C2 servers are being used, those entities (groups/firms) these actions are directed against are “food for the birds” soon. Helped by weak implementations, hiding data traffic via non-public clouds with all sorts of holes, like we had cloudbleed, etc. Unsigned versions :o → https://www.theregister.co.uk/2017/09/21/slack_linux/
It is a mess, dear forum folks, and it is going from bad to worse. What they wanna cover?
polonus
polonus
5470
This went wrong with the CCleaner compromittal : Wrong low-end server administering.
- One did not have any insight in (non-standard) network traffic;
- No following up/alert for the server being low on diskspace;
- No following up/alert that logging was being removed / Did they have permission (RCE/EoP?);
- No log backup but an external system;
- No follow up/alert that the database was corrupted;
- No follow up/alert that a re-installation of the database had been taken place.
Hopefully avast servers are better being protected…
polonus
polonus
5471
polonus
5472
polonus
5473
polonus
5474
Pondus
5475
polonus
5476
Interesting, Pondus, very in teresting, all around LA’s ServerCrate C2 server,
and the links to Rumania, shortly a peak into the sordid little world of state actor infostealers.
Not a place to dwell in…
polonus
polonus
5477
Activist attacked by advanced targeted PHISHING: https://www.eff.org/deeplinks/2017/09/phish-future
Scary, are Big Brother agents fighting free expression that does not fits them well?
polonus
polonus
5478
Pondus
5479
Apple computers are at risk from flawed updates, researchers find
https://www.cnet.com/news/apple-macbook-vulnerable-firmware-updates/
[b]Apple may not be alone[/b]
Smith said Windows computers likely have similar (or worse) problems, but he doesn't yet have data to support that suspicion.
polonus
5480
Internet wide security update on hold: https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016766.html
There are a number of reasons why systems may not be ready to accept the new KSK key:
An old configuration with the 2010 key written into the code itself.
A failure to implement the RFC 5011 protocol that will automatically update the key.
Flaws or conflicts in software that prevent the automatic rollover from happening, or accepting the change when it does happen.
No matter what the reason, it is an indication of how incredibly difficult it is to update the internet on a network-wide basis. Just look at IPv6.
pol
