Information Security

I had an unusual experience when using an Integral Crypto FIPS 197 device on a new laptop. This particular device uses TotalLock.exe on a read-only CDFS partition to enter the decryption key (password) to mount a hidden partition. When I went to access the device, i.e. run TotalLock.exe from the D: drive, the message: Failed to initialize secure device After investing the system event logs with minimal information, and checking the executable wasn’t blocked from explorer, I considered how Windows Defender might be affecting the device....

Photo by Austin Distel on Unsplash Hiding Malware in Share Buttons Some creative individuals have found a way of hiding card skimming malware in the sharing buttons used on various websites. A timely reminder to know what 3rd parties you us and what they might be vulnerable to. Novel Online Shopping Malware Hides in Social-Media Buttons Google, Adobe, Valve and Microsoft Patches Both Google and Microsoft emitted a slew of updates in the last week including fixes for undisclosed vulnerabilities in Chrome, Windows and Microsoft Teams....

Photo by Daniel Stub on Unsplash Disclosure: This page contains Amazon Affiliate links; as an Amazon Associate I earn from qualifying purchases. Further information can be found in my disclaimer and privacy policy. Mouse I bought a Razer Basilisk V2 when it was on Cyber Weekend deals on Amazon; pretty good for fairly decent mouse, I see plenty of people using Zowie Mice which either means they are sponsored by BenQ/Zowie or they are really the best mice for CS:GO — I’ll leave it to you to decide....

Photo by seth schulte on Unsplash Threat Hunting with JARM SANS comes through with an article on using JARM to hunt threats; this is an area I have started getting interested in given the increased threat landscape we find ourselves in. InfoSec Handlers Diary Blog If you know code is vulnerable, would you ship it? Dark Reading goes into some detail on the critical factors why vulnerable code is shipped in the first place....

Photo by Marcin Kempa] on Unsplash Proactive Security and Threat Modeling Manifestos have become a mainstay of information technology with everyone publishing a manifesto articulating the what a group of people subscribe to; generally of the form “we prefer this, over that”. __ InfoSec is no different and this week we had a Threat Modeling Manifesto — this is key as threat modeling is the cornerstone of proactive information security management so well worth a read....

Photo by Efe Kurnaz on Unsplash I’ll just sneak this into your in-tray Crafty sellers on the dark web have found a way to sneak e-mails into your inbox without sending them across the internet. This renders tools like Mimecast ineffective against this kind of attack; all is not lost however as the user would need to be phished before this could work. Tool sneakily implants malicious emails into inboxes, but it can be thwarted Innovation has been rife this year within the cybercrime community, The Register called this out in their article on Monday Morning:...

Photo by Andrey Trusov on Unsplash Victim Blaming in Information Security Starting off this week on a low note, in my opinion, is the disturbing revelation that in 2020 we still think shaming people is an effective strategy to defend against phishing attacks. A paper published on the 29th October seems to suggest that after doing a study of 142 employees in New Zealand that a name and shame approach would work....

Photo by Mauro Sbicego on Unsplash I was due to be going away this weekend so I had planned to delay publishing this until Monday; however due to a new national lockdown in the UK, I am no longer able to travel. The bright side is I have time to publish this at the weekend, small mercies. Google’s Project Zero discloses a vulnerability in the Windows Kernel October felt like a busy month for anyone dealing with Windows on their network; and was certainly a reminder of the value of a Defence in Depth strategy is key....

Photo by marcos mayer on Unsplash IT moves to a zero-trust, decentralised model (Saturday) Looks like Google were on the right track with BeyondCorp as Coronavirus has very succinctly put the “impenetrable border” approach to IT Security on notice. With millions of knowledge workers able to be productive from home, but failing to get access to resources as VPNs and Identity and Access Managements solutions struggle. Threat automation, decentralized architecture among emerging post-COVID cyber trends | SC Media Checkpoint followed up a few days later with a series on videos on how their products could secure a remote workforce:...

Photo by David von Diemar on Unsplash Cyber-villains Targeting Office 365 and G-Suite users (Monday) Given the impacts of COVID-19 and Working from Home a necessity for many in the industry; cyber attacks this week have leveraged vulnerabilities in well known brands including the RAC. The article has good advice for Security and Operations teams to configure their mail-filters appropriately: Breaking News: Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains |… Tesla AutoPilot can be tricked with subliminal messages (Monday) A couple of frames in a hacked video billboard video can trick a Tesla into taking inappropriate action:...