image
Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on victims’ machines – simply by persuading them to open a file, researchers with Check Point Software said on Wednesday. “We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer,” said Nadav Grossman with Check Point in the analysis. “The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.” WinRAR is a popular file-archiving utility for Windows, which can create and allow viewing of archives in Roshal Archive Compressed (RAR) or ZIP file formats, and unpack numerous archive file formats. Researchers specifically found a path-traversal vulnerability in unacev2.dll, a third-party dynamic link library in WinRAR used for parsing ACE (a data compression archive file format) archives. A path-traversal attack allows attackers to access directories that they should not be accessing, like config files or other files containing server data that is not intended for public. Click to Expand. When taking a closer look at unacev2.dll, researchers found that “it’s an old dated dll compiled in 2006 without a protection mechanism. In the end, it turned out that we didn’t even need to bypass them,” said Grossman. Due to the lack of protections and support for unacev2.dll, researchers were able to easily rename an ACE file and give it a RAR extension within unacev2.dll. When opened by WinRAR, the fake ACE file containing a malicious program is extracted to the system’s startup folder – so the program would automatically begin running when the system starts. Ultimately, if a bad actor used spear-phishing tactics to send an unknowing victim a disguised ACE file, and the victim opened the file in WinRAR, the file would automatically extract in the victim’s startup folder and malware could then be quickly planted on the system. The video below shows the proof-of-concept (PoC). The PoC makes use of a chain of vulnerabilities (CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, CVE-2018-20253). After researchers informed WinRAR of the issue, the vulnerability was patched in a new version of the software on Jan. 28, 5.70 beta 1. A WinRAR spokesperson told Threatpost: “We have removed support for the ACE file format from WinRAR in the new Beta version 5.70.” On an update on its website, WinRAR said: “WinRAR used this third-party library to unpack ACE archives. unacev2.dll had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.” File-compression flaws have piqued the interest of exploit vendors such as Zerodium, who earlier last year offered up $10,000 for zero-day vulnerabilities in WinRAR and other compression platforms. We're still paying up to $100,000 for #0day exploits (code execution) affecting major file archivers: WinRAR, 7-Zip, WinZip (on Windows) or tar (on Linux). For more information: https://t.co/fKnggJyb0H #BigBounties — Zerodium (@Zerodium) October 18, 2018

Source

image
Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years. The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format. However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal. According to researchers, they found an “Absolute Path Traversal” bug in the library that could be leveraged to execute arbitrary code on a targeted system attempting to uncompress a maliciously-crafted file archive using the vulnerable versions of the software. The path traversal flaw allows attackers to extract compressed files to a folder of their choice rather than the folder chosen by the user, leaving an opportunity to drop malicious code into Windows Startup folder where it would automatically run on the next reboot. As shown in the video demonstration shared by researchers, to take full control over the targeted computers, all an attacker needs to do is convincing users into just opening maliciously crafted compressed archive file using WinRAR. Since the WinRAR team had lost source code of the UNACEV2.dll library in 2005, it decided to drop UNACEV2.dll from their package to fix the issue and released WINRar version 5.70 beta 1 that doesn't support the ACE format. Windows users are advised to install the latest version of WinRAR as soon as possible and avoid opening files received from unknown sources.

Source

image
Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners. With so many previously outlined ways to infiltrate networks on-board shipping vessels (think satcom hacking, phishing, USB attacks, insecure crew Wi-Fi, etc.), the question becomes, what could an adversary do with that access? “If one was suitably motivated, perhaps by a nation-state or a crime syndicate, one could bring about the sinking of a ship,” said Pen Test Partners researcher Ken Munro, in a stark assessment of maritime cyber-danger this week. At issue is the fact that critical ship control systems, including IP-to-serial converters, GPS receivers or the Voyage Data Recorder (VDR), tend to be easily compromised; some on-board devices for instance still run Windows XP and Windows NT, and converters rarely have their admin passwords changed. Those that do have non-default credentials will likely have such out of date firmware that they’re easily exploited anyway: Munro pointed out that many of the Moxa device servers commonly found aboard vessels were recently found to be vulnerable to a firmware downgrade attack that allowed trivial compromise. “It’s a low-skill attack,” Munro told Threatpost. “Password security and patch management are so poor at sea that compromise does not require significant expertise. There’s a documented case of a kid finding a mobile drilling platform control system using Shodan and clicking buttons to see what happened. I believe they unintentionally took the dynamic positioning system offline.” These easily hacked devices communicate with a raft of control systems via a standardized messaging system, called NMEA 0183 messaging (it’s a superset of the messaging format that GPS devices use). These include autopilot systems, propulsion control, dynamic positioning, engine control, ballast control and digital compasses – everything that’s needed to steer a ship off-course or cause catastrophe. “The messages are usually exchanged using RS485 serial datacomms, either directly or encapsulated over IP networks,” Munro said in a posting. “In some cases, CAN is used as a bridge between IP and serial. Any point where serial meets IP is a point where the hacker can potentially access the messaging system.” Once the hacker is able to reach the control systems, it would for instance be possible to replay the Hoegh Osaka incident, where a car carrier’s ballast tanks weren’t properly filled, which resulted in the ship developing a heavy list during a tight turn out of the port. It narrowly avoided capsize, thanks only to a favorable wind blowing. “Modern ballast control systems provide remote monitoring and operation from the bridge, usually running on a PC,” Munro explained. “So, the attacker would simply send the appropriate serial data to the ballast pump controllers, causing them all to pump from port to starboard ballast tanks. That change in trim alone could cause a capsize.” He added, “If the change in ballast wasn’t enough to sink the vessel by itself, when a list had started to develop, send a NMEA message to the autopilot, commanding a turn to starboard. Or, send a helm message commanding the same turn direction. The list, combined with the change in stability when turning, is likely to cause a capsize.” Access to the control systems could be remote or local, depending on the attacker. PTT has done prior research on remote attacks over satcoms; and serial network attacks can be carried out remotely via the satcom connection, or by physically locating the convertors. “Any half-decent attacker can happily abuse these operating systems all day long and still cover their tracks effectively,” Munro said. Previous research has shown that other concerning attacks are possible as well, such as forcing a ship off-course or causing collisions. The issue with remediating the dismal state of maritime security is a lack of clearly defined responsibility for security, according to the researcher. “It’s a lack of awareness,” he told Threatpost. “Ship owners are rarely the ship operator, charter parties are rarely interested in security. When responsibility and liability for security incidents is unclear, it’s hard to determine who should take control of patching and cyber-risk management. Clarity is urgently required; several organizations such as the [International Maritime Organization] are taking action, though it will take time for processes to change.” Interested in learning about mobile enterprise security threats and best practices? Don’t miss our free Threatpost webinar on Feb. 27 at 2 p.m. ET. Join Threatpost senior editor Tara Seals, Patrick Hevesi of Gartner; Mike Burr of Google Android; and David Richardson from Lookout. They’ll discuss the top evolving threats and risks that are unique to this work-from-anywhere environment; best practices for addressing them; and new challenges on the horizon, such as 5G services.

Source

image
An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials. Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the Middle East, and North America – and the bad actors behind the attack continue to upload stolen data daily, researchers with Deep Instinct told Threatpost. The campaign’s effectiveness stems from a simple but dangerous tactic used by the Separ credential-stealer for evading detection: Using a combination of legitimate executable files and short scripts. “Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective,” said Guy Propper with Deep Instinct in a Tuesday post. Earlier variants of Separ have existed since November 2017, with related info-stealers being active in the wild as far back as 2013, researchers said. What sets this stealer apart is its use of a simply but tricky technique dubbed “living off the land.” Hackers have used this popular tactic in the past to launch attacks based on legitimate files which are either common within the organization attacked, or are widely-used administrative tools. The legit files can be abused to perform malicious functions. For Separ, that means using very short script and batch files, as well as legitimate executables, to carry out all of its malicious business logic. These legitimate executables, explained in more depth below, include a browser-password and email-password dump tools by SecurityXploded, as well as software from NcFTP. Attack Process The attack starts with a phishing email that contains a malicious attachment – in this case, a decoy PDF document that purports to be a self-extracting executable. According to researchers, the fake documents relate to quotations, shipments and equipment specifications, and appear to target businesses. Once the victim clicks on the attached “PDF document,” the self-extractor calls wscript.exe to run a Visual Basic Script (VB Script) called adobel.vbs. After the VB Script begins running, it executes an array of short batch scripts which have various malicious functions. The scripts masquerade as fake Adobe-related programs, with the malicious scripts and executable files named to resemble Adobe related programs, researchers said. “The self-extractor contains within itself all files used in the attack – a VB Script, two batch scripts and four executable files, with the following names: adobel.vbs, adob01.bat, adob02.bat, adobepdf.exe, adobepdf2.exe, ancp.exe and Areada.exe,” researchers said. “Many of the files are named to resemble files related to Adobe.” These scripts carry out a slew of malicious functions, which include changing the system’s firewall settings and stealing all of its email and browser credentials. Meanwhile, the malware also opens up an empty decoy .jpg image to hide its activities from the victim. In order to steal credentials, Separ uses password-dumping tools provided by SecurityXploded. SecurityXploded, which exists in the initial self-extractor, collects various user credentials and uploads them to the hosting service. Interestingly, the malware uses an File Transfer Protocol (FTP) client to upload its stolen data to a legitimate service called freehostia[.]com. Both this executable and the service are legitimate, researchers said: The source of ancp.exe is a real FTP software provider (NcFTP), and FreeHostia is a well-known and widely-used hosting service. “We were able to access the FTP server several times, and the growth in the number of victims was clearly visible, meaning the attack is ongoing and successfully infecting many victims,” researchers said. Ongoing Attack Access to the hosting service used by Separ in this recent attack shows that its activity continues, and data stolen from many additional victims is being uploaded daily, researchers said. “The attack has affected hundreds of companies, located mainly in Southeast Asia and the Middle East, with some targets located in North America,” said Propper. “Based on the names of the fake documents which initiate the attack, it appears the attacker is targeting business organizations, as most fake documents appear to be concerned with quotations, shipments and equipment specifications.” Researchers urged potential victims to restrict the use of scripts and scripting tools in their firms and avoid clicking on unknown or untrusted links: “Infection through social engineering is the most common method of infection,” said Propper.

Source

image
By Waqas Password Managers aren’t as secure as you might assume – Security researchers claim that hackers can steal master passwords in PC memory. Password managers are considered as one of the most suitable options when it comes to keeping your online credentials safe from being hijacked and exploited by cybercriminals. However, unfortunately, the latest research findings […] This is a post from HackRead.com Read the original post: Severe flaws in password managers let hackers extract clear-text passwords

Source

image
Shazam, the handy app that uses audio recognition to tell you what song is playing over any given set of speakers, has reportedly eliminated all third-party software developer kits (SDKs) in its iOS version except for one: HockeyApp. Apple, which bought the startup for $400 million last year, has dismantled Facebook Ads, Doubleclick ads, Facebook Analytics and a raft of others, according to analysis from appfigures. Microsoft’s HockeyApp is still active though. The app collects live crash reports for apps, gets feedback from app users, distributes betas and analyzes test coverage. Appfigures, which keeps tabs on mobile apps, also noted that on the Android operating system Shazam removed AdColony, AdMob, Amazon Ads, Facebook Analytics in the latest update. But others, such as Facebook Login and Google Maps, are still enabled. HockeyApp meanwhile was removed from the Android version more than a year ago, it said. There are a few reasons Apple could be making this move. For one, third-party SDKs, while they can provide important plug-in functionality for mobile apps, also have a tendency to harvest or leak data where they shouldn’t. Ad-targeting and tracking has been a privacy hot potato of late as well, and Apple in general has taken some high-profile steps this year to be perceived as coming down on the side of consumer. In January, Apple revoked Facebook’s enterprise iOS developer certificate on the heels of finding a “Facebook Research” VPN app that was being distributed to consumers; the app paid teens and Millennial users in exchange for being able to track their phone and web activity. Apple said that the app’s consumer distribution was done in breach of the iPhone giant’s enterprise developer policies. Earlier this year Facebook’s Onavo Protect app was also barred from Apple’s App Store. It was a similar case: Onavo Protect is a mobile VPN app that encrypts users’ personal information and monitors their data to help customers manage their mobile data usage and limit apps that use lots of data. However, the app was reporting to Facebook when a user’s screen was on or off as well as its cellular data usage. As such, Apple said that the app violated its data policies. Aside from privacy ramifications, the third-party SDK move also fits in with Apple’s pledge to make Shazam ad-free – a plan it announced during the acquisition. Shazam has been downloaded over 1 billion times around the world and is used over 20 million times every day, according to Apple; that’s a vast install base that could fit perfectly into the Cupertino giant’s vertically integrated content strategy. Its ability to allow a user to “listen” to a song that’s playing for a few seconds before returning the track and the artist could be a valuable driver of Apple Music downloads, for instance. Threatpost reached out to Apple and will update this post with any comments. Interested in learning more about mobile security threats and best practices? Don’t miss our free Threatpost webinar on Feb. 27 at 2 p.m. ET. Join Threatpost senior editor Tara Seals, Patrick Hevesi of Gartner; Mike Burr of Google Android; and David Richardson from Lookout. They’ll discuss the top evolving threats and risks that are unique to this work-from-anywhere environment; best practices for addressing them; and new challenges on the horizon.

Source

image
Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research report that highlights how a local adversary can crack open and steal passwords stored by the utilities. The uproar began Tuesday when lead researcher, Adrian Bednarek with Independent Security Evaluators (ISE), published findings that demonstrated how someone could pluck clear text passwords associated with the utilities from the memory of Windows 10 systems. “It is evident that attempts are made to scrub and sensitive memory in all password managers. However, each password manager fails in implementing proper secrets sanitization for various reasons,” Bednarek wrote in his research report. The issue with the password managers (1Password, Dashlane, KeePass and LastPass) at the time of testing was that each of the utilities stored either the master password or individual credentials on insecure memory on the PC. This could allow a local adversary or a remote attacker, who compromised the system, to obtain passwords maintained by the utilities. The one exception, researchers note, is when the password managers are not in use. “All password managers we examined sufficiently secured user secrets while in a ‘not running’ state. That is, if a password database were to be extracted from disk and if a strong master password was used, then brute forcing of a password manager would be computationally prohibitive,” Team ISE explained. For ISE, this was far from a deal breaker when it came to using the password management utilities. Instead, researchers encouraged people to use the password managers. But at the same time, they also advocated that password manager firms tighten up their application memory management. “First and foremost, password managers are a good thing. All password managers we have examined add value to the security posture of secrets management,” researchers wrote. Dashlane Responds The password manager firms, which are used by an estimated 60 million users and 93,000 businesses, each took issue with the study for different reasons. Emmanuel Schalit, CEO of Dashlane, said the research was too narrowly focused on specific conditions that were “a very standard theoretical scenario in the world of security.” He continued; “This is not limited to Windows 10 but applies to any operating system and digital device connected to the internet.” In a statement Schalit said: “We respectfully disagree with the researcher’s claim that this can be truly fixed by Dashlane, or anyone for that matter. Once the operating system or device is compromised, an attacker will end up having access to anything on the device and there is no way to effectively prevent it. There are solutions that amount to ‘putting the information under the rug’ but any attacker sufficiently sophisticated enough to remotely take control of the user’s device would go around these solutions very easily.” LastPass Defends Itself Sandor Palfy, CTO at LastPass explained in a public statement that the vulnerability highlighted by ISE was present in a “legacy” Windows Application that accounted for less than 0.2 percent of LastPass usage. He said that the LastPass password manager has already received an update to “mitigate and minimize” risk, according to the company. “To mitigate risk of compromise while LastPass for Applications is in a locked state, LastPass for Applications will now shut down the application when the user logs out, clearing the memory and not leaving anything behind,” Palfy said. 1Password Pushes Back 1Password’s Jeffrey Goldberg, who goes by the title Chief Defender Against the Dark Arts, said the secure memory management issue is well known and has been “publicly discussed many times before, but any plausible cure may be worse than the disease.” Goldberg’s public statement continued: “Fixing this particular problem introduces new, greater security risks, and so we have chosen to stick with the security afforded by high-level memory management, even if it means that we cannot clear memory instantly. Long term, we may not need to make such a tradeoff. But given the tools and technologies at our disposal, we have had to make a decision as to how best to keep our users secure. I stand by our decision. The realistic threat from this issue is limited. An attacker who is in a position to exploit this information in memory is already in a very powerful position. No password manager (or anything else) can promise to run securely on a compromised computer.” KeePass Weighs In KeePass told security publication ZDNet that what ISE found was a “well-known and documented” limitation of “process memory protection.” In fact, that’s verbatim what the company said last September when ISE brought up the issue in KeePass’ bug reporting forum. The company pointed to its own security guidelines: “For some operations, KeePass must make sensitive data available unencryptedly in the process memory. For example, in order to show a password in the standard list view control provided by Windows, KeePass must supply the cell content (the password) as unencrypted string (unless hiding using asterisks is enabled),” according to KeePass.

Source

image
GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum reward amount for critical vulnerabilities. The change comes after GitHub said it paid out a grand total of $165,000 to researchers who found vulnerabilities in its products in 2018. “Over the past five years, we have been continuously impressed by the hard work and ingenuity of our researchers,” said GitHub’s Phil Turnbull, in a post. “We’re happy to share some of our highlights from the past year and introduce some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards and increased reward amounts.” GitHub said that it has increased rewards so that critical bugs now earn researchers between $20,000 and $30,000 – but there is no cap on these types of bugs, so the company could “reward significantly more for truly cutting-edge research.” Critical bugs “present a direct and immediate risk to a broad array of our users or to GitHub itself;” this includes flaws like arbitrary code/command execution on a GitHub server, arbitrary SQL queries on the GitHub production database, a bypass of the GitHub login process, access to sensitive production user data or access to internal production systems. Meanwhile “high”-severity flaws can bring in between $10,000 to $20,000 in bounties. Below is a full breakdown of the flaws’ payouts: Meanwhile, the scope of products that can earn bounties have increased as well: “We’re excited to share that we are now increasing our bounty scope to reward vulnerabilities in all first-party services hosted under our github.com domain,” said GitHub. As before, products like GitHub.com, the GitHub API and GitHub CSP are in scope; but now, more products, like GitHub Education (GitHub’s tools to help educators work more effectively in the classroom), GitHub Learning Lab (a GitHub learning app), GitHub Jobs (a job posting app for open software development positions),and the GitHub Desktop application (an open-source app for working with GitHub.com or a GitHub Enterprise account) have been added to the program. GitHub now also offers bounties for vulnerabilities in first-party services under the employee-facing githubapp.com and github.net domains. GitHub has also expanded the scope of its enterprise products bounties, which previously included Enterprise Server since 2016, to now also include Enterprise Cloud. Safe-Harbor Changes Finally, GitHub is adopting a set of legal safe-harbor terms to its policies. Safe-harbor terms are conditions clearly outlining how researchers, who are acting in good faith, can report bugs without facing legal repercussions. GitHub’s version specifically mandates that research activity remains protected and authorized – even if researchers accidentally overstep the bounty program’s parameters. “Our safe harbor now includes a firm commitment not to pursue civil or criminal legal action, or support any prosecution or civil action by others, for participants’ bounty-program research activities,” GitHub said. “You remain protected even for good-faith violations of the bounty policy.” In addition, GitHub said it will do its best to protect researchers against legal risk from third parties who don’t have the same level of safe-harbor terms in place; and researchers won’t be violating site terms if it is specifically for bounty research. “In creating these terms, we aim to go beyond the current standards for safe-harbor programs and provide researchers with the best protection from criminal, civil and third-party legal risks,” GitHub said.

Source

image
As the May elections for European Parliament loom, Russia-linked APT groups are amping up their efforts to target journalists, think-tanks, non-governmental organizations and other members of civil society, according to Microsoft. The tech giant said on Tuesday that it has observed a recent series of attacks on organizations “working on topics related to democracy, electoral integrity and public policy and that are often in contact with government officials,” including campaigns targeting employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund. “Everything we do as an organization, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values,” The German Marshall Fund said in a statement on Tuesday. “The announcement serves as a reminder that the assault on these values is real and relentless.” Microsoft’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) observed hacking efforts in the last quarter of 2018 targeting 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania and Serbia. According to Microsoft executive Tom Burt, “we are confident that many of [the attacks] originated from a group we call Strontium.” Strontium, a.k.a. APT 48, Fancy Bear, Pawn Storm, Sednit or Sofacy,, is known for hacking the Democratic National Committee and other targets during the 2016 presidential election in the U.S.; for hacking and disinformation attacks during the French and German presidential elections in 2017; hacking Republican think-tanks and spreading fake social media sites leading up to the U.S. midterm elections in 2018; and a range of other espionage and influence campaigns related to sowing chaos and discord into democratic processes. European leaders have recently warned that such attacks will continue across Europe in 2019, particularly as hundreds of millions of E.U. citizens prepare to head to the polls to select a new Parliament (something that happens once every five years); and ahead of several key national elections, including in Belgium, Finland, Ireland and Spain. “There is no doubt that Russia will be a major malign actor,” NATO Secretary-General Anders Fogh Rasmussen told POLITICO at the Munich Security Conference last week, warning that doctored videos and audio recordings will likely be a key tactic used to spread disinformation. He added that it’s possible that other APT groups, including from China or Iran, are taking pages from the Fancy Bear playbook: “It’s not an ideological war from Russia, it’s not a left-wing or right-wing oriented campaign, but the campaign aims at undermining trust and confidence and initiates chaos and instability.” For its part, Microsoft has seen European-targeting APT efforts being aimed at espionage. “Consistent with campaigns against similar U.S.-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate. These spearphishing campaigns aim to gain access to employee credentials and deliver malware,” Burt noted in the blog post. “The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.” Russian officials have denied that Moscow had any role in the hacking attempts. According to CrowdStrike’s 2019 Global Threat Report, Russian-speaking APTs continue to make strides in terms of their effectiveness. Groups like Fancy Bear for instance have an average “breakout” time of just over 18 minutes to go from initial compromise to the attacker’s first lateral movement within the network. That’s almost eight times faster than second-ranked North Korea-linked threats (Lazarus Group/Chollima, for instance), which had a collective average time of two hours and 20 minutes. Overall, Crowdstrike expects nation-state activity to ramp up in 2019. “In 2019, targeted intrusion adversaries will continue to conduct campaigns as part of their nation-state’s national strategies,” according to the report. “China, Russia, Iran and the DPRK are seeking geopolitical prominence, both in their respective regions and internationally, and they will use their cyber-capabilities to attain and maintain situational awareness of their neighbors and rivals. Entities in the government, defense, think tank and NGO sectors will continue to be the targets of these operations. These intrusions will likely be supported by the targeting of upstream providers in the telecommunications and technology (particularly managed service providers) sectors, and may include supply-chain compromises.” Tom Kellermann, chief cybersecurity officer for Carbon Black and global fellow for Cyber Policy at the Wilson Center, said in a media statement that think-tanks in particular are attractive targets for the politically minded. “Think-tanks are considered the ivory towers of policymakers, as their boards often comprise CEOs and former politicians,” he said. “Additionally, most public policy issues are researched and corresponding strategies are developed by think tanks. There are only a handful of non-partisan think tanks. As the Global Fellow for Cyber Policy at the Wilson Center, I’ve found that, for years, the Russians and Chinese have not only hacked think tanks but they have turned them into watering holes to pollute those who download their reports. Putin’s bellicose speech stated he would no longer knock on doors that were shut, which served as a warning that was preceded by cyber-intrusions targeting European and American think tanks and politicians.”

Source

image
By Waqas Download Kali Linux 2019.1 now! – This is the first major update for Kali Linux ever since version 4.0 was released in 2011. Kali Linux is one of the most popular Debian-based Linux distribution for advanced Penetration Testing and that is why the InfoSec community eagerly waits for its new versions. So wait no more and download Kali Linux […] This is a post from HackRead.com Read the original post: Download Kali Linux 2019.1 with Metasploit 5.0

Source