This Week In Security #8
Security is looking past what you know. With new threats and vulnerabilities found every day we’ll try to give you an organized weekly dose of security news. This is Koda Ops TWIS#8
NIST unveils a Cyber-security self-Assessment Tool
The National Institute of Standards and Technology has issued a draft for a self-assessment tool that’s designed to help enterprises gauge the impact and effectiveness of their internal cyber-security setup. The tool is intended to help organizations ensure that they’re up to par and that their security systems and processes support an enterprise’s larger organizational activities and functions. According to NIST, organizations can use the Baldrige Cybersecurity Excellence Builder to:
- Identify cyber-security-related activities that are critical to business strategy and the delivery of critical services;
- Prioritize investments in managing cyber-security risk;
- Assess the effectiveness and efficiency of using cyber-security standards, guidelines, and practices;
- Evaluate their cyber-security results; and
- Identify priorities for improvement.
ATM malware blamed on hacking gang called “Cobalt”
It’s been a rough year security wise for banks around the world, a security firm has accused a computer criminal collective called the “Cobalt group” for the recent attacks on ATMs in 14 countries, including the Netherlands, Poland, Romania, Russia, Spain, and Britain. Group-IB the security firm that has been researching these attacks has given the hacking group the name “Cobalt” because of their use of Colbalt Strike- a penetration testing tool which was used to gain leverage over banks, infecting their computer and gaining access to servers that controlled the ATM’s. The attack is known as “touchless jackpotting” which essentially allows the hackers to command the ATMs to spit out cash without physically tampering with the machine. Unfortunately, we don’t know a lot about the Cobalt group at this time. Group-IB thinks the group is connected to another computer criminal group called Buhtrap based upon the two collectives’ use of similar tools and techniques. Buhtrap stole 1.8 billion rubles ($28 million) from Russian banks from August 2015 to January 2016. Cobalt’s attacks constitute part of a growing crime wave against financial organizations, If you’re looking to learn more especially about the attacks on SWIFT I’d recommend you give this a watch How to Rob a Bank by Cheryl Biswas a leading analysis in our financial institute’s security problems.
Symantec buys anti-ID fraud firm LifeLock
Symantec, one of the biggest consumer computer security firms in the world, is about to become even bigger with plans to buy LifeLock—an identity-theft protection service. The proposed $2.3 billion deal has been approved by the boards of directors of both companies and is expected to close in the first quarter of 2017, pending regulatory approval. Symantec, which owns the Norton suite of cyber-security software, claimed that the deal will make it the world’s largest consumer-facing online protection outfit.
Recent 0-day emphasizes concern about Linux Security
A recently released exploit makes users of fully patched Fedora and other Linux distros vulnerable to drive-by attacks that can install keyloggers, backdoors and other forms of malware. One of the exploits targets a memory corruption vulnerability in the GStreamer framework that by default ships with many mainstream Linux distros. What makes this 0-day so noteworthy is it’s ability to bypass two systems that make software exploits on Linux harder to carry out by defeating address space layout randomization and data execution prevention. The exploit is mostly of academic interest rather than having immediate practical significance because it has to be extensively rewritten to work on different Linux distributions. Combined with the relatively small number of people who play media files on any distribution of Linux, that means it’s highly unlikely that anyone will actively exploit the vulnerability.
Metasploitable the longstanding king of free Boot-to-Root virtual machines has gotten a new version, Metasploitable3. With the new version, Rapid7 boasts that for the first time Metasplotiable is for people with different skill levels.
Metasploitable2 back then was more of a test environment heavily for Metasploit. It was straight-forward to play, and it didn’t take long to find the right exploit to use, and get a high privileged shell.But you see, we want to make you try a little harder than that
They finally gave it flags! and to make it the very best Rapid7 has to offer they allowed it to be expandable, giving upcoming starts and hardcore hackers a chance to build out an entire network to play with.
This is this week in security I hope you enjoyed reading, please comment below and stay tuned for more TWIS.