WatchGuard Wire (englisch)

Syndicate content WatchGuard Wire
Updated: 3 hours 5 min ago

Doing Time with Mr. Robot Rewind

Fri, 08/19/2016 - 23:13

Although he tells us that it’s worlds better than this silly scene from NCIS, WatchGuard CTO Corey Nachreiner has a couple of things that he thinks could have been more hackurate in this episode of his Mr. Robot Rewind column. We also FINALLY learned what happened to Tyrell Wellick… or did we?  As always, the column […]

Read More - Doing Time with Mr. Robot Rewind

Categories: Sicherheit News

Looking for Your Daily Security Byte Fix? We’ve got you covered!

Thu, 08/18/2016 - 22:24

Missing your Daily Security Bytes? Never fear – we’ve got suggestions for what to watch to get you through this brief hiatus, #TBT style. They may not be very old, but they are definitely posts you don’t want to miss. Beware Random USB Sticks: Believe it or not, this is actually a thing. It feels like a […]

Read More - Looking for Your Daily Security Byte Fix? We’ve got you covered!

Categories: Sicherheit News

Three times cybercriminals weren’t expecting vigilant “victims” to hack back

Thu, 08/18/2016 - 00:14

With the prevalence of cyber scams and phishing schemes, it was only a matter of time before the bad actors ran into the wrong people on the other end of the keyboard. Here are a few examples of how would-be victims turned the tables on fraudsters and why everyone should operate with vigilance and suspicion […]

Read More - Three times cybercriminals weren’t expecting vigilant “victims” to hack back

Categories: Sicherheit News

NSA Equation Group Exploit Leak, What Does It Mean to You?

Wed, 08/17/2016 - 02:28

On Saturday, a hacking group calling themselves “The Shadow Brokers” announced via Twitter that they successfully hacked into the server of an NSA-backed group and dumped all of their exploit tools. The Shadow Brokers published a small set of tools openly and started an auction for the remainder, advertising the public release of more files […]

Read More - NSA Equation Group Exploit Leak, What Does It Mean to You?

Categories: Sicherheit News

Hackurately Enslaving the FBI in Mr. Robot Rewind

Fri, 08/12/2016 - 22:43

The Mr. Robot team is back in full cyberheist mode, complete with period accurate flashbacks and Darlene incognito. Some of Corey Nachreiner’s hackuracy concerns from his Mr. Robot Rewind column in Geekwire last week were put to rest in this week’s episode.  The post, as always, has lots of spoilers… so go watch the show […]

Read More - Hackurately Enslaving the FBI in Mr. Robot Rewind

Categories: Sicherheit News

Houston Family’s Webcam Hacked, Tips to Protect Your Home or Business

Fri, 08/12/2016 - 00:00

Webcam hacks aren’t new, but they are still super creepy, and particularly so when children are involved. A mother in Houston recently set up a webcam in her daughter’s room as a safety measure, but instead learned the camera had been hacked and was broadcasting to the internet. While we don’t know with full certainty, […]

Read More - Houston Family’s Webcam Hacked, Tips to Protect Your Home or Business

Categories: Sicherheit News

Bloodhound Pen-test Tool – Daily Security Byte

Thu, 08/11/2016 - 17:36

Penetration testers (pen-testers) have long exploited various Windows authentication issues (pass the hash, Mimkatz, etc.) to elevate their privileges, and laterally move in a Windows network. In fact, they often leverage these tricks to eventually get to a Domain Administrator’s credentials. However, doing this used to be a very manual, trial-by-error process. Today’s video covers […]

Read More - Bloodhound Pen-test Tool – Daily Security Byte

Categories: Sicherheit News

DefCon Researcher Details Security Flaws in Bluetooth Locks

Wed, 08/10/2016 - 22:54

There are a lot of fascinating findings from Black Hat & DefCon last week, but this one might make you want to change your Bluetooth locks. Researcher Anthony Rose was testing his Bluetooth range-finding setup in his neighborhood, and was not only surprised to see Bluetooth locks popping up, but as he told Engadget, “I discovered […]

Read More - DefCon Researcher Details Security Flaws in Bluetooth Locks

Categories: Sicherheit News

Lessons from Blackhat 2016 – Investigating DDoS-as-a-Service

Wed, 08/10/2016 - 19:59

Last week at the Blackhat and DEFCON security conferences in Las Vegas, I had the privilege of attending several presentations by some brilliant information security researchers. My next few editorials will cover my favorite presentations and what we all can learn from them. Last Thursday at Blackhat, FBI special agent Elliot Peterson and Andre Correa, […]

Read More - Lessons from Blackhat 2016 – Investigating DDoS-as-a-Service

Categories: Sicherheit News

Password Sharing Illegal? – Daily Security Byte EP. 288

Tue, 07/12/2016 - 17:51

In general, security experts like me are against sharing passwords, even among family and friends. Sure, we can all think of cases where sharing passwords with family might be useful, but why not just setup privileged accounts for those family members?

However, today’s episode isn’t about whether or not password sharing is a risk, it’s about whether or not it’s even legal at all. A US appeals court made a ruling on a case recently, basing their decision on the Computer Fraud and Abuse Act (CFAA). The EFF thinks it’s a dangerous ruling, that would have a far-reaching affect on the legality of password sharing. Watch Monday’s video to learn what I think. 

(Episode Runtime: 4:46

Direct YouTube Link: https://www.youtube.com/watch?v=K1vpqFdTe7A

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Backdoor in Pokemon Go – Daily Security Byte EP. 287

Mon, 07/11/2016 - 19:23

To keep Friday’s story fun, I covered an incident that involves both gaming and infosec. Attackers have already created a malicious version of the popular Pokemon Go app. If you’re an Android user trying to download Pokemon Go from non-official sources, this story is no joke. Watch below to learn more.

(Episode Runtime: 3:16

Direct YouTube Link: https://www.youtube.com/watch?v=Kt54wJ3gpsY

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Fitbits Hack ATMs? – Daily Security Byte EP. 286

Fri, 07/08/2016 - 17:03

University researchers have shown how you can use the various tracking sensors in wearable devices to recover keypad passwords of their owners. Article headlines suggest attackers might user this to steal your bank PIN. Is this threat real, or science fiction? The answer is a mix of both. Watch below to learn more. 

(Episode Runtime: 5:12

Direct YouTube Link: https://www.youtube.com/watch?v=N4yiI52Pxy4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Watch Out for HummingBad Android Malware

Thu, 07/07/2016 - 17:54

Security researchers at Check Point released their findings about HummingBad this week (pdf), after a five-month long analysis of the Android malware campaign. Since first discovered in February 2016, the malware has infected an estimated 10 million Android devices, earning its developer $300,000 a month in revenue from fraudulent ad clicks and app installs. While devices located in China and India make up a comparatively large percentage of infections, western nations like the United States and Mexico still have estimated victim counts of over 250,000 each.

The HummingBad campaign uses drive-by download attacks hosted on adult content sites to initially infect new victims. During infection, the malware attempts to obtain root access on the victim device by exploiting known Android vulnerabilities. If rooting fails, the malware instead creates a fake system update notification to trick users into granting it system-level permissions. During this rooting process, the malware also downloads several malicious components and apps which contain the actual malevolent functionality.

As mentioned earlier, HummingBad’s main intent is to earn revenue through illegitimate ads and fraudulent app installs.  Device events such as booting, locking or unlocking your screen, and changing your network connectivity trigger the malware’s main process, causing it to display illegitimate ads that include a fake “close” button. Whether you click the ad or the “close” button, HummingBad’s developers earn revenue from the click. Throughout this process, the malware blocks you from returning to your home screen, making it very hard to avoid these evil ads.

While you’re inadvertently clicking these evil ads, another HummingBad process forcefully downloads and installs more unwanted applications on your device, helping earn the authors even more illicit revenue from something called “installation referrals”. Google Play includes mechanisms that share “INSTALL_REFERRER” information with app developers. This mechanism allows legitimate app developers to pay commissions whenever a customer buys or installs their app based on someone’s referral. The HummingBad malware includes a sophisticated process injection technique that can subvert the Google Play referral process. It can imitate clicks on the install/buy/accept buttons in the Google Play store, allowing the malware to simulate app installation referrals.  The malicious process also can inject fake International Mobile Station Equipment Identity (IMEI) numbers during app installation, allowing the same app to be installed multiple times on the same device (which generates even more revenue for these criminals).

If forcing your device into an ad zombie wasn’t bad enough, HummingBad’s root capabilities potentially expose it up to even more  foul play. With full system privilege, Attackers could easily leverage the army of HummingBad-infected devices to launch DDoS attacks or simply use its included functionality to load even worse malware onto infected devices.

Interestingly, Check Point’s report connects HummingBad to the Chinese advertisement and analysis company Yingmob—the same firm linked to the Yispecter iOS malware discovered towards the end of 2015. Yingmob applications, both legitimate and malicious, have an estimated installation base of 85 million devices according to the researcher’s findings. I find this very frightening since it puts Yingmob one malicious update away from creating a massive number of infected devices.

There are several steps you should take to protect your Android devices from becoming infected.

  1. First, avoid rooting your device. While rooting can enable beneficial functionality, which is normally locked down by your carrier, it leaves you wide open to malware installed via drive-by download attacks.
  2. Second, always keep your device updated with the latest available patches. By running the latest OS update, you limit the vulnerabilities attackers might exploit to install malware like HummingBad. That said, Google allows carriers to package their own versions of Android, and some carriers don’t use the latest Google Android versions. This means your device’s security may be more dependent on your carrier than the devices itself.
  3. Third, never install applications from unknown sources. By default, Android prevents users from installing applications that aren’t available in the Google Play Store (sideloading). Disabling this prevention leaves you at risk of installing malicious applications like HummingBad.

HummingBad is just the latest in an increasing series of attacks against mobile devices. With an estimated 2 billion smartphones in use worldwide, the incentive for attack is already there. Users need to make sure they are prepared for the incoming onslaught. –Marc Laliberte


Categories: Sicherheit News

July Android Security Update – Daily Security Byte EP. 285

Thu, 07/07/2016 - 17:53

If you use Android devices, it’s time to update. Google released an Android update that fixes hundreds of vulnerabilities, including the Qualcomm chipset flaw that has been in the news lately. Watch today’s video to learn more, and update your Android device when you can. Also, check out Marc Laliberte’s post to learn about HummingBad, a prolific malware variant that’s affecting Android users.

(Episode Runtime: 1:55

Direct YouTube Link: https://www.youtube.com/watch?v=z4B7E8qfbFM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Eleanor Mac Backdoor – Daily Security Byte EP. 284

Wed, 07/06/2016 - 17:46

Many Mac users think they’re immune to malware, but unfortunately that’s untrue. Though Windows malware variants still greatly outweigh Apple ones, Mac malware is starting to appear more regularly. Today’s Byte video covers a new Mac trojan discovered by Bitdefender, and what you can do to avoid it. 

(Episode Runtime: 3:04

Direct YouTube Link: https://www.youtube.com/watch?v=6K4lU6bcQ_w

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

ThinkPwn: UEFI Vulnerability – Daily Security Byte EP. 283

Tue, 07/05/2016 - 22:44

The Unified Extensible Firmware Interface (UEFI) is the new type of firmware that replaces Basic Input/Output System (BIOS) firmware on PCs. Among other new features, UEFI supports security mechanisms like Secure Boot for Windows. Unfortunately, a researcher found a flaw in Lenovo’s UEFI that could allow attackers to bypass this mechanism. Watch the video to learn more. 

(Episode Runtime: 2:21

Direct YouTube Link: https://www.youtube.com/watch?v=jlXtXG8YdKM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Critical Symantec AV Flaws – Daily Security Byte EP. 282

Fri, 07/01/2016 - 21:39

Tavis Ormanday, a well-known security engineer for Google, disclosed a number of critical vulnerabilities in some of Symantec’s endpoint security products. If you use Symantec or Norton’s antivirus (AV), watch the video below to learn how bad these flaws are, and where to find the updates. You can also stick around to hear what I think about vulnerabilities in security products in general. 

(Episode Runtime: 7:13

Direct YouTube Link: https://www.youtube.com/watch?v=gWr_U2iH7-E

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News

Friends Don’t Let Friends Download Malware

Fri, 07/01/2016 - 19:48

Last weekend, a user on the question and answer site Stack Exchange asked for help identifying malware he found distributed via Facebook. He said he received a notification on Facebook, informing him that one of his friends had tagged him in a comment on the site. When the user clicked on the notification link, his browser automatically downloaded an obfuscated JavaScript file. Quick analysis of the JavaScript showed that when executed, it acted as a loader application to download and execute malware.

Another Stack Exchange user provided further analysis of the malicious JavaScript file. This user found that the JavaScript downloaded and installed a Chrome extension, the AutoIt Windows executable, and a few malicious AutoIt scripts. The malware likely creates its tainted Facebook posts using this Chrome Extension to continue infecting other hosts.

Aside from the Chrome extension, the JavaScript loader also included functions to download the AutoIt executable and various AutoIt Scripts. AutoIt is a (usually legitimate) scripting language designed to help IT administrators easily configure large numbers of Windows hosts. In the case of this Malware, the bad guys were using AutoIt scripts to preform ransomware-like behaviors. The scripts themselves were hosted on a compromised website, disguised with .jpg extensions to appear as regular image files without closer inspection.

Luckily, even though this user’s browser automatically downloaded the malicious JavaScript after visiting the notification link, his browser didn’t automatically execute the code. It seems the malware’s author relied on users launching the JavaScript themselves, which would greatly lessen this attack’s success.

In any case, this incident is a great example of why you should never execute unsolicited applications from the Internet. If your browser downloads a file after you click a Facebook notification, it should raise immediate red flags. The user on Stack Exchange did the right thing by investigating the file first and then asking for help from experts.

You should also keep your browser and all of its extensions fully updated with the latest patches. While this attack’s delivery method was relatively unsophisticated, that’s not always the case. A more motivated attacker may have tried to exploit known browser vulnerabilities to auto-execute the malware and compromise the would-be victim’s computer before they even knew what hit them. –Marc Laliberte


Categories: Sicherheit News

Fansmitter Hacks Air Gaps – Daily Security Byte EP. 281

Wed, 06/29/2016 - 19:41

Back-channel attacks, where attackers send information using unusual and hard to spot communication channels, are not new. However, I think they’re cool, if not a bit impractical. In this video, I cover the Fansmitter research from an Israeli University’s Cyber Security team. I don’t think this type of attack will affect you any time soon, but it’s still a fascinating idea. 

(Episode Runtime: 4:14

Direct YouTube Link: https://www.youtube.com/watch?v=i62FCE0ydWA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)


Categories: Sicherheit News