security

privacy, security November 27, 2017

Chrome will distrust SSL certificates generated by Symantec

I reviewed the headers of my IT Security News website https://www.itsecuritynews.info/ in order to add HSTS. This is what I can see in the headers.   The certificate used to load https://www.itsecuritynews.info/ uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.   Source: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html Checking the article, I see some disturbing news:   Information For Site Operators Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released to Chrome Beta users on March 15, 2018 and to Chrome Stable users around April 17, 2018. If you are a site operator with a certificate issued by a Symantec CA prior to June 1, 2016, then prior to the release of Chrome 66, you will need to replace the existing certificate with a new certificate from any Certificate Authority trusted by Chrome. Additionally, by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome.     Strato…

security, Spam & Phishing October 27, 2017

Targeted Phishing against Strato.de

We have ta lot of phishing attempts in German against Strato.de:   Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Diese Art von Fehlern zeigt normalerweise an, dass die Kreditkarte abgelaufen ist oder Ihre Rechnungsadresse ist ungültig. Klicken Sie auf den folgenden Link, um Ihre Informationen zu aktualisieren: https://www.strato.de/apps/CustomerService#/skl Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. www.strato.de ___________________________   Subject:Du hast eine Schuld von 5,00 € Strato Kundendienst BP 438 – 75366 Berlin CEDEX 08 Germaney Sehr geehrter Kunde, Du hast eine Schuld von 5,00 € Ein Betrag von 5,00 € ist für die Erneuerung Ihrer Dienstleistungen fällig. Informationen : Um die Unterbrechung Ihrer Strato-Dienste zu vermeiden, möchten wir Sie bitten, Ihre Situation so schnell wie möglich zu regeln und Ihre Zahlung per Kreditkarte 24/7 zu tätigen. Greifen Sie auf Ihr Zahlungsformular zu. Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. www.strato.de ___________________________     They are using shorteners at http://t.co  

automotive, News, security October 26, 2017

Cybersecurity Engineering in the Automotive industry

A lot is happening in the Automotive industry these days. It has to do with connectivity, autonomous driving, autonomous parking, and so on. All these have one thing in common: they are producing extremely large amounts of data which needs to be processed in the backend by very powerful computers. When we talk connectivity, we MUST talk about cybersecurity.   This is why the Automotive industry has started to take this very seriously: We have the  ISO/SAE AWI 21434 : Road Vehicles — Cybersecurity engineering which is in the preparation stage We have the European Automobile Manufacturers’ Association (ACEA) who have released the “Principles of Automobile Cybersecurity“ ACEA represents currently the 15 Europe-based car, van, truck and bus manufacturers (Source): BMW Group, DAF Trucks, Daimler, Fiat Chrysler Automobiles, Ford of Europe, Hyundai Motor Europe, Iveco, Jaguar Land Rover, Opel Group, PSA Group, Renault Group, Toyota Motor Europe, Volkswagen Group, Volvo Cars, and Volvo Group ACEA and its members have identified a set of six key principles to enhance the protection of connected and automated vehicles against cyber threats. 1. Cultivating a cybersecurity culture 2. Adopting a cybersecurity life cycle for vehicle development 3. Assessing security functions through testing phases: self-auditing & testing 4. Managing a…

antivirus, security, Spam & Phishing August 18, 2017

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations which have nothing to do with the company.   The interesting part here is that the email is made to look as if I send the first email and this “Cameron” is replying to my email. This is social engineering to its best. Avira will block the content as W2000M/Dldr.Agent.CG and the URLs.  

security August 14, 2017

Experiment started: HTTPS for ITSecurityNews.info

The Internet is telling everyone to switch to HTTPS for various reasons: better security better SEO from the search engines (read: Google) others While I agree with most of the reasons, I think that it is not really necessary for a read-only news portal to have HTTPS. It is no secret transferred, no login, nothing… Just text and links. And Ads… 🙂 So, my hosting provider Strato is giving me a free SSL certificate. After a long thinking and testing, I activated it for ItSecurityNews.info. From now on, you’ll be redirected to the HTTPS://ItSecurityNews.info even if you just type ItSecurityNews.info or http://www.ItSecurityNews.info   Let’s see how much visitors this brings … or takes.

News, security August 3, 2017

Security for free, update after 4 years

About 4 years ago, while I was working at Avira,  I wrote this article for (ISC)2’s blog. Security “for free”? I wrote back then about how to cover all attack vectors for malware. I also wrote about the hidden costs, which many people tend to ignore. These costs are not acquisition costs. They are even not easily visible. I concluded, that it is possible to achieve a decent degree of security without any acquisition costs. However, there are drawbacks and there are hidden maintenance costs. For those who are interested in having software that works for them and not the other way around, it is advisable to get a paid security solution that covers all the relevant attack vectors and offers a decent quality of service.   I am very proud to say that I would not change anything in that article, even back then I could have been biased by working for Avira, one of the major players in this space. I guess that this is what makes one a professional.   Four years later In these four years, AVG, one of the major players in Free AV field was acquired by Avast. Malware Bytes became a major player…

privacy, security June 29, 2017

Lack of security made simple: Casual Insecurity

I am travelling quite a lot because of my job, working with Avira’s customers to integrate their OEM Technologies. For this reason, I am very often in hotels and airports. Almost everywhere these days, I can find free WiFis: wireless networks with free of charge access. We all know that accessing resources through free WiFis is not the best ideas. Especially, if these networks do not have any kind of password set.   This is how I think that the Lack of Security is made so simple: offer something everybody needs for free and make that as unsecure as possible. Maybe at the beginning it is going to be few which don’t access the free unprotected wifi. But in time, everybody will think that it is absolutely normal that a WiFi is supposed to be free and unprotected. And this is how you convert masses of people to lower their security expectations. I call this concept: “Casual insecurity”.   Read here in my free eBook how to “Improve your security“.  

antivirus, security May 22, 2017

WannaCry Ransomware – Executive summary

If you want news from the IT Security industry, please check IT Security News here: http://www.itsecuritynews.info/?s=WannaCry This is my summary, inspired from various sources on the web mentioned in the Sources (see at the end).   The ransomware Wannacry has infected systems across the globe and has been the topic of discussion among security professionals for quite some days now. The WannaCry ransomware attack – 5 things you need to know A ransomware attack of “unprecedented level” (Europol) started spreading WannaCry ransomware around the world on Friday, May 12, 2017, around 11 AM ET/3PM GMT. Until now, hundreds of thousands of Windows-running computers in 99 countries have been affected, with the highest numbers of infections in Russia, Ukraine, India and Taiwan. Cyber criminals are using the EternalBlue exploit released by The Shadow Brokers on April 14, 2017. This exploit was patched a month before that, when Microsoft issued a critical security update (Microsoft Security Bulletin MS17-010). The reason why this particular campaign became so extensive is because it exploits a vulnerability in Windows SMBv1 and SMBv2 to move laterally within networks and infect other computers. If you haven’t installed the updates and are running a vulnerable operating system (see list below), even…

General, security February 7, 2017

Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of http://sorinmustaca.com/, Google has detected that your site is currently running WordPress 4.7.0 or 4.7.1, an older version of WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible. Following are one or more example URLs where we found pages that have outdated software. The list is not exhaustive. http://www.sorinmustaca.com/set-up-an-ad-filter-with-privoxy-on-raspberry-pi-for-free/ Recommended Actions: 1 Update to the latest release of WordPress Visit the WordPress site for instructions on how to download and install the latest release. WordPress Update…

%d bloggers like this: