Tag Archives: follow cybersecurity

Must read: The 7 Most Dangerous Technology Trends.

Abstract

1.  AI Cloning 

With the support of artificial intelligence (AI), all that’s needed to create a clone of someone’s voice is just a snippet of audio. Similarly, AI can take several photos or videos of a person and then create an entirely new—cloned—video that appears to be an original.

2.  Drone Swarms 

The British, Chinese, and United States armed forces are testing how interconnected, cooperative drones could be used in military operations.

3.  Spying Smart Home Devices 

For smart home devices to respond to queries and be as useful as possible, they need to be listening and tracking information about you and your regular habits.

4.  Facial Recognition 

There are some incredibly useful applications for facial recognition, but it can just as easily be used for sinister purposes. China stands accused of using facial recognition technology for surveillance and racial profiling.

5.  Ransomware, AI and Bot-enabled Blackmailing and Hacking 

When high-powered technology falls into the wrong hands, it can be very effective to achieve criminal, immoral, and malicious activities. Ransomware, where malware is used to prevent access to a computer system until a ransom is paid, is on the rise according to the Cybersecurity and Infrastructure Security Agency (CISA).

6.  Smart Dust 

Microelectromechanical systems (MEMS), the size of a grain of salt, have sensors, communication mechanisms, autonomous power supplies, and cameras in them. Also called motes, this smart dust has a plethora of positive uses in healthcare, security, and more, but would be frightening to control if used for evil pursuits.

7.  Fake News Bots 

GROVER is one AI system capable of writing a fake news article from nothing more than a headline. AI systems such as GROVER create articles more believable than those written by humans. OpenAI, a nonprofit company backed by Elon Musk, created “deepfakes for text” that produces news stories and works of fiction so good, the organization initially decided not to release the research publicly to prevent dangerous misuse of the technology.

Reference

https://www.forbes.com/sites/bernardmarr/2019/09/23/the-7-most-dangerous-technology-trends-in-2020-everyone-should-know-about/#166c16177780

Top of the cyber news

North Korea Stole $2 Billion for Weapons Program(August 5, 7, & 8, 2019)
 According to a report from Reuters, a confidential UN report says that North Korea has stolen US $2 billion from banks and cryptocurrency exchanges to fund its weapons of mass destruction program. The report to the U.N. Security Council North Korea sanctions committee calls the attacks “widespread and increasingly sophisticated.”
Read more in:
– www.reuters.com
: North Korea took $2 billion in cyberattacks to fund weapons program: U.N. report

Researchers Find Some Back-end Election Systems Are Connected to the Internet

Election security experts have found what they believe to be more than 30 back-end election systems in 10 US states connected to the Internet, some for more than a year. The researchers contacted the jurisdictions and some removed the systems from the Internet, but others did not. Some election officials said their systems were not connected because the vendor had installed the system and the jurisdiction had no oversight in the process.

Read more in:
– www.vice.com
: Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials

Microsoft Researchers Say Russian Hacking Group is Targeting IoT Devices to Access Corporate Networks

Researchers from Microsoft Threat Intelligence Center say that earlier this year, they detected efforts by a hacking group working on behalf of the Russian government to attack IoT devices at companies in an effort to gain access to the companies’ networks and search for accounts with higher privileges. In some instances, the hackers accessed IoT devices using default manufacturer passwords.

Read more in:
– msrc-blog.microsoft.com
: Corporate IoT – a path to intrusion

NSA’s Ghidra Has Been Downloaded More Than Half a Million Times(August 8, 2019)
 The NSA released its Ghidra malware reverse-engineering tool at RSA in March.  Since its release, Ghidra has been downloaded from GitHub more than 500,000 times. Outside developers have been creating new features for Ghidra, and an NSA senior researcher noted that they can now hire people who already know how to use the tool.
Read more in:
– www.axios.com
: NSA’s free malware research tool gains traction, 6 months on

Big cyber news of the week

Capital One Breach

Credit card company Capital One has acknowledged that a data breach has compromised personal information of 100 million US customers and 6 million Canadian customers. The affected data include information collected from customers at the time they applied for credit cards between 2006 and 2019 as well as credit scores, credit limits and balances, and contact information. The FBI has arrested a suspect in the case.

Read more in:
– press.capitalone.com
: Capital One Announces Data Security Incident
– www.zdnet.com: 100 million Americans and 6 million Canadians caught up in Capital One breach

GitHub Blocking Developers in Countries Under US Trade Sanctions.

GitHub has confirmed that it has begun blocking developers in countries that are under US trade sanctions from accessing private repositories and GitHub Marketplace. Developers are finding that their access to their GitHub accounts has been “restricted.” One developer in Crimea found that he was prevented from accessing his GitHub hosted site, existing private repositories and from creating new private repositories. GitHub is imposing the restrictions based on users’ IP addresses and payment histories. Countries facing US trade sanctions include the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria.
Read more in:
– techcrunch.com
: GitHub confirms it has blocked developers in Iran, Syria and Crimea

Ransomware Hits Medical Center and Hospital in Puerto Rico 

Ransomware has infected systems at a medical center and hospital in Puerto Rico. The Bayamón Medical Center and Puerto Rico Women and Children’s Hospital are part of the same organization. The incident affected information of more than 500,000 people. In a July 19 press release, the organization says that it “hired an outside consultant to” help with decryption and recovery.
Read more in:
– www.govinfosecurity.com
: Ransomware Attack Impacts 522,000 Patients in Puerto Rico
– www.bayamon-medical.com: Press Release (JPG)

LAPD Data Breach(July 29, 2019)

 A data breach has compromised personally identifiable information of 2,500 Los Angeles Police Department (LAPD) officers, as well as that of 17,500 people who applied to become LAPD officers.
Read more in:
– www.bleepingcomputer.com
: LAPD Data Breach Exposes Personal Info of Roughly 2.5K Officers
– www.cnet.com: LAPD data breach exposes personal info of 2,500 officers, report says

Database Security: Important security 10 tips for MongoDB

Overview

MongoDB is one of the growing & most adaptive cross-platform document-oriented database program solutions in the market. And, it is a widely used alternative to Relation database. As the popularity of MongoDB going up, The more it is prone to the attackers. In general, Hackers target most used software because in one go they can target multiple organizations with less effort.

Common Database Security modules: At the high level, Database Security professionals check following practices & process:

  • Access control
  • Auditing
  • Authentication
  • Encryption
  • Backups
  • Keep tracking database activities. Auditing.

NOTE: There are many practices to secure the database & each section listed above needs to have a process around. If there isn’t any process around each of them then it would be really hard to investigate the issue when an incident/data breach happens. 

MongoDB Security Top 10 Security guidelines to follow:

1 Enable SSL: Enable security authentication in MongoDB configuration file (mongod.conf)

2 – Strong Password: Do not put Weak password because MongoDB does not provide lockout solution & hackers can try to figure it out the password in many attempts.

3 – Roles based access: Authorize user by the roles. Do not make everyone admin & keep admin access secure & do not share with everyone.

4 User access control: Check excessive privileges given to users. And, check what role a user has & what access should be given to the user.

5 – Secure Replica Set: Add replication key file (MongoDB-key file). This will make sure only who has a replica key can join replica set & also encrypt the transaction between replica sets.

6Regular Backup: Make backup regularly. Keep an updated copy of the data in backup storage.

7Avoid default Configuration: Avoid using standard ports to run MongoDB server in production. Hackers generally scan the servers with standard ports.

8Disable public access: Opening MongoDB host to the public isn’t a good practice. if your application & MongoDB instance running on the same instance, then disable public access to that machine.

9 Avoid default MongoDB Ports: Firewall rules are enabled on MongoDB server & scanning of MongoDB ports are not permitted.

10Do the security Testing: Run the penetration testing & use tools like NMAP & Telnet to check the connection to your MongoDB server

Reference

https://docs.mongodb.com/manual/administration/security-checklist/

Web Security: The important security points in tomcat web application

In this post, I would like to share some of the most important points which I have learned in tomcat security. This isn’t the only list of security points which we should care. My objective is to share what I got to know.

In most of the cases, the default security configuration of tomcat may be adequate, but not when you have eCommerce running on the server & small security implication will have a big impact on your business. Let’s see some of the TO-DO lists to secure tomcat application.

NOTE: Tomcat is not the only defence against cybersecurity threats. There are many other systems, networks, the database needs to be secured.

Non-tomcat security checks:

  • Do not run tomcat server on root user. Create another dedicated user & provide minimum adequate permission to the new user. And, Make sure user should not be able to remotely log on in tomcat server.
  • Have restricted directories. Keep The principle of least privilege in place. Every user should not have access to logs file, process configurations etc.
  • Make sure firewall is configured for the incoming & outgoing connections requests which you expect else deny any other connection request. For instance, proxy servers in load balancing.
  • Keep health check page & internal network tracking of Tomcat applications.

Tomcat server security checks:

  • All default tomcat web apps should be removed. If your web apps named as root then rename it. Root app isn’t safe to use.
  • Enable HTTPS connections even for internal networks which are connecting to the tomcat server un-securely.
  • Disabled tomcat console & default credentials. Some users like to deploy tomcat through the console. 
  • Automatic deployment is easy for deployment, however, it is easy for hackers as well to install a malicious application. Host element has autoDeploy and deployOnStartup. Keep these attributes false.
  • Follow tomcat Securing Management Applications guidelines. 
    • Ensure that any users permitted to access the management application have strong passwords.
    • Do not remove the use of the LockOutRealm which prevents brute force attacks against user passwords.
    • Uncomment the RemoteAddrValve in which limits access to localhost. If remote access is required, limit it to specific IP addresses using this valve. 
  • Disabled the shutdown by setting up port as “-1” or have a strong password in the shutdown process.
  • By default, an HTTP and an AJP connector are configured. Connectors that will not be used should be removed from server.xml.

Web application specific security checks:

  • Restrict POST request & size of the request. An only expected POST request should be allowed.
  • Keep custom error handler & make sure application do not throw big application error & java code in response. It helps hackers to understand the application.
  • Keep validation of every user inputs.
  • Get security testing done before deploying an application in prod.