Xiduo Liu

Manage Cloud Security

November 14, 2019 by Xiduo Liu Leave a Comment

This article outlines some of the biggest challenges providers are facing. One of the biggest divides from the survey results is who owns the responsibility. Is it the customer or is the cloud service provider. There is no one solution fits all, the answer is it depends on the situation. the article also laid out different aspects to consider when choosing a cloud service provider: physical security, compliance, etc.

Creating a responsibility matrix to highlight the roles and responsibilities prior to finalizing any contractual agreements is a great way to fall back onto once an incident has happened, roles and responsibilities are clearly defined.

New Chrome Zero-Day Exploit

November 1, 2019 by Xiduo Liu Leave a Comment

A new zero-day was disclosed by Google on October 31. Update 78.0.3904.87 will start rolling out “over the coming days/weeks” according to Google. The nature of the zero-day and the detail about this vulnerability is not available at this time, according to Google “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.”

With the limited information on this zero-day, Google did confirm it is related to CVE-2019-13720 vulnerability, which was first reported by Kaspersky. You can read more about this zero-day here.

Cyber Attack on Indian Nuclear Plant

October 30, 2019 by Xiduo Liu Leave a Comment

A government-owned entity – the Nuclear Power Corporation of India was one of the victims of the most recent high profile cyber-attacks. According to a statement released by the company, the attack was discovered on September 4, and no plant control systems were affected. “The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. The investigation also confirms that the plant systems are not affected.” According to the article by TNW, the attacks used malware to access the domain controller account that grants access and authenticates requests from other computers in the network.

Some additional information also provided in the article is the data collected by the malware was sent to a mounted drive via SMB and the drive and credential is statically encoded: net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator

Adobe exposed Creative Cloud accounts to the Public

October 25, 2019 by Xiduo Liu Leave a Comment

The latest data breach came from Adobe exposing 7.5 million Creative Cloud accounts to the public via a “vulnerability related to work on one of our prototype environments”. According to Adobe, the misconfigured environment has been shut down and the vulnerability has been addressed.

According to one report, the exposed data included email addresses, the Adobe products they subscribed to, account creation date, subscription, and payment status, local timezone, member ID, time of the last login, and whether they were an Adobe employee.

It is unknown if there has been unauthorized access, and the issue was discovered on 10/19 and Adobe addressed the issue on the same day.

There are no sensitive details like passwords or payment data, but the database is close to 86GB in size. Additional information and screenshots can be found here.

Vulnerability in iTunes and iCloud for Windows

October 16, 2019 by Xiduo Liu Leave a Comment

A zero-day vulnerability in iTunes and iCloud application was discovered by the security company Morphisec here on October 10th, 2019. The article continues to disclose additional technical details on the vulnerability. The vulnerability in the applications will not trigger an antivirus software detection as the software is signed by Apple, and is automatically flagged as okay. The root cause according to the article is known as an unquoted service path, when a developer forgets to surround a file path with quotation marks. “When the bug is in a trusted program — such as one digitally signed by a well-known developer like Apple — attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.”

As of today, Apple has released the patches for iTunes and iCloud for windows to close the security vulnerability.

Hospital Pays to Restore Systems After Ransomware Attack

October 8, 2019 by Xiduo Liu Leave a Comment

This article from the Healthcare IT News highlighted a few topics we touched in this class.

According to the article the attacks were “carried out on Oct. 1 and involved Ryuk ransomware code, a malware that contains several bugs, resulting in damage about one in every eight files that it encrypts.”

According to a report released by Emsisoft, in the first nine months of 2019, at least 621 “government entities, healthcare service providers and school districts, colleges and universities” have been subject to ransomware attacks. Emsisoft also found that 491 of the attacks were on healthcare providers, the security firm warned that attacks on managed services providers (MSPs), are on the rise and that average ransom demands are climbing, encouraged by payouts similar to this one.

The FBI issued a warning on Oct. 2 highlights the ransomware attacks are “becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” the warning also points out that in some cases, even when victims who paid the ransoms were never given a decryption key.

Cybersecurity in Public Schools

October 2, 2019 by Xiduo Liu Leave a Comment

I came across this article in Forbes: It’s Time To Solve K-12’s Cybersecurity Crisis. In this article, the disclosed 160 cybersecurity incidents in K-12 during the summer months of 2019, a 30% rise compares to the year 2018. “47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.” and ” 93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.”

With the limited resources, budget and funding constraints, the numbers and trends in this article come with little surprise. In addition, the article continues to look into the current technology landscape in the school districts, 94% of them have high-speed internet and 82% of them provide students with school funded devices. The trend has been on the rise since 2016.

With all the troubling findings, the article does mention some of the appropriate approaches public schools can take towards resolving the issue, ” this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”

The Power of Social Engineering

September 15, 2019 by Xiduo Liu Leave a Comment

Social engineering and spear-phishing combined with malware and vulnerabilities show us guarding valuable data, systems with technologies are never sufficient. End-user training and cybersecurity awareness programs are equally important.

See the hack just came to light in recent years:

https://cybersguards.com/north-korean-hackers-infiltrate-the-atm-network-in-chile-following-an-interview-with-skype/ (Links to an external site.)

Such hacks would never happen if training and cybersecurity awareness programs are in place and required for all employees.

Thousands of servers infected with new Lilocked (Lilu) ransomware

September 7, 2019 by Xiduo Liu 1 Comment

Continuing with the ransomware discussion with Andrew’s thread.

A new ransomware has been identified:

https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

bleepingcomputer.com/news/security/lilocked-ransomware-actively-targeting-servers-and-web-sites/

It appears the ransomware is targeting servers and encrypting the data located on them. All of the known infected servers are web sites. To make the situation worse for the website owners, their site and the encrypted files is Google searchable with the search string: intitle:”index of” “#README.lilocked”