Cyber Advisors Blog

In the Know - Cyber Security Update - Week of August 27th-September 3rd

Posted by Eric Brown on Sep 5, 2017 7:42:32 AM
St. Jude pacemakers get a patch, your Amazon wishlist could be exposed to anyone who knows your email address, security researchers deconstruct a gift card attack, yet another unsecured Amazon S3 bucket exposes millions of records, and Google reminds site administrators the next version of Chrome will warn visitors if a site isn’t protected with an SSL certificate.


1.  
465,000 St. Jude pacemakers to receive a critical patch - a year after a vulnerability was discovered 

A critical flaw in the code of St. Jude, now Abbot, pace makers manufactured before August 28th 2017 allows, would be, attackers the ability to gain access and control the device from up to 50 feet away.

The attacker could issue commands to change the way the device functions or cause it to stop functioning all together.

A year ago (8/26/16) security researchers partnered with an investment firm and published this information.   The investment firm drew ire for shorting the stock, but believed that publishing was the only way to get St. Jude to take action, and that the people who had these devices inside their bodies had a right to know.

Read More

Topics: Cyber Security

Joe's Links: Appreciation of great customer service and value added sales people

Posted by Joe Moline on Sep 1, 2017 8:19:32 AM

The internet is cram packed full of people complaining about their customer experiences, but I wanted to take a moment to share a story about an excellent customer service experience I encounter every time I visit.  This past week I got my oil changed and new tires put on my vehicle at my favorite place Youngtedt’s in Maple Grove.   

Read More

Topics: Off Topic/Fun

In the Know - Cyber Security Update - Week of August 20th-August 27th

Posted by Eric Brown on Aug 28, 2017 8:19:01 AM

Google removes 500 apps from the Play marketplace due to Trojan horse style spyware, iPhone 7/7Plus hacked, Facebook messenger spreads malware, another Amazon S3 bucket left open, this time exposing 1.8M Chicago voter records. And thousands of IoT device IP address and passwords exposed on Pastebin.

 

 

Read More

Topics: Cyber Security

Joe's Links: Corporate golf and the perfect scramble team

Posted by Joe Moline on Aug 25, 2017 3:45:05 PM

Easily one of my favorite days of work each year is our annual customer appreciation event, which we hold at Rush Creek Golf Club.  For 11 years now we have used this as an opportunity to thank our loyal customers.  A customer appreciation golf event allows us to spend more than the usual time with our clients while enjoying fun day at an outstanding venue like Rush Creek.  We receive fantastic feedback from our clients and they look forward to the event each year.

Read More

Topics: Off Topic/Fun

In the Know - Cyber Security Update - Week of August 13th - August 20th

Posted by Eric Brown on Aug 20, 2017 9:25:31 PM

Two of the articles this week deviate from cyber security, however, they are topical and relevant to painting a larger ‘buyer beware’ theme.  Malicious actors sell counterfeit eclipse viewing glasses, Roomba's map your house (potentially for the highest bidder), embedded ultrasonic signals played through a TV can allow malicious actors to track your movement, DJI plans to remove a Trojan from its ‘Go’ app, and shared smartphone application libraries libraries expose content to hackers.

Read More

Topics: Education

Floyd Mayweather, Peanut Allergy and Solar Eclipse

Posted by Joe Moline on Aug 18, 2017 8:19:35 AM

We are about to see something that we have not and will not see again in our lifetime.  Well, maybe you can say that about a lot of things that are going on lately in the news, but I am referring to the solar eclipse.  Here is an article on what you need to know.  Most interestingly is that “the tiny of town of Carbondale, Illinois, will be treated to the longest eclipse duration - about two minutes and 41 seconds of total darkness.”

Read More

Topics: Off Topic/Fun

In the Know - Cyber Security Update - Week of August 7th - August 13th

Posted by Eric Brown on Aug 14, 2017 7:08:52 AM

User targeted malware picks up this week – the latest variant of ransomware-as-a-service, Cerber, steals bitcoin, and browser passwords before encrypting systems.  Free is not always free, Hotspotshield Free VPN is in some hot water as researchers discover that ads and tracking data is injected into its users’ browsing streams.  NIST (National Institute of Standards and Technology) releases new password guidelines – It says previous guidance of frequent changes and random numbers and characters leads to weaker passwords.  The international SMS messaging app SMS Touch compromises its users by sending authentication data and conversations in the clear.  And researchers discover thousands of Android apps are spying on their users.

1.  Cerber Malware gets more malicious
Cerber a popular ransomware of 2016, in part due to its Ransomware–as-a-service operating model where the author of the ransomware receives 40% of the ransom, and the distributor receives 60%, is back in the news.  The latest Cerber variant scans systems for cryptocurrency wallets, and attempts to steal the coins before encrypting the system.

Read More

Topics: Education

Dell EMC Data Protection with AWS

Posted by Katie McDonald on Aug 8, 2017 10:44:57 AM

On August 30th, Dell EMC is kicking off the first of several webinars regarding Dell EMC Data Protection solutions for Public Cloud. This webinar is specifically focused on AWS and “ IN CLOUD” data protection. Speakers include; Isaiah Weiner, Sr. Manager, Solutions Architecture at AWS who will cover the value Dell EMC has created with our built for cloud scale architecture and Pat O’Brien, Offering Manager from DXC Technologies, who will talk about how they use our solution for their customers and why they see real value in what Dell EMC has created.  

Read More

Topics: Insider

In the Know - Cyber Security Update - Week of July 30th - August 6th

Posted by Eric Brown on Aug 6, 2017 5:19:07 PM

Latest Windows SMB flaw (SMBLoris) compromises all versions of Windows from Windows 2000 to Windows 10.  A big week for phishing - Copyfish Chrome Extension compromised by phishing, Whitehouse execs phiished by “prankster”, Germany reports sophisticated spearphishing, Nissan expired domain allows attackers to collect live telemetry data from cars.

1. SMBLoris – latest SMB (internet protocol) flaw in Windows remains unpatched
SMBLoris effects all versions of the SMB protocol going back to Windows 2000.  This SMB vulnerability is executed when SMBLoris opens an SMB connection and requests a buffer of 128kb (maximum size allowed).  Alone 128kb isn’t much, but since a single attacking address can request 65,535 connections, (one for each source port), it can buffer 8GB of memory.  Multiply this by a few source addresses and memory will be filled quite quickly.  These requests allocate memory in physical RAM without allowing it to be paged in swap space.   This puts the CPU in a loop where it is scanning for additional free memory without cycles to do anything else.  The system will completely freeze without blue screening as it doesn’t even have the time to produce one.

The flaw was privately reported to Microsoft in early June, but the company considered it to be of moderate impact and does not consider it to be a security breach. In addition, it would probably not even be fixed.  Instead Microsoft recommends blocking access from the internet to SMBv1. 

Two researchers Sean Dillon and Zach Harding discovered the exploit while researching EternalBlue. The vulnerability affects every version of the SMB protocol and every Windows version dating back to Windows 2000. The research team demonstrated how they could take down a 128GB server using only a Raspberry Pi in under 30 seconds.

Attackers were able to connect to the IoT device, compromise one of these sensors and move to other vulnerable areas of the casino’s network and send out data. 

Overview:
https://community.rapid7.com/community/infosec/blog/2017/08/03/smbloris-what-you-need-to-know
SMBLoris Attack Demonstration:
https://youtu.be/mPPUv6Y4zHk
SMBLoris Denial of Service Code (in C):
https://packetstormsecurity.com/files/143636/SMBLoris-Denial-Of-Service.html

Read More

Topics: Education

Joe's Breakfast Links Pt. 25

Posted by Joe Moline on Aug 4, 2017 10:44:52 AM

I am a coach for my son's hockey team and at practice this week he skated up to me and said a player from a different team which we share the ice with threw snow in his face. He wanted either advice on how to deal with it or he wanted me to deal with it. I really didn't do either. I just asked him how he dealt with it. 

Read More

Topics: Off Topic/Fun