Interesting: AI Can Reveal What’s on Your Screen (sort of)

Hackers can intercept electromagnetic radiation leaking from the cable between your monitor and computer and decode what you are seeing on screen with the help of artificial intelligence. Such attacks are probably taking place in the real world, says the team behind the work, but ordinary computer users have little to worry about...

Federico Larroca at the University of the Republic in Montevideo, Uruguay, and his colleagues have developed an AI model that can reconstruct an image from digital signals that were intercepted a few metres away from an HDMI cable...

Around 30 per cent of characters were misinterpreted by the eavesdropping process, but that is low enough that humans can read most of the text accurately, the team says. This error rate is about 60 per cent lower than the previous state-of-the-art attack, the researchers add. more

One Way Corporate Espionage Spies Cover Their Tracks

Residential proxy IP: The invisible cloak in corporate espionage.
From the IP vendor's ad...

"In the fiercely competitive business battlefield, information is power, and how to obtain and use this information has become a problem that every company needs to face. In this spy war without gunpowder, residential proxy IP is like an invisible cloak, providing strong protection and support for enterprises.

Imagine that you are an intelligence analyst at an emerging technology company, and your task is to collect and analyze the latest developments of competitors so that the company can make more informed decisions. However, the online world is not a smooth road, and your IP address can easily expose your true identity and intentions, making your actions subject to various restrictions. At this time, residential proxy IP is like a capable assistant, helping you to move forward invisibly in this spy war.

Residential proxy IP, as the name suggests, is to use the IP address of an ordinary home network environment for network access. Because these IP addresses come from real home users, they are difficult to identify and track. By using residential proxy IP, enterprises can hide their real IP address and avoid being discovered by competitors or network monitoring agencies. In this way, enterprises can access target websites, crawl data, analyze competitors' strategies, etc. more freely without worrying about being blocked by anti-crawler mechanisms or IP being blocked." more

Under Appreciated Espionage Attach Vector - Computer Repair Shops

If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.

Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information. more

Better Not Lose Your Laptop - A Cautionary Tale

via Dolos Group, LLC 
What can you do with a stolen laptop? 
Can you get access to our internal network?

That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.

We received a Lenovo laptop preconfigured with the standard security stack for this organization. We didn’t get any information about this laptop, no test credentials, no configuration details, no nothing, it was a 100% blackbox test. Once the laptop came in, we opened the shipping box and got to work. After we did our reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) we noted a lot of best practices were being followed, negating many common attacks. For example... more

People need InfoSec tips. People want TikTok-style Sea Shanties...

So Rachel Tobac of Social Proof Security gave the people what they want:
a TikTok-style sea shanty about infosec. more sing-a-long

Spy Chip Detector to Thwart Spy Chip Semiconductors

Toshiba and Japan's Waseda University have teamed up to develop a system that can detect so-called spy chips, tiny intruders in servers that are barely visible to the naked eye or are even incorporated in circuitry.

Spy chips made headlines about two years ago when China allegedly planted the devices into servers, which reportedly reached 30 American companies. The tool, called HTfinder, determines if a semiconductor contains spy chips based on the makeup of the circuits...

Spy chips can be hidden in semiconductors and circuit boards by resembling part of the circuit. The chips can receive signals so that third parties can take control or cause a device to malfunction at any given time. more

Yet Another Air-Gapped Computer Hack

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.

Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel.

Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems. 

These types of techniques are what security researchers call "covert data exfiltration channels." They are not techniques to break into computers, but techniques that can be used to steal data in ways defenders aren't expecting. more

DHS Gives Federal Agencies 24 hours to Patch Critical Microsoft Windows Vulnerability

Our friend in cold country has a hot tip for you!
Thanks, Mike.
--------------------

If you’re running an externally facing Windows DNS server, it should be patched as soon as possible.  It’s probably a good idea to work this patch into your internal patch management cycle as well.

CVE-2020-1350

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

If your DNS is managed by an external IT firm, please feel free to forward this to them.

If you’re not sure, drop me an email or give me a call at (907) 354-4879 (cell).

Thanks,

-Mike.

---

Mike Messick

President, Deep Forest Security Consulting

PO Box 242334

Anchorage, AK. 99524-2334

(907) 334-9090 Office

Data Breach Report: 28% Involved Small Businesses

Almost a third or 28% of data breaches involved small businesses. The data comes from one of the most acclaimed cybersecurity reports in the industry, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).

Currently, in its 13th year, the DBIR is an industry-standard when it comes to gauging the state of cybersecurity around the world...

Click to Enlarge

With small businesses making up 28% of the breaches, owners have to be more proactive in protecting their digital presence. Whether it is an eCommerce site, blog, V-log, podcast, or other digital assets, you have to protect your domain. This not only ensures your data is safe, but it is one more tool you can use to attract new customers; robust security. more

NJCCIC Publishes: Tips for Teleworkers, Remote Access Security

For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans.

For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. For organizations engaging in telework for the first time, defining expectations is a good starting point.

First, create a telework policy that addresses the following:

• The scope of the telework program, roles and responsibilities, eligibility to telework (not all jobs can be performed remotely), 
• work hours and paid time-off, 
• the suitability of the alternate workplace and its related safety requirements, 
• responsibility for equipment and supplies, 
• operating costs and expenses, 
• and requirements for physical and information security. more

Air-Gapped PC Power Supplies Spills the Screens

One of the most secure system arrangements today consists of air-gapped PCs. The reason being their total disconnection from the internet.

In February this year, it was reported that hackers can steal data from air-gapped PC using screen brightness and now the same can be done through their power supply.

Mordechai Guri, a cybersecurity researcher from the Israeli Ben Gurion of the Negev University has conducted an experiment that shows how power supply units (PSUs) can be exploited to extract information from both an air-gapped & audio-gapped computer.

Termed as POWER-SUPPLaY; the malware exploits the PSU using it as an “out-of-band, secondary speaker with limited capabilities”. The data that can be extracted includes different files & information of the user’s keystrokes transmittable up to 1 meters away along with passwords and encryption keys that the attacker could receive with a device that is five meters away from such as a smartphone...

The research does not deal with the question of how the malware will be implemented in the first place. The technique is very clever nonetheless. more

Office Printers: The Ticking IT Time Bomb

Unsecured printers are one of the items on our inspection checklist. Why? Because it is a very common problem. Normally buttoned-up networks put out a hacker welcome mat with just one unsecured printer. ~Kevin

Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.

Hackers haven’t forgotten about printers – not by a long shot. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device, and then laddering up to exploit increasingly sensitive areas.

Furthermore, according to a recent report, foreign governments can also easily conduct industrial espionage by targeting this under-the-radar beachhead into the organizational networks...

Using third parties to continually help identify security risks is a smart course of action for enterprises that are truly serious about security measures. more

Managers: Don’t Rush to Workplace Spyware during Pandemic

A Rutgers organizational psychologist explains ramifications of putting spy software in place.

With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.

Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.

Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first? 
more

500,000 Hacked Zoom Accounts Given Away - Free On The Dark Web

New users have flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. Unfortunately many of those brand new accounts appear to have been secured with old passwords.

The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free.

Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.

Password re-use remains a huge security issue for the general public. Fatigued users feel like they can’t remember yet another password so they set up new accounts using an old stand-by.

The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.
Usernames, email addresses, and passwords have been exposed by the billions over the past several years. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.

Hackers will come knocking. It’s not a question of if. It’s a question of when. more

Spybuster Tip # 053 - Upgrade all your passwords.
Spybuster Tip # 054 - Don't worry about having to remember all your passwords. Use a password vault.

Taiwan Joins Canada & More in Banning Zoom

Taiwan's cabinet has told government agencies to stop using Zoom Video Communications Inc.'s video conferencing app, the latest blow to the company as it battles criticism of its booming platform over privacy and security. more

Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more

New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more 

Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more

New iPad Pro Prevents Eavesdropping or Spying

Apple beefs up iPad Pro security by disabling the microphone when the case is closed, a feature which was previously reserved for the Mac.

Apple introduced a feature with the 2018 MacBook lineup, allowing the microphone to be disabled whenever the display lid was closed. This measure was put in place to prevent eavesdropping, preventing malicious apps to tap into the microphone to gather extra data about you.

Fast forward to 2020 and the feature has come to the new iPad Pro lineup. The way it works is pretty simple - just close the lid of the case on the iPad Pro, which has to be MFi compliant, and the microphone is physically disconnected to prevent any sort of eavesdropping or malicious code from running if iPadOS is compromised in some way. more

Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover

Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

Related

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.
Zoom could not be reached for comment. more


4/15/2020 UPDATE - More top companies ban Zoom following security fears. more

Guest Wi-Fi Access Comes with Risks for Organizations

Reported this week: A convicted sex offender downloaded indecent child images at a hostel where he was staying after using another resident's wi-fi code. more

In this case, a stolen access code was used to gain access. In many organizations the same guest code is given out to all guests. Sometimes it is even posted. Often it is never changed. Once the password is out, there is no telling who will access the system, or when, or for what purpose.

Downloading illegal images is only one of many guest access risks.

While hiding behind a reputable IP address unauthorized and anonymous "guests" can also conduct: drug transactions, video voyeurism, blackmail, financial scams, hacking, and more. The finger points at the organization's network. They might be legally held responsible. And, these are just the outward facing threats. Guest access can also be a pivot point to internal information theft.

Take this 15 second assessment.
Does your organization...

• Provide guest Wi-Fi access?
• Does guest access use the organization's network?
• Is access unencrypted?
• Do all guests use the same password?
• Is the password posted anywhere, as in a conference room?
• If posted, can it be seen from outside with binoculars or a drone?
• Has the password remained the same for over a month? 

If you said yes (and/or not sure) three or more times your organization needs a Wi-Fi Security Analysis.

Legal defense is expensive. Reputational damage is hard to quantify. A proactive professsional analysis is easy. Reduce risk and keep profits where they belong, in the bottom line.

Being Zoom'ed on Zoom has Organizations Worried, or they should be...

...experts warn that a rush to hold virtual meetings through Zoom, which has close to 13m monthly active users, could pose security risks.

The threat is so significant that British Ministry of Defence staff were told this week that the use of Zoom was being suspended with immediate effect while "security implications" were investigated.

The biggest worry is that a sudden reliance on Zoom could allow opportunistic hackers to quietly observe video calls as executives are focused on responding to the spread of coronavirus.

...the idea of strangers barging into virtual meeting rooms should raise alarm. more

Online Zoom classes were disrupted by individuals spewing racist, misogynistic or vulgar content. Experts say professors using Zoom should familiarize themselves with the program's settings. more

 

Mysterious Hacker Group Eavesdropping on Corporate Email & FTP traffic

Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks...

Instead of abusing the device to launch DDoS attacks or re-route traffic as part of a proxy network, the hackers turned into a spy-box...

...researchers didn't speculate why hackers were collecting FTP and email traffic. But speaking to ZDNet over the phone, a security researcher pointed out that this looked like a classic reconnaissance operation...

"It's obvious they're logging traffic to collect login credentials for FTP and email accounts," the researcher told ZDNet. "Those creds are flying unencrypted over the network. They're easy pickings." more