This tool can help you discover Cisco Smart Install protocol abuse

Credit to Author: Lucian Constantin| Date: Tue, 28 Feb 2017 09:01:00 -0800

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco’s Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client’s startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

To read this article in full or to leave a comment, please click here

Read more

A better security strategy than ‘know your enemy’: Know your co-workers

Credit to Author: Evan Schuman| Date: Tue, 28 Feb 2017 08:51:00 -0800

Cyberthieves today know that it’s better to be sneaky and crafty than forceful. To be even more blunt, they know that it’s better to trick you into doing their work than to break in and do it themselves.

That trickery starts with ever-more-subtle ways to get you to click on an email attachment. A recent attack used an employee accomplice who was to flag any meetings with multiple people and note who was presenting. Within 30 minutes of one meeting’s end, the crooks sent an email attachment to everyone on the original email thread, with fake headers so that it appeared to be from the presenter. The email said, “Sorry, everyone. Here is the updated version of the slides from our 2 PM meeting.” Even an especially security-conscious person could get pulled into clicking on that one. 

To read this article in full or to leave a comment, please click here

Read more

Here’s a new way to prevent cyberattacks on home devices

Credit to Author: Matt Hamblen| Date: Tue, 28 Feb 2017 05:57:00 -0800

BARCELONA — Homeowners worried about cybersecurity attacks on IP-connected devices like lights, baby monitors, home security systems and cameras, will soon be able to take advantage of a $200 network monitoring device called Dojo.

The device was shown at Mobile World Congress here this week and will go on sale online in April. While the Dojo device isn’t intended to provide enterprise-level security, it could be used to help, in a small way, in warding off massive attacks like the one that used the Mirai botnet which took advantage of unsecure, consumer-grade cameras and other devices last October.

To read this article in full or to leave a comment, please click here

Read more

This tiny chip could revolutionize smartphone and IOT security

Credit to Author: Martyn Williams| Date: Tue, 28 Feb 2017 04:43:00 -0800

Engineers at South Korea’s SK Telecom have developed a tiny chip that could help secure communications on a myriad of portable electronics and IOT devices.

The chip is just 5 millimeters square — smaller than a fingernail — and can generate mathematically provable random numbers. Such numbers are the basis for highly-secure encryption systems and producing them in such a small package hasn’t been possible until now.

The chip, on show at this week’s Mobile World Congress in Barcelona, could be in sample production as early as March this year and will cost a few dollars once in commercial production, said Sean Kwak, director at SK Telecom’s quantum technology lab.

To read this article in full or to leave a comment, please click here

Read more

Smart teddy bears involved in a contentious data breach

Credit to Author: Michael Kan| Date: Tue, 28 Feb 2017 05:09:00 -0800

If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys — which can receive and send voice messages from children and parents — have been involved in a data breach involving more than 800,000 user accounts.

The breach, which grabbed headlines on Monday, is raising concerns from security researchers because it may have given hackers access to voice recordings from the toy’s customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked. 

“Were voice recordings stolen? Absolutely not,” said Mark Myers, CEO of the company.

Security researcher Troy Hunt, who tracks data breaches, brought the incident to light on Monday. Hackers appear to have accessed an exposed CloudPets’ database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January, he said in a blog post.

To read this article in full or to leave a comment, please click here

Read more

Decrypting after a Findzip ransomware infection

Credit to Author: Thomas Reed| Date: Tue, 28 Feb 2017 16:00:47 +0000

The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, that’s not quite true.

Categories:

Tags:

(Read more…)

The post Decrypting after a Findzip ransomware infection appeared first on Malwarebytes Labs.

Read more

Takeaways from the 2016 Threat Landscape

Credit to Author: Jon Clay| Date: Tue, 28 Feb 2017 13:00:09 +0000

Every year Trend Micro takes a look back at the threat landscape from the previous year and analyzes the data we receive from our massive customer base around the world and reports on the trends we saw and the key threats that affected the cyber world. In our 2016 security roundup report, A Record Year…

Read more