150,000 police arrest records lost

Priti Patel, the UK home secretary, is under fire after 150,000 police arrest records were accidentally lost from a police database last week. The lost files include DNA, arrest history records and fingerprints. As these files are now lost from the Police National Computer (PNC), essential evidence from crime scenes no longer exist which means that criminals will be able to go free for crimes they have committed.

The Home Office released a statement that said: “The technical issue with the Police National Computer has been resolved, and we are working at pace with law enforcement partners to assess its impact. The issue related to people arrested and released where no further action had been taken and no records of criminal or dangerous persons have been deleted. No further records can be deleted.”

The shadow home secretary, Nick Thomas-Symonds, believes that the Home Office’s statement was not good enough saying that, “it’s not good enough for the home secretary to hide behind her junior minister on this when there has been such a major security breach on her watch. It’s now vital that she makes an urgent statement outlining the true scale of the issue, when ministers were informed and what the plan is to provide public reassurance. Yet again, Conservative incompetence is putting people’s safety at risk.”

The post 150,000 police arrest records lost appeared first on IT Security Guru.

Security context: The starting point for how Kubernetes Pod security works

This blog was written by an independent guest blogger.
Organizations are increasingly adopting Kubernetes to manage their containerized workloads and services, but Kubernetes security incidents are on the rise, as well. In the fall 2020 edition of the “State of Container and Kubernetes Security” report, for instance, 91% of respondents told StackRox that they had recently adopted Kubernetes. Three quarters of survey participants went on to reveal that they had deployed the container orchestration platform in their production environments. Even so, nine out of 10 respondents told the company that their organizations had suffered a security incident in their container and Kubernetes environments over the last 12 months. Subsequently, nearly half (44%) of respondents said that they had delayed moving an application into production due to their security concerns.
These findings highlight the need for organizations to strengthen their Kubernetes security. They can do this by focusing on the security of their pods….

David Bisson Posted by:

David Bisson

Read full post

      

The post Security context: The starting point for how Kubernetes Pod security works appeared first on Cybersecurity Insiders.

After the global attack by the hackers, the FBI became interested in the company JetBrains

FBI officers began checking the JetBrains company. So far, there are no specific accusations, but the special services are investigating whether the products of the above company could be used in the hacking of the American SolarWinds, which is considered the starting point of the global hacker attack.

JetBrains, founded in Prague in 2000, sells customers software that makes it much easier to create applications. For millions of developers, its tools are indispensable: the company now has more than 10 million users in more than 213 countries.  In an interview with Forbes, the company’s CEO, Maxim Shafirov, said that despite the pandemic, revenue has grown by 10% over the past year, and the company suggests that this year it can reach $400 million. According to a JetBrains representative, the company is worth more than $1 billion.

On Wednesday, The New York Times, Reuters and The Wall Street Journal reported that the investigation does not exclude the possibility of connecting JetBrains with one of the largest acts of cyberespionage in recent times. The publications contained hints that hackers could have hacked JetBrains or one of its products, the TeamCity testing, and code-sharing service, in order to then gain access to the systems of SolarWinds, which used this service. 

As a result of the attack, hackers compromised one of the SolarWinds tools and used it to break into the networks of customers, including government departments and major US IT companies. Among the victims of the cyberattack were the US Department of Justice, which announced that 3% of its messages sent through Office 365 were compromised, as well as the US Department of Energy and Treasury, Microsoft, Cisco and other organizations. The US claims that the attacks are linked to Russia. The Kremlin denies any involvement.

It is noted that the reputation of JetBrains can be seriously damaged if it is proved that its employees are involved in compromising the software and its misuse.

Microsoft President wants Industries, and Govts stay united against Cyber Attacks

Disclosing his mind at the CES 2021, Microsoft President Brad Smith said that the industries and governments should stay united in fighting against cyber attacks. He added that federal agencies in association with business firms should formulate rules and share information about cyber threats that helps in mitigating the risks before any untoward takes place.

Speaking at the Consumer Electronics Show 2021, the tech giant leader sarcastically mentioned what has happened in the case with SolarWinds that has apparently impacted over 250 federal agencies and private firms that includes Microsoft, Cisco, Ford, Visa, Mastercard, LockHeed Martin, Procter & Gamble, Yahoo!, Time Warner and Gillette.

“As computers create new promise, there are new perils arising as well. In the year 1983, there was a movie ‘WarGames’ that showed a hacker almost starting a World War 3 after gaining access to the supercomputer operating in United States. And the same scenario could happen if we fail to react now”, commented Smith.

Now, to those uninitiated, at the end of last year, Security firm FireEye announced to the world that hackers funded by Russian intelligence could have taken control of Federal servers operating in United States and might be snooping on the generated data and related activity since 2018.

A detailed probe launched later by FBI stated that the attack could have taken place through compromised Orion Software used by certain agencies and companies and produced by SolarWinds.

Trump administration tried their best to transfer the blame to China. However, the Biden led nation is said to make a detailed inquiry on this note after the Trump Impeachment goes for a final verdict by the end of this week.

Therefore, Microsoft that found its source code stolen in the Solorigate scandal wants to set some international rules and standards to curb any kind of conventional warfare in the cyber sphere. And the only way to see this through is with an international collaboration between nations.

The post Microsoft President wants Industries, and Govts stay united against Cyber Attacks appeared first on Cybersecurity Insiders.

German Investigators shut down DarkMarket

On Tuesday, German authorities announced the shut down of an illegal marketplace found on the darknet. Among the products sold on the network, known as DarkMarket, were drugs, forged money, stolen or forged credit cards, anonymous mobile phone SIM cards and malware. Prosecutors stated that the large network had nearly 500,000 users, more than 2,400 vendors and had processed more than 320,000 transactions before its shutdown. As a result, more than 140 million euros (the equivalent of 170 million US dollars) had been exchanged.

German investigators uncovered the network working together with police from Australia, Britain, Denmark, Switzerland, Ukraine and Moldova. A suspect has been arrested near the German-Danish border.

 

The post German Investigators shut down DarkMarket appeared first on IT Security Guru.

Security System Enhanced by Google and Mozilla

 

The development teams of Google and Mozilla shared their progression regarding the minimization of classic web security attack vectors such as cross-site request forgery (CSRF) and cross-site scripting (XSS). The latest browser security features present assurance of destroying or at least bringing down the classic web security attack vectors. 


Google elaborated in a blog post last year on how to strengthen its security mechanism and safeguard its applications from usual web susceptibilities and the features safeguarding its applications are Content Security Policy and Trusted Types – depends on script nonces, Cross-Origin Opener Policy and Fetch Metadata Request Headers. 

These security mechanisms safeguard the application from injected strikes and enhance isolation capacities. Google stated that even if the small segment of the malicious script is inserted by an attacker, “the browser will refuse to execute any injected script which doesn’t identify itself with the current nonce” and this eases down the impact of any server-side inserted susceptibilities containing reflected XSS and reflected XSS. 

The Content Security Policy (CSP) was refined by the enforcement of these developments by Google and the tech giant stated that “CSP has mitigated the exploitation of over 30 high-risk XSS flaws across Google in the past two years. Nonce-based CSP is supported in chrome, Firefox, Microsoft Edge, and other Chromium-based browsers. Partial support for this variant of CSP is also available in Safari”.

Meanwhile, Mozilla spokesperson stated to The Daily Swig that Mozilla’s security was boosted due to the injection of Project Fission last year and the Firefox security team has played a massive role in making the internet more secure for all users. He added that the primary aim for this team has been Project Fission and Mozilla’s enforcement of Site Isolation in Firefox; currently. the Project Fission can be tried out in the Nightly version of the search engine.

Project Fission along with Embedded Policy and Cross-Origin Opener is the component of Mozilla’s mitigations against Spectre-style strikes. The search engines must add the security mitigations that support today’s browsing experience. 

Santiago Diaz, who is working as an information security manager at Google stated that on the inserted side Trusted Types and CSP3 are “battle-tested mitigations that make the vast majority of DOM-based XSS unexploitable when used correctly”.

Sizing Up the Role of Deception Technology

Chris Kubic, Former CISO of NSA, on Strategies for Success
Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape. “Where deception comes into play is for the unknown threats, the things that are either an attack you haven’t seen before or the attacker evolved their technique.”

What is DLL hijacking? The Windows exploit endangering your sensitive data

This post was originally published by Edward Kost.

A simple DLL file was the catalyst to the most devastating cyberattack against the United States by nation-state hackers.

This cinematic breach demonstrates the formidable potency of DLL hijacking and its ability to dismantle entire organizations with a single infected file.

What is DLL hijacking?

DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL).

Only Microsoft operating systems are susceptible to DLL hijacks.

By replacing a required DLL file with an infected version and placing it within the search parameters of an application, the infected file will be called upon when the application loads, activating its malicious operations.

For a DLL hijack to be successful, a victim needs to load an infected DLL file from the same directory as the targeted application.

If applications that are automatically loaded upon startup are compromised with a tainted DLL file, cybercriminals will be granted access to the infected computer whenever it loads.

 

DLL hijacking is not an innovative cyberattack method. It has been in circulation among cybercriminals since Windows 2000 launched.

Read more here: https://www.upguard.com/blog/dll-hijacking

The post What is DLL hijacking? The Windows exploit endangering your sensitive data appeared first on Cybersecurity Insiders.

Classiscam Operation Made More Than $6.5 Million in 2020

A newly uncovered Russian-based cybercrime operation has been helping classified ad scammers steal more than $6.5 million from victims across the US, Europe, and the former Soviet States. Cyber-security firm Group-IB has been investigating the operation that they describe as a scam-as-a-service and named it Classiscam. Their report says that the scam began in early […]

The post Classiscam Operation Made More Than $6.5 Million in 2020 appeared first on Binary Defense.

Accellion File Transfer Applications Targeted in New Zealand Central Bank Attack

More people are working from home now than ever before, often times with less security. Chat services and email have become the primary means for communications among organizations, so threat actors attempt to exploit them. Phishing attacks have always been a common attack vector among threat actors and have become more prevalent over the last […]

The post Accellion File Transfer Applications Targeted in New Zealand Central Bank Attack appeared first on Binary Defense.