* Posts by gr00001000

66 publicly visible posts • joined 8 Jul 2013

Page:

Microsoft confirms Russian spies stole source code, accessed internal systems

gr00001000

Cozy Bear the solarwinds crew

We should be worried.

Knew this was not just mailboxes, bur Microsoft effectively covered it up.

Something big going down.

What Microsoft's latest email breach says about this IT security heavyweight

gr00001000

Re: Same as it ever was so beware Defender APT

Beware dealing with security and Microsoft. Defaults are a failure, logging until recent years a failure, features and updates an issue.

Ex-GCHQ software dev jailed for stabbing NSA staffer

gr00001000

Australian gun crime

Nonsense Australian gun crime has not soared. Don't know what you are reading buddy.

229 total in 2019

209 total in 2018

196 total in 2017

3CX thought supply chain attack was a false positive

gr00001000

Re: VT is just a static check...

Uploading to Hybrid Analysis sandbox would have been a better check here.

Global pandemic was good for business, say UK infosec pros – but we're still burning out

gr00001000

pivot to cyber

$$$$$$$$$$$$$$$$$$$

$$$$$$$$$$$$$$$$$$$.

Says infosec.

Hospitals cancel outpatient appointments as Irish health service struck by ransomware

gr00001000

Red team tools

Red team tools have been turned on targets for profit worldwide. No pent-test, just using pen-test tools to breach any target, any company, any system.

gr00001000

NEW SCHOOL BANK ROBBERY

A CRIMINAL!!!!!!!!!!

Do you expect me to talk? Yes, Mr Bond, I expect you to reply: 10k Brits targeted on LinkedIn by Chinese, Russian spies

gr00001000

Recruitment/eCrime 'businesses'

Ties in nicely to the Combi/FIN7 incident.

Notorious FIN7 gang Cybercrime gang posed as penetration testing firm to recruit hackers

35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang, realised it was actually an eCrime unit after joining.

Beware those startups!! Its all starting to fall in place, gangs such as PYSA leave notes about 'better security' and improving posture after payment.

The attackers have sys admin skills as well as pen-testing skills, they are converted IT workers some of them. They are operating as business units, with targeted BUs, organised reconnaissance, front end correspondence helpdesks.

Just 2020 things: Miscreants hit remote desktops 700% harder as world's IT teams try to support locked-down staff

gr00001000

Yes. It has been that bad, 2020.

Absolutely this rings true for me, I have personally witnessed it. What is missing from the RDP explainers is that: RDP is AKA terminal services gateway a command line authentication medium. It can be authenticated against in non-GUI command form with repeated password brute force tooling easily. I think that would help folks understand. Threat actors absolutely went after all these new RDP setups, +768% is certainly what I would expect from my CERT position.

Also, some genius MSPs decided to leave Administrator as an option over RDP. Administrator does not have a default lockout as standard. So they get smashed first.

Hackers love recon. They pull usernames from that recon, start using these gleaned usernames on the available RDP services, they get smashed next.

Sites don't restrict GEO or remote access to their RDP. Any IP in the globe can attempt access for full desktop control. Madness. But thats the pandemic.

People have been very slow to learn, Windows O/S and RDP is not a secure or workable soluton for remote working. At all. Firewalls and web servers are things designed to face the internet, not RDP. RD Gateway will still be an easy win with a phishing creds steal.

I have seen over a dozen institution ransomware cases 90% started with pandemic induced RDP. Most had alternating actual malicious tooling/binary delivery methods/TTPs - thats different groups attacking via the same initial vulnerability.

After 11 years, Australia declares its national broadband network is ‘built and fully operational’

gr00001000
Headmaster

surely a typo?

The plan was said to >>>>>>>>>>retard<<<<<<<<< wide adoption of digital services such as telemedicine or videoconferencing.

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

gr00001000

Is the punchline that

The FTP update server hardcoded credentials was shared with SolarWinds and Twitter and all the researcher got was a tame thanks..

COULD that have been what they used

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

gr00001000

Worst case scenario

I used to ponder whats the worst multi-nation cyber attack that could happen, within the remits of commercial infosec? A supply chain attack against a major U.S. systems supplier. In the mould of Not Petya M.E. Doc update alteration(was that a practice run)?

Well its happened and they try to keep a lid on this. So since March/April high profile companies with large CERT teams nevertheless have been compromised and who knows how many have had this threat actor floating in their network yet not caught until December. Plenty of time to implant further beacons. Microsoft, Lockeed, Nuclear weapons agency, U.S. Treasury, FireEye, where does the list end..

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why

gr00001000
Holmes

decryption key FTW

What a bunch of cynics some of you are. They may not have paid. There are cases working with CERT teams where decryptor keys have been created and tested and supplied to sites. Don't forget all the malware and ransomware reverse engineers out there folks.

REvil ransomware gang publishes 'Elexon staff's passports' after UK electrical middleman shrugs off attack

gr00001000
Go

Log all the things

Increase your logging to centralised logging including PowerShell if Windows and perform widespread backups to offline/segreagated backups. Also ensure you are using LAN segmentation with VLANs, not flat LANs!

Investigate the intrusion and restore from backup. Some extra security steps mean no payment needed.

Don't get me wrong, implement Defence in Depth and next-get Anti-virus capable of heuristic detection of process injections and Firewalls capable of detection unusual session traffic, but good security can use accept breach and handle the unknown threats.

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts

gr00001000
Flame

Vector identified

RDP lockdown solution or email. Secure both extensively and get that RDP behind VPN. Plain text email, Mark all external emails as external, mail filtering solution too. All public IP resources such as pulse VPN endpoints must have absolute priority in patching.

If it’s another vector such as chain supply attack, your isolated backups, VLAN segmentation and segregated endpoint logging will help.

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle

gr00001000

Also South Korea:

https://indianexpress.com/article/explained/coronavirus-covid-19-italy-south-korea-6317647/

The Ministry of the Interior and Safety developed a mobile phone app, “Self quarantine safety precaution”, to keep tabs on “super spreaders” of the infection. The app monitors the GPS coordinates of those under home quarantine, and alerts the government if they step out.

China WeChat Apps enforcement:

https://news.sky.com/story/coronavirus-italy-struggles-to-cope-as-chinas-cases-slow-11949189

Italy was mentioned as tracking on Sky News live, but no record of it on the Internet seen.

We regret to inform you there are severe delays on the token ring due to IT nerds blasting each other to bloody chunks

gr00001000

University taught courses

I was at University in those cusp years of x.25, Toekn ring, TCP/IP, Ethernet. They were teaching us both at once how confusing.

Since then I mastered TCP/IP networking via Cisco CCNA and glad I did.

Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed

gr00001000

Re: Alternate Internet - Sounds good to me

How can I join for a useful on-going alternative to COMMERCIAL NET © what used to be known as the Internet. After all the writings on the wall for wikipedia.ORG and useful free sites.

I would like to submit my application to your alternative Internet and offer the possibility of extending it in the future through a local Wifi MESH.

Brexit bad boy Arron Banks' Twitter account hacked: Private messages put online

gr00001000

Banksy

Twitter has quickly taken down accounts. File.io taken down link. This story has legs...

Worldwide Web wizard Tim Berners-Lee sticks wellington boot into Worldwide Web's giants: Time to break 'em up?

gr00001000
Pirate

Re: libreMESH

There is no UK representative of Libremesh we need to change that

https://libremesh.org/

Guifi.net Iberian peninsula http://guifi.net

FreiFunk Germany http://freifunk.net

FunkFeuer Austria https://www.funkfeuer.at

Ninux.org Italy http://ninux.org

AlterMundi Argentina http://altermundi.net

gr00001000
Go

MESH

I'm all for banding together and creating a MESH network of inter-connected national WIFI points and locally adminstered server content and services. We don't need these giant ISPs, CDN bohemoths and Internet giants. The corporate commercial Internet can be left by householders and non-commercial pioneers.

The tech is there now, just need some good long distance beaming between towns.

A separate Internet can be formed, just band together and do it........ I'm waiting for it to happen. The only global firm i'd want to be part of it in some way would be a wikipedia.

@frontline_ops

https://mashable.com/2018/01/09/mesh-networks-provide-alternative-intenet-connection/#igk1CqVMYqql

Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare

gr00001000
Trollface

which nation state would seek such data?

Let me think

Ex spy bosses: Cyber-warfare needs rules of engagement for nations to promptly ignore

gr00001000
Big Brother

The Internet battle

Yes the Internet is the new battle space, and also the arena for influencing hearts and minds.

So witness now how it is being ring fenced with favoured tech giant providers in national geographies, chiefly by the search provider/service provider:

Yandex

Ten-cent/Baidu

Google

In the years to come we could withness the regionailisation of the Internet and barriers put up around TLDs and address space.

Ugh, of course Germany trounces Blighty for cyber security salaries

gr00001000

Going freelance

Well if you have any tips on getting started freelance in InfoSec do share them..

Surely theres an initial big risk without a big starting contract/customer or a large contact book?

gr00001000

Analyse all the alerts

The shortage in cyber security skills is the requirement of large amounts of people to perform alert analysis, threat hunting, security posture compliance analysts and incident triage and response. Theres lots of work in these.

Did somebody say Brexit? Cambridge Analytica grilled: Brit MPs' Fake News probe

gr00001000

Cambridge Analytica are relevant to LeaveEU, Darren Grimes is relvant

A large donation of campaign money was donated to Darren Grimes 'social media campaigner' who passed that money on to Aggregate IQ -- AggregateIQ had just been a short-term “contractor” to Cambridge Analytica.

Robert Mercer of Cambridge Analytica is good friends with Nigel Farage, who does seem to spend a lot of time in the states these days... with these Trump aides. "Andy Wigmore, Leave.EU’s communications director, told me that it was Mercer who had directed his company, Cambridge Analytica, to “help” the Leave campaign."

Cambridge Analytica has data points such as social media, financial, residential, employment and connections on many millions of people. They can target individuals using tracking in browsers as well as social media. They can understand who are vulnerable and target them. They can influence voters with online targeting and media targeting to smear opposition to encourage voters to stay at home. The Guardian has done some top notch investigative journalism on this.

https://www.theguardian.com/politics/2017/nov/21/electoral-commission-documents-reveal-more-details-on-vote-leave-donations

Australian central bank says 'speculative mania' and crime fuel Bitcoin

gr00001000

The value of US dollar is heavily based on confidence and reserve currency status based on US Gold reserves, rather than the IOU value of gold in the vaults.

The value of Bitcoin is based on confidence in proven cryptographic hash calculations and the confidence in the difficulty of such.

The US dollar is heavily transacted digitally.

Bitcoin is entirely digital.

The US dollar is preserved by US hegemoney, some gold reserves, currency float valuation and US Securities.

Bitcoin is preserved by CPU power and limited supply.

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?

gr00001000
WTF?

Nathan Barley. Idiocracy.

Teenagers taking out loans to invest in bitcoin.

Idiots bragging materialistic slap stick brainless twaddle on Youtube.

These things will pass.

Vlad the blockader: Russia's anti-VPN law comes into effect

gr00001000
Big Brother

Re: Ooops; Now El Reg is Blocked

Hey look its one of the famous Russian Trolls! Typing in anti-Western views from their troll factory.

Tech firms take down WireX Android botnet

gr00001000

Widespread infection

Surely the next big thing is the malicious actors sussing out the 'Bouncer' system wholesale and creating bots that grow within 6 months to hundreds of thousands.

I'm thinking apps such as the face swap apps and these sorts of crazes, with seemingly low numbers of face swap apps from large coding houses, instead many curious little coding houses offer them.

Because very few people run AV or have MDM full lock down on their Android phones....

Homeland Security: Putin’s hackers tried to crack electoral networks in 21 US states

gr00001000
Childcatcher

POSTAL VOTES

Could the hack and known stealing of personnel data as the https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach of up to 21.5 million been used to register votes used for one certain president??

'We should have done better' – the feeble words of a CEO caught using real hospital IT in infosec product demos

gr00001000
Mushroom

Re: What is it with next-gen AV?

Yep including:

Slagging each other off behind closed doors in conferences

CEOs calling out other NextGen InfoSec companies tech and strategy in press articles

Poaching each others staff, with younger non-public companies offering large options.

Undercutting each other at tenders

Shameless job hopping around NextGen InfoSec by SEs and Sales leaders

That sound you hear is Splunk leaking data

gr00001000

Re: Splunk

Send all your syslogs to one place and correlate for SIEM.

Send all your user transactions to one place and compute correlations in the big cloud.

Seems their Schtick, they're quite successful don't you know.

Three-commas Thiel expresses love for himself, Trump and downtrodden millionaires

gr00001000

He reminds me of those slightly distopian yet glossy films of the 90s like Robocop, running man and Total Recall where wealthy powerful businessmen tread on the normal guy, like some kind of black and white world.....

Oz infosec spooks: ease back on the “cybers”, this is serious

gr00001000
FAIL

error in report?

Your report mentions "The Bureau of Meteorology's woes in August get a mention" then links to the online Census failure. I think the wording needs to be changed to "Australian Bureau of Statistics (ABS) woes"

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

gr00001000

sites down again

26-Sept-2016 18:55 site is saying 503 Service Temporarily Unavailable. I was navigating to read it but suspected something was up then found this story.

Microsoft axes 2,850 more Windows Phone, sales staff – a week after Justin Timberlake sang on stage for them

gr00001000

MARKETING

IMAGE IS EVERYTHING. unfortunately.

gr00001000

Re: Honestly how clueless a comment

3rd largest cloud hosting company with their own data centres

O365 drive going very well, Outlook the most advanced and favourite email client, Word and Excel dominate

Microsoft Active Directory still the favoured enterprise user catalogue and authentication system

Still the favoured corporate OS

Microsoft shares are at their highest in 10 years and 4 x what they were in 2008.

They have a place in the corporate computing world, but maybe not in the home anymore!

Kotkin on who made Trump and Brexit: Look in the mirror, it's you

gr00001000

For Kotkin, at the heart of Brexit was the calculated decision to respond to low birth rates by importing cheap labour :

Yes, it was lazy economics, Gov don't fix the issues, instead allow migration to give us economic growth.

But now, our population will not get to the 80 million with no space on the roads and STEM jobs handed to immigrants with degrees. Its the one potential hope that comes from the mess of Brexit. Fix the STEM shortage by funding STEM degrees. Promote and train staff to advanced positions.

Quick note: Brexit consequences for IT

gr00001000

Switzerland

My hope is, we follow and are seen to be similar to the Switzerland model.

We still have the vast city of London with its global outlook, Tech hub.

The new government surely realise trade and commercial continuity are key and will keep many agreements in place. Its possible they even negociate a deal that keeps much of the EU policies as they are, after all, most MPs dont want to sever links with europe.

Otherwise, Dublins going to get a second Celtic tiger revival.........

Intel told Irish council all was well just before 12k job cuts announced

gr00001000

parallels

I'm starting to see a lot of parallels between the IT industry and the banking industry.

Huge size, employing large amounts of employees in cities.

Beholden to shareholders somewhat for most.

Global industry employing the brightest of certain specialists plus others in company running.

Leading edge adaptation of new working methodologies and restructuring.

Ruthless cost cutting.

Twitter at ten: The social network designed for 2006 struggles into a second decade

gr00001000

Amazing how, by being closed off, Facebook creates it's own ecosystem for users with approved friends, creating a world in which to exist that advertising can be injected into. Twitter just doesn't seem to have gone in the right direction.

Amazon UK boss is 'most powerful' man in food and drink

gr00001000

the geeks shall inherit the earth

Its beyond most peoples comprehension that Amazons original market was Geeks buying heavy expensive technical books and manuals, Cisco and Microsoft press books. From there they conquered the book world and beyond.

The web was orginally a document sharing service populated by computer operators and universities and now is critical to business and most commercial businesses consider launching primarily as a website.

Geeks favoured Apple devices and these days they are the prominant mobile and premium business laptop.

When machines replace workers in site automation and self-learning AI automation robots, the geeks will be kings.

So why exactly are IT investors so utterly clueless?

gr00001000
Happy

S'Amu$e

Amusing read. Whats happened in the 20-teens is the marketing industry has blown up and jumped on/attached itself to the IT industry. People are paid thousands and thousands to hype apps/advertise in the channel/run stands at infosec/Perform SEO for industry giants/viral marketing.

Successes like Uber and AirBnB encourage it, but those are Californian digital disrupters. it doesn't seem very English to create such things. We are more liekly to succeed with purposeful Apps and leave the guff to California.

If MR ROBOT was realistic, he’d be in an Iron Maiden t-shirt and SMELL of WEE

gr00001000

episode names

Kudos to the makers to name each episode as a filename and format: eps1.43xplo0its.wmv eps1.9zer0-daY.avi must give the downloaders some fun. Although they can rename the files easy enough.

The series has much depth and intregue to follow, including the Kali screenshots.

Carders fleece $4.2 million from Victoria's MyKi transport agency

gr00001000

Re: Nah, don't pay them that's the game!

Having lived in Melbourne, the trams were practically free for many people, cheapest PT in the world!

But they cracked down, at the very time Miki came in and it was impossible to pay for your journey on the tram.

Huge hack attack: UK data cops to probe Carphone Warehouse breach

gr00001000

APT

Or they hacked the central network of the company using an APT with targeted malware and exfiltration.

Because their CIO and senior admins haven't learnt about APT protection providers.

Five data centres you can't live without

gr00001000

Ireland cr*p weather win!

Cold climate = more data centres + jobs

Page: