Daily Archives: November 8, 2019

#deepweb | Book excerpt: “Modern Loss: Candid Conversation About Grief. Beginners Welcome.”

Source: National Cyber Security – Produced By Gregory Evans

The undead nature of the digital world, with its Facebook Memories and LinkedIn invites (or, as we learned this week, Valentine’s Day texts delivered from the deceased), causes the dead to die over and over and over again, making grief that much more difficult to overcome for their loved ones.

The following excerpt is adapted from the book “Modern Loss: Candid Conversation About Grief. Beginners Welcome.” by Rebecca Soffer and Gabrielle Birkner (Harper Wave), in which Soffer writes about communing over grief in a social media era. In 2006 Soffer’s mother was killed in a car crash; four years later, her father passed, too. She would later create with a close friend a website, Modern Loss, which shares personal stories of grief from around the world, sometimes with an unexpected twist.

Read the excerpt below, and watch Susan Spencer’s interview with Rebecca Soffer on “CBS Sunday Morning” November 10!

Data: Loss (and Found) on the Internet

By Rebecca Soffer

I was futzing around online at work one Friday afternoon in 2007 when an e-mail popped into my Outlook stream. “I’m coming up with baked chicken tonight,” my mom wrote. “Hang in there. I love you.”

Harper Wave

Well, that sounded pretty fantastic to me. For starters, it had been a rough week. Also, I was hungry. And finally, I really missed my mom’s apricot chicken, considering she’d been dead for more than a year.

Her e-mail was dated May 15, 2006, nearly four months before she died. That was around the same time I’d been in the dumps after breaking up with my longtime boyfriend, conveniently right smack in the midst of “wedding season” among my friends. Gazing at the loving words on my screen, my visceral reaction was to allow myself to be tricked into the possibility that I was actually going to see her that evening. But that was short-lived. There would be no home-cooked dinner. No hugs and kisses and assurances that chances were good I wouldn’t end up like Miss Havisham. No Mom. Just more Ollie’s Chinese takeout and a handful of digital dust taunting me with happier moments.

Never before had the Internet played such a cruel trick on me. Not even when an early version of Pandora had inexplicably erased dozens of carefully crafted stations such as “Bloody Mother F***ing A**hole radio,” based on my favorite Martha Wainwright song. But oh, would the Internet continue to do so. That e-mail, which had bent time and space in its route toward my in-box, was my introduction to the wily nature of the web and its digital cousins, and to the massive wrench technology has tossed into the grieving process.

Since my parents died, I’ve had to be on guard against emotional digital sneak attacks. I’ve declined repeated notes from LinkedIn insisting I really should consider connecting with Ray Rosenberg (thanks, I’d love to connect with my dead dad!). Or gotten fleetingly excited when a Google alert indicated new updates on Shelby Rosenberg, only to read a piece on, weirdly, a star male forward on the Yeshiva University basketball team. Or spent hours on multiple devices deleting Mother’s Day onslaughts from marketers ranging from the unsurprising (looking at you, Edible Arrangements) to the truly very much so (et tu, Jiffy Lube?).

But if these surreal pop-ups are sometimes funny, especially after some time as passed, they are often shocking and painful. The undead nature of the digital world causes the dead to die over and over and over again, and by extension repeatedly rips off the scabs that strive to form over these deep wounds. And I realize I’ve had it pretty easy compared to other people I’ve met through Modern Loss, the site I run. I wasn’t the man who could’ve sworn he was being punked by Google Earth when he looked up his childhood home only to see his dead dad mowing the lawn. Or the grad student who turned off her phone to do a day of research, only to casually check Facebook later and learn that her entire town was talking about her dad’s death in a car accident earlier that afternoon. Or the mom who got repeated e-mails from the school district reminding her it was time to sign her kid up for kindergarten—the kid who’d died two years beforehand.

It’s not the fault of the Internet, in its inherent, uncaring existence. It’s the way we still have little clue as to how one-off “so sorry for your loss” comments or “sadz” gifs can be turned into live, meaningful action. It’s tough to figure out where death fits in between photos of burritos and babies in an unfiltered stream. But I do know that stream makes it easy for us to compartmentalize our feelings, and also to forget grief comes in different guises online. It’s not like you just Instagram it with gentle pastels, photos of lost loved ones, and pulled inspirational quotes. Sometimes grief online takes the form of a smiling selfie because the person posting it is doing everything they can to keep their shit together. And sometimes it’s nothing: just because some someone isn’t baring her soul on a given platform doesn’t mean she’s not in pain.

Rebecca Soffer.

Harper Wave

The Internet taketh away, but it also giveth. And it’s given me numerous ways in which to find solace and community, and build up my resilience.

For one, the web is an enormous empathy-building opportunity. In a matter of hours, we can provide thousands of dollars to families suddenly saddled with hardships; in a matter of seconds, while waiting in line for a cold brew, we can sign petitions to reform bereavement-leave policies. And, I wouldn’t even be writing this piece if I hadn’t been able to help launch an online publication taking on the stigma of loss. That publication is a portal that can draw people out of their isolation from anywhere they have a device, and it is a platform that allows them to state the truths of their grief fearlessly to an audience of knowing strangers-who-get-it, even if they’d balk at doing so in person to their closest friends.

My mom died about the time Facebook started to take off. So I don’t have the benefit of being able to sift through her stream whenever I feel like it, smiling at what would surely have been many Planned Parenthood posts and inadvertent Candy Crush invites. But I’ve found other places to visit her. My favorite is Growing Up Jewish in Northeast Philly, a closed Facebook group of more than six thousand enthusiastic members, of which I am one even though I did not, in fact, grow up Jewish in Northeast Philly. This group has become an unwitting support system for me, and a touchstone to her. Do I remember lunches at Jack’s Deli, hanging out at the American Bandstand studios after school or shopping at Caplan’s for Buster Browns? Nope. But it’s comforting to think my mom probably did, because those seem like nice memories to have.

I don’t have the answer as to how meaningful support can acquire as much e-space as LOLcats (which, for the record, I love). I’m not that smart. But I do know that no “like” can replace a conversation, or a hug, or shared double martinis. So in the meantime, I’ll do my best to use the web for good. I’ll set G-cal reminders to check in with friends on trigger days and remember they still exist as offline humans who occasionally appreciate a good old-fashioned conversation along with an Old Fashioned.

In the meantime, the uncaring Internet will grind on. I’ll keep stumbling upon my dad’s terrible AOL joke forwards. A happy old memory will spring up on Timehop. And I’ll find myself wishing another ancient e-mail promising apricot chicken would inexplicably find its way to me.

Sometimes I’ll open these reminders from beyond unwittingly, but sometimes I’ll do it with one eye open. Because as much as I hate it, I love it. It hurts so good.

Rebecca Soffer is co-founder of Modern Loss and co-author of the book “Modern Loss: Candid Conversation About Grief. Beginners Welcome.” She is a former producer for “The Colbert Report.” Say “Hi” on Twitter (@rebeccasoffer).

For more info:

Source link

The post #deepweb | <p> Book excerpt: “Modern Loss: Candid Conversation About Grief. Beginners Welcome.” <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#deepweb | Slate’s Use of Your Data

Source: National Cyber Security – Produced By Gregory Evans

By clicking “Agree,” you consent
to Slate’s Terms of Service
and Privacy Policy
and the use of technologies such as cookies by Slate and our partners
to deliver relevant advertising on our site, in emails and across the Internet,
to personalize content and perform site analytics.
Please see our Privacy Policy
for more information about our use of data, your rights, and how to withdraw consent.

Source link

The post #deepweb | <p> Slate’s Use of Your Data <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#nationalcybersecuritymonth | NCSAM is Over, But Don’t Let Cybersecurity Fade to Black

Source: National Cyber Security – Produced By Gregory Evans

This Halloween season, we’ve explored the deepest, darkest corners of cyberspace in our National Cybersecurity Awareness Month (NCSAM) blog series—from cyber spooks and digital demons to deathly data breaches and compliance concerns. Our panel of cybersecurity experts assembled to tell you the spookiest things they’ve seen in the digital world—and how many of the risks we face today can be vanquished by some good-old-fashioned vigilance and know-how.

In between mouthfuls of candy, and before the inevitable sugar crash, take a look back on our month of cybersecurity horrors, plus some foreshadowing on the dangers (and opportunities) that lie ahead.

Security Sins That Make Us Scream
Our series began with a look at the most egregious corporate cybersecurity sins witnessed by our experts over the last 12 months. Sending shivers down the spine, they recount tales of hyper-growth, in which companies amassed troves of sensitive customer information but left security programs behind and vulnerable. Stories of complicated vendor ecosystems, hidden vulnerabilities and incomplete security oversight left readers trembling over third-party threats. Our experts go on to warn of the dark dangers within—and how insider threats can be the deadliest. This is particularly true as teams, laser-focused on speed, adopt new tools in an autonomous and localized way, causing shadow IT to proliferate across digital environments outside of security’s control. Remember, a well-intentioned developer using an unsanctioned tool to get work done faster is still a potential threat.

Perhaps most horrifying were the stories of companies and people choosing to ignore warning signs, skip important security steps in the name of speed, sweep data breaches under the rug or give up on cybersecurity all together—without considering the consequences. Too many of these stories involve software and infrastructure security shortcomings. The time is now, our experts urge, to rethink the approach—to think more holistically and with more overarching composition. We can’t continue to bolt on new, (but myopic) tools that don’t communicate or collaborate, while adding new burdens atop already over-burdened security teams. It’s an unsustainable recipe for disaster that will ultimately crush your competitive edge and leave you alone in the dark. A modern digital era requires a fresh mindset and a holistic approach that harnesses the power of machines and the irreplaceable minds of cybersecurity practitioners, while also orchestrating risk management across security tools to gain a continuous and consolidated view of risk.

What’s Keeping Cybersecurity Pros Up at Night
In the rush to digital transformation, organizations are moving workloads to the cloud, adopting new technologies and expanding third-party networks to enhance their offerings like someone is chasing them. Cybersecurity professionals are struggling to even keep track of the assets they need to secure, let alone effectively secure them. Without a clear and comprehensive view of risk, they’re constantly looking over their shoulders, ready for an unnamed but always looming threat to emerge from the shadows. Making matters worse, since speed is the name of the game, software is developed and shipped faster than ever before—often at the expense of proper security.

In post two, our cyber experts foretell of new and emerging threats that keep them up at night—such as attacks on critical infrastructure that could paralyze entire cities or weaponized connected systems that could potentially cause human harm—as the lines between cyber and physical security continue to blur. They also warn of increasing attacks on popular open source programming libraries. As organizations of all sizes embrace CI/CD and agile methodologies, their reliance on open source code grows. Yet despite its many benefits, open source presents new and frightening risk to enterprise security in the form of rampant unpatched software vulnerabilities. Unlike commercial software that can be automatically patched and updated, open source users must keep track of vulnerabilities and manage their updates manually. Given the ubiquity of open source, this is a truly scary and daunting task for security teams. Tools that can orchestrate and automate the discovery of software bugs, flaws and vulnerabilities across open source components, applications and infrastructure can help teams enhance vulnerability management and significantly improve application security programs—while embracing open source with confidence.

The Cybersecurity Skills Shortage: What Nightmares Are Made Of
If you do end up falling asleep at night, these stats are sure to haunt your dreams. There are currently 2.93 million cybersecurity positions open and unfilled around the world, and the numbers are only getting worse. In the U.S. alone, over 300,000 cybersecurity positions remain open, prompting a top DHS official tasked with protecting critical infrastructure to recently declare the shortage a “national security threat.” Forced to fill the gaps and juggle an ever-expanding set of disparate tools, security teams are overworked, overtired and overstressed. Consider that some of the most popular talks in recent years at major cybersecurity events like RSA Conference and Black Hat addressed growing mental health issues across the industry—from anxiety and burnout to addiction and PTSD.

Its time to take on the monster in the room by shifting from awareness to action, our expert cyber panel urges in our third post. Prioritize your people by creating a culture of well-being that emphasizes self-care and work-life balance, providing in-house education and doubling down on cybersecurity recruiting efforts to find the right people to help lighten the load. But don’t stop there. Commit to new approaches that automate and orchestrate processes and empower your security team to scale and amplify their efforts—without adding complexity or sacrificing speed.

Zinger Halloween Tips for the Cybersecurity Mind
In the fourth and final NCSAM installment, our expert panel warns of the dangers of getting lost in the fog without a clear plan and full view of the threats lurking all around. To stay on the right path, security must remain in the forefront of conversation and play a role in all business decisions. To do this, security leaders must change their approach to communicating with executive teams and boards, moving away from scare tactics and F.U.D. (fear, uncertainty and doubt) to speaking the language of the business. This means building a strong case by focusing on business value and outcomes, creating a strategy that aligns with business goals, implementing frameworks to better quantify business risk in dollars and cents (i.e., the FAIR model) and devising a realistic roadmap with defined milestones and metrics.

Don’t try to outrun the bogeyman by cutting corners and choosing speed over security and compliance—particularly when it comes to securing the dynamic software development lifecycle. Conversely, don’t get scared stiff and end up with “analysis paralysis.” Focus on the fundamentals first. Are you following basic cybersecurity hygiene practices, such as patching software, managing new installs, changing passwords, limiting users, backing up data and employing a cybersecurity framework to protect your applications and infrastructure? Embrace DevSecOps by aligning security, operations and development teams to collectively identify and prioritize risks, tackle the most critical first and then expand to new areas over time. Remember—cybersecurity is an ongoing journey, not a final destination.

Stay safe out there, cybersecurity comrades, for the night is dark and full of terrors. But don’t fear, as we close out our NCSAM Halloween series, we’ll be getting back to our regularly scheduled programming here on the ZeroNorth blog… until next year!

Source link

The post #nationalcybersecuritymonth | NCSAM is Over, But Don’t Let Cybersecurity Fade to Black appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cybersecurity | #hackerspace | Maze Ransomware Exploiting Exploit Kits

Source: National Cyber Security – Produced By Gregory Evans

Cybercrime has never been one to hem in tactics with ideology or rules. Rather, malware operators are known to use what works and then modify code to continue to work. By “work,” we mean that the code does what it is supposed to; for information stealers, the work done will be different from the work done by those deploying banking trojans. For ransomware, the work is how easily a machine can be infected and how readily it can encrypt data. The Maze has modified how it infects machines to better complete the cyberattacker’s aims.

Recent Maze distribution campaigns have been seen using exploit kits, which seem to be trendy once more. Once access is gained, the attacker can then execute code and install other pieces of malware, be they ransomware or banking trojans. Maze’s use of exploit kits is not a new tactic; in the past, it has used the Fallout exploit kit. While exploit kits themselves are not new, their use with ransomware is relatively new. Typically, ransomware would be spread via spam email campaigns involving social engineering to trick the user into downloading the malicious program. By using an exploit kit, another attack vector is opened and often users aren’t prepared to defend against it. Exploit kits are seen as a collection of known software vulnerabilities that an all-in-one tool looks to exploit and enable access to the machine to further download other strains of malware. Often, the delivery method for the malware is a drive-by download that the user normally doesn’t detect and can do little to prevent.

When security researcher Jérôme Segura discovered Maze was leveraging Fallout, he determined that the exploit kit was being distributed via a fake cryptocurrency exchange app. At the time of the discovery, in May 2019, it was further found that the attackers created a fake Abra website and then paid for advertising to redirect the user to a landing page that hosted the exploit kit. What was interesting about the campaign was that once Fallout managed to gain remote access and the ransomware was dropped, the ransomware would detect what type of computer was infected. This information was then used to determine the ransom amount demanded for data decryption.

Spelevo Exploit Kit

By the middle of October, researchers nao_sec and GrujaRS discovered Maze was again being distributed via another exploit kit—this time, it was using the Spelevo exploit kit. Spelevo was discovered in June and used many of the old tactics that made exploit kits such a threat. The kit is designed to redirect internet traffic to a landing page controlled by the attackers, which checks to the system of the user who is on the page to see if any of the vulnerabilities the kit targets are available to be exploited. From there, the exploit kit will drop other forms of malware.

When it was discovered, Spelevo was targeting known vulnerabilities found in Internet Explorer and Flash. Those vulnerabilities are CVE-2018-8174 for Internet Explorer and both CVE-2018-15982 and CVE-2018-4878 in Flash, as noted by researchers. Spelevo, like Maze/Fallout, was being dropped via fake websites. This time the website used a fake business-to-business (B2B) page and once a vulnerable computer was found the exploit kit would drop the infamous banking trojan Dridex.

Spelevo—and exploit kits in general—have one Achilles heel: their dependency on Internet Explorer. The now unpopular browser once dominated the browser landscape. Its decline in popularity led to a decline in exploit kit popularity. That said, Internet Explorer still amounts to 5% of the global browser market, according to some sources, still a significant number of machines. As the browser is typically seen as outdated, vulnerability patches are few and far between and attackers hope that updates are not done at all by users still using the software. The same goes for Flash.

The use of exploit kits currently seems to be more of a targeted approach. Given that modern browsers have security measures in place to prevent such attacks from being successful, hackers are going after Internet Explorer users to better guarantee an infection. What made exploit kits so dangerous in the past still makes them a threat today. The threat posed is mainly the drive-by download feature, which doesn’t need any user interaction such as clicking a link. The malware is downloaded as soon as the user lands on the compromised site and a targeted vulnerability is found. They are a threat and need to be taken seriously.

Spelevo and Maze

In this instance, Spelevo again was seen exploiting the vulnerabilities mentioned above. But rather than dropping Dridex, it was dropping Maze. Once Maze is installed, it scans for targeted file extensions—often documents, databases or images—and, once detected, begins encrypting them. Maze is based on the previous ChaCha ransomware and uses its algorithms for encryption along with RSA encryption methods, namely RSA-2048. Following encryption, the ransomware creates a ransom note under the file name DECRYPT-FILES.txt, which instructs the victim how to pay for decryption. Maze comes complete with a support site to further help victims pay; the site even boasts an online chat service. This should by no means be interpreted as kindness on the side of the attacker but rather clever tactics to help facilitate ransom payment.

Screenshot of files encrypted by Maze ransomware (ransom extension):

Screenshot of a ransom demanding message (DECRYPT-FILES.txt) shown by this ransomware:

maze ransomware - ransom demanding message

As mentioned above, Maze is based on ChaCha, which was distributed mainly via free software bundles that were compromised to include the ransomware or through spam email campaigns. ChaCha adopted the more traditional distribution path that relied on user interaction. Maze opted for exploit kits that made use of drive-by downloads. The question of which is better can only be answered by the operators behind the attacks. Both come with advantages and disadvantages and time will tell which is favored. Given Internet Explorer’s continued decline, the traditional methods may be favored by more hackers.

Given that Maze has used two exploit kits to help with infection, the tactic will see continued use in the near future. If the tactic works there is no need to change until it no longer works. Spelevo has seen very few modifications since its discovery, except the secondary payload has changed from banking trojan to ransomware. This is by no means novel; hackers will often look to use whatever can make them money. Recent research reveals an increase in exploit kit use in 2019 so far, which means users can expect not only trojans and ransomware to appear on their system but other types of malware.

Defending Against Spelevo and Maze

It is important to remember that both Spelevo and Maze attacks can be prevented. Users are advised to steer clear of legacy software packages such as Internet Explorer and Flash, as Spelevo only targets vulnerabilities found in those packages. In 2017,  when they hit their peak in popularity, browsers were incapable of preventing the kits from initiating drive-by downloads in many cases. Now Edge, Chrome and Firefox all have security measures in place that prevent exploit kits from automatically downloading harmful files. Users are strongly advised to use one of these browsers instead of Internet Explorer. Simply by changing the browser used, the user has removed the threat of falling victim to Spelevo.

In defending against Maze, there are a number of things users can do, many of which protect against not only ransomware but also a wide variety of different malware families. For most ransomware and other malware families, users are advised not to click on links received via emails. This is the primary method many ransomware operators are dependent on for infecting devices. Further, users are encouraged to perform proper backups regularly, thus mitigating data loss in the event of an infection.

Users also should install all current Windows security patches and ensure all other software is up to date. This effectively prevents exploit kits from taking advantage of now-patched vulnerabilities.

As some ransomware families are spread by abusing remote desktop services, users should make sure that machines running remote desktop services are not directly connected to the internet or place them behind VPNs. Having a reputable anti-virus package is also recommended. The majority of malware infections are preventable by adopting good security practices.

Source link

The post #cybersecurity | #hackerspace |<p> Maze Ransomware Exploiting Exploit Kits <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof