Security

Trend Micro and the threats of cyber espionage: actual and future trends

The second edition of the Security Barcamp organized by Trend Micro proves to be a very interesting meeting about IT related topics, both on a worldwide and on a more Italian-focused scale.

TM logo newtag stack 4c

Rik Ferguson, Trend Micro Vice-President, was the special guest of the event and, in an extended speech, he spoke about the three main threats in the IT field of the moment and which will be in the future.
The most important threat is ransomware for sure. The phenomenon boomed in 2015 and experienced a 400% growth in terms of attack typologies and available families during the following year. The new trend is to refine and improve the attacking techniques with a particular focus on selected business targets (whose data have an important value and can justify the payment of the ransom) and social engineering, which is at the basis of these attacks.

Read more ...

Security Bulletin - April 2019

DDoS attacks and Botnets

Attacks on mobile software almost doubled in 2018
Kaspersky Labs has released an interesting report entitled "Mobile malware evolution 2018", available at this address, which takes stock of the spread of malware on mobile devices in the past year, offering a useful tool to try to understand the future trend and react now.
Among the results highlighted by the report, which was conducted on the basis of data collected by devices with installed Kaspersky applications, the most important regards the number of attacks recorded: from 66.4 million in 2017 to 116.5 in 2018; on the other hand, the number of compromised installation packages has decreased (5,321,142 in 2018, almost 500 thousand less than the previous year).
Compromised apps include droppers (drop-down trojans that bypass checks and "drop the actual malicious package), adware (invasive advertising), risktool (apps that can cause physical damage) and spyware, including home banking systems, given their increasingly widespread use.

StealthWorker uses Windows and Linux to puncture sites
Fortiner researchers have identified a botnet that uses StealthWorker, a malware discovered a few weeks earlier by Malwarebytes.
Compared to the first version that focused only on Windows, this version of the malware has as its goal Linux, thus becoming a multi-platform threat; not only: by analyzing the open directories available on the C2 servers (Command & Control) indicated in the Malwarebytes report, evidence has been found that even the Mips and ARM architectures - therefore IoT devices - are involved. In both cases an automatic execution is scheduled to survive the restarts that releases the malware payload. Each infected machine is used to attach CMS installations like Joomla, Magento, Drupal and WordPress with brute force login attempts, and if the attack succeeds, not only are the credentials sent to the C2 server, but the compromised host becomes a zombie, creating a real botnet.

Read more ...

Security Bulletin - July 2018

DDoS attacks and Botnets

The FortiNet Threat Landscape Report Q1 2018 report is now available

FortiNet has published the Threat Landscape Q1 2018 report, which analyzes data collected between January and March 2018.

The report shows that most (55%) of infections due to a botnet lasted less than a day, 18% less than two days and only less than 5% more than a week, a sign that botnets are constantly evolving.

The infection due to the Mirai botnet is the one that lasts longer: on average 5 and a half days; but Ghost is the prevailing botnet.

Although 268 different botnets have been identified, their number and activity is declining in the analyzed period; the activity of crypto-jacking, that is generation of cryptocurrencies, is the main one.

Read more ...

GDPR: portability of data in the context of the new European regulation

Data portability in the new European Regulation 2016/679
A new civic duty for personal data controllers and a new right for data subjects: let’s see the content, the legal basis and the actual realization.

Why should one be interested in data portability and understand what it means?
The date of the 25 May 2018 comes closer. That day the GDPR will come into effect in all EU Countries. There are several news introduced by the new regulation that must be understood, regardless of being the physical person personal data refers to (as new rights are gained), or being the controller of data being received and processed (as new duties are gained). One of the main new features it the so-called “right to data portability” which is outlined by Article 20 and “Whereas” 68 and 73 of the GDPR, and illustrated by the Guidelines WP 242 adopted on 13 December 2016 (and last revised on 5 April 2017), the so-called document WP 242, written by the European Working Party “WP 29”.
The text of the GDPR can be accessed here, while the WP 242 document can be accessed here.

Read more ...

Spectre and Meltdown: a recap

The first week of the new year was characterized by the appearance of two major flaws in processors, the so-called Meltdown and Spectre announced by Google ProjectZero in this post, which afflict most of computers and devices in use today. The impact has been outstanding in terms of media coverage, and the topic has been the subject of discussion not just among IT professionals.

Meltdown and Spectre briefly

Meltdown and Spectre are two distinct vulnerabilities that affect computer processors: not just servers, laptops and desktops but also micro-computers, specialized computers and IoT devices. They were discovered by four different research teams who reported them to CPU manufacturers, several months prior the publication of the news; but these vulnerabilities are not new, in fact they have existed for decades. No computer with a processor produced in the last 20 years is to be considered immune and safe; a dedicated tool for Linux and BSD is available and provides information on the system status, and a similar tool for Windows exists too.
We are not aware of known attacks: antivirus can detect the code responsible for an attack, but not the vulnerability itself.

Read more ...

Security Bulletin - April 2018

DDoS attacks and Botnets

Mirai variant turns IoT devices into proxy servers

Fortinet has identified a variant botnet of Mirai, the famous botnet responsible for attacks to DynDNS and KrebsOnSecurity, in addition to DDoS attacks turns infected IoT devices into proxy servers.
The botnet, called Mirai OMG, installs a malware on the victim systems that generates two random ports, adds the appropriate firewall rules, then installs 3proxy, a minimal proxy server.
Fortinet has not detected botnet attacks, analyzed in a quiescent state, and the authors are supposed to sell access to IoT proxy servers.

Read more ...

IT Security Bulletin - January 2018

In the next issue you will find an article dedicated to the recent Meltdown and Spectre vulnerabilities, which are not covered in this bulletin.

DDoS attacks and Botnets

Necurs botnet now distributes ransomware
Necurs is alive and kickin’ and is distributing malware with, at least, three different campaigns as MyOnlineSecurity reports.
The first campaign is about the Scarab ransomware and is spread through emails. A bogus email has copier@victim-domain as sender, “Scanned from HP” (or other brand) as object, the email body is blank but there’s an attachment which, obviously is the ransomware itself. Such email pretends to deliver documents scanned with a network printer.
The second campaign too is conveyed via email and is about another ransomware, Globeimposter. The sender is invoicing@random-company, a random alphanumeric string as object (ie, FL-610025 11.30.2017), and as the previous one it has no body content but an attachment.
The third campaign is similar and pretends to deliver an invoice from Amazon as an attachment. It’s not a ransomware, but a banking trojan indeed.

ProxyM botnet attacks websites
Dr.Web identified a botnet, called ProxyM, which is based on the Linux.ProxyM.1 malware and previously used for email spam campaigns (up to 400 messages per device per day).
The malware being distributed attacks Linux devices and creates a SOCKS proxy server; the attack mode has changed recently, and today ProxyM hacks websites. Infected hosts perform SQL Injection, XSS (Cross-Sie Scriptingt) and LFI (Local File Inclusion) attacks on websites like forums, game servers and generic sites, without a precise scheme. Dr.Web observed 10 to 40 thousands attacks per day.

Read more ...

OWASP ZAP: a powerful tool to discover Websites vulnerabilities

OWASP Zed Attack Proxy (ZAP) is an integrated tool dedicated to penetration testing that allows to identify vulnerabilities in Web apps and Websites. It’s an easy and flexible solution that can be used regardless of the proficiency level: it’s suitable for anyone, from a developer at the beginning with pentesting to professionals in the field.

owasp zap cover

ZAP is composed by two macro-section. The first one is an automated vulnerability scanner that can identify problems and provides a report for developers, sysadmins and security pros with all the details of discovered vulnerabilities in order to fix them.
The second one allows ZAP to work as a proxy and inspect the traffic and all HTTP/S requests and events -- there’s also the interesting capability of modifying them to analyze behaviour that differentiate from the norm or analyze their triggers which can be harmful to the system.

Read more ...

Internet of Things, security and privacy: a few remarks on juridical aspects

 

What are the most relevant juridical implications derive from the use of IoT devices, in particular in terms of personal data? What are the profiles that must be kept into account when developing IoT solutions?

This magazine has described the Internet of Things in the “Word of the Day” column and in last issues we had an article dedicated to the protection of IoT devices.
The interest on the topic is easily justified: a recent study by Aruba Networks, “The Internet of Things: Today and Tomorrow”, highlighted that the economics advantages of a business due to the adoption of IoT devices appear to exceed the expectations, so we can forecast a boom of the trend in the near future, in particular in sectors like industrial, health, retail, “wearable computing” (ie wearable devices like glasses, dresses, watches, etc.. connected to the Network), Public Administration, domotics and where companies create a “smart workplace”.
Therefore, as a consequence of the ample variety of sectors and the general interest on the topic, a lot of complications and implications might arise in terms from the use of IoT devices, in so as far legal aspects are concerned.

Read more ...

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  •  GURU advisor: issue 21 - May 2019

    GURU advisor: issue 21 - May 2019

  • GURU advisor: issue 20 - December 2018

    GURU advisor: issue 20 - December 2018

  • GURU advisor: issue 19 - July 2018

    GURU advisor: issue 19 - July 2018

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1