Lynis v1.5.7- Security auditing and hardening tool

Hardening operating system is important to protect your environment against any compromise. one of the open source tools that you can use for hardening Unix and Linux based systems is Lynis. Lynis will run several hundreds of tests and perform an audit for your system so it will check the configuration files to find out if you have the correct configuration and report for what are the gaps you have on your systems.

Lynis help you with taking the right measures and check the related controls and define your improvement plan this to meet security standards such as Basel II,GLBA,HIPA , ISO27001/ISO27002, PCI-DSS and SOx (Sarbanes-Oxley). Lynis will make the compliance scan you need to evaluate your system against the standards so you can have a checklist with the action plan to properly harden your system.

lynis-screenshotScreenshot for Lynis

At the moment there are an open source version that you can use for security auditing,vulnerability scanning and system hardening. While you can find an enterprise version which adds more components for the compliance check and security. you can download Lynis over this link: http://cisofy.com/products/

Share

CTB-Locker (Critroni) on the rise and using TOR

Attackers are implementing new strategies to exploit new vulnerabilities and increase their bot network.  Critroni is a new malicious program that have been sold in the underground forum. this kind of malware uses Tor network for the command and control servers to hide their presence and mask the source of attackers.

Critroni can be purchased for 3000 USD and provide attacker a platform to implement spam bot computers. the bot allows to install other malicious components and encrypt data similar to ransomware asking victim to pay online in order to have their files back. locking the computer is one of the method that becomes more often used by cybercriminal because it makes victim computer as a hostage and it will be almost impossible to decrypt the file without paying bitcoins to attackers.

ctb_startscreenshot after locking the files by Critroni

The problem with such infection that attackers provide the victim a 72 hours to have their files back and they perform the online payment otherwise files are going to be destroyed and user will lose all the data forever. the property for using tor makes it hard to track attacker because C&C server will be using an IP that are not for the cyber-criminals.

Here is more information about Critroni: http://malware.dontneedcoffee.com/2014/07/ctb-locker.html?view=classic

Share

RpcView – Tool to explore RPC functionality

RpcView is a free tool that can be used to monitor and decompile all registered interfaces on windows operating system. Information provided by this tool include the following:

  • the Pid of the process hosting this endpoint;
  • the used protocol among which the main ones are ncacn_ip_tcp, ncacn_np and ncalrpc;
  • the endpoint name depending of the underlying protocol:
    • port value for ncacn_ip_tcp or ncadg_ip_udp
    • pipe name prefixed by \pipe\ for ncacn_np
    • (A)LPC port name for ncalrpc

RpcViewRpcView interface to explore RPC processes

Usually there are registered RPC calls by name and the tool will help in listing them to identify legitimate once. on the other hand there are anonymous RPC processes and for those security researcher will need to dig deeper and investigate the DLL source for them using this tool.

At the moment there are both versions for 64-bit and 32-bit operating system and you can download RpcView over this link http://rpcview.org/

Share
Security code

Privacy Groups Calling for Internet Users to Employ More Security Tools

When Edward Snowden blew the whistle on the National Security Agency last summer, revealing that the agency had spied on millions of people online, Internet privacy advocates and security experts were concerned. If the U.S. government was able to engage in a large scale surveillance program without anyone noticing, who else is watching average Americans and businesses as they go about their normal activities?

In the wake of the surveillance allegations, a number of organizations, including technology companies, privacy advocates, civil liberties groups, websites and security firms are calling for better protections against unauthorized snooping. The centerpiece of their campaign is the “Reset the Net” campaign, which calls upon websites to deploy more effective security and privacy measures designed to keep online activity safe from surveillance — both from government agencies and cybercriminals.

While no one wants to allow risks to national security to go unchecked, many people are concerned that weaknesses in the current privacy and security controls on the Internet foster an environment in which individuals have limited privacy. It’s important to note that while government agencies were able to collect personal data simply by tapping into the unprotected networks, they need a court order — which must be precipitated by reasonable suspicion of wrongdoing — in order to review the information.

Still, many people bristle at the notion that someone is keeping tabs on their Netflix viewing habits or how long they play Candy Crush. Not to mention, cyber criminals do not adhere to restrictions regarding data collection — after all, they are usually accessing it illegally in the first place. This makes the call for increased privacy enhancements a matter of interest to everyone.

Protecting Your Privacy

While the “Reset the Net” campaign is focused largely on websites and service providers, there are steps that individuals can take as well to protect themselves from snooping and spying. Given that most people share sensitive data online every day, such as when they bank online, it’s important to take steps to protect your privacy and secure data.

To that end, privacy experts recommend taking the following steps:

Encrypting Data. Encryption is one of the most effective ways to protect your information from snoops. In fact, several major email services, including Google’s Gmail and Yahoo Mail have recently announced that they will begin using data encryption to secure messages sent and stored on their servers. Businesses and individuals alike can install encryption solutions on their computers to encode data both at rest and in transit, essentially rendering it useless to anyone who accesses it without the proper credentials.

Use Virtual Private Networks. Many businesses that allow BYOD have developed VPN’s to prevent employees from accessing corporate networks via public Wi-Fi or other unsecured connections. Individuals who do not have access to a VPN via their employer, or want to be able to check their email or bank balance securely using their smartphone or laptop in a coffee shop can download applications that create individual VPNs for increased privacy. A VPN won’t make you completely anonymous online, but it will block the hacker sitting at the next table over from eavesdropping on your online session.

https

Use HTTPS. Anyone who shops online should be familiar with HTTPS: When the S is added to the end of the “HTTP” in a web address, it indicates a secure connection. If the S doesn’t appear, anyone can spy on what you are doing. Consider installing a plugin that will ensure that any time you visit a site that has HTTPS capability, it’s launched.

Use Airplane Mode. If you’re doing something on your smartphone or tablet that doesn’t require an open Internet connection, switch the device into airplane mode. You will still be able to play games or watch downloaded videos — or even draft emails or text messages — but no one will be able to spy on your activities. When you can securely connect the device to a Wi-Fi network, then return it to normal mode and send your messages or update social media.

Some argue that the only way to maintain complete privacy is to ditch the smartphone and stay off t he computer. While that may be true, it’s certainly not practical for most people. It is possible to protect yourself from people who want to capture your information or see what you’re doing online without permission, so spend some time pulling down the proverbial shades. Even if you have nothing to hide, there’s a good chance someone is interested in what you’re up to.

This Guest blog is by  Erica Taylor

Share

Don’t Let Usability Issues Compromise Security

RISKAnyone who has worked in an office environment as probably received an email or alert notifying staff that it’s time to change their login passwords (again) — and that those passwords have to meet an ever growing list of criteria: Letters, numbers, symbols, at least 8 characters, a Klingon word and their great-grandmother’s favorite color. So you come up with another “unbreakable” code that you can’t remember and write it down on a sticky note, conveniently stuck to the corner of your monitor.

Or perhaps you want to bring some work home for the weekend. But using your company’s secure system requires logging in, uploading the files and then establishing a secure connection — another multi-step process that adds several minutes and a migraine headache to the process. It’s easier to just email the files to your personal account, so you do.

Sound familiar? If so, welcome to a common problem in the world of security, where the solutions designed to protect us from “the bad guys” often create bigger security risks due to their lack of usability.

Common Barriers to Usability

One common issue in IT security is that the greater focus on security than on productivity. IT is so intent on protecting the asset that they forget that real people actually need to use it. Hence the regular and increasingly more complicated requests to change passwords, or the limited access to certain areas of the network, even though the employee has a legitimate reason to be there.

Some of the other common ways that security teams put security before usability include:

  • Implementing complex “tests” in order to gain access. An example is the CAPTCHA codes widely used to ensure that it’s a real person attempting to gain access. Yet they are almost universally hated, and many people would rather find a different application or online store than suffer through multiple attempts at getting the code right.
  • Overzealous blocking of websites or applications. Some companies go so far as to block any website that contains certain terms, fearing that employees will access inappropriate or harmful material on corporate networks — while also impeding their ability to do legitimate work-related tasks online.
  • Excess login requirements. A system that requires users to log in, enter a CAPTCHA code and then a one-time use code sent via text is not user-friendly. Multi-factor authentication does not mean using every single form of security available.
  • Implementing systems that are complex and do not fully identify or explain risks.

These are just a few of the ways the security overrides productivity, and they can put your data at risk. When your security protocols are so complex that employees use workarounds (like sending unencrypted emails to personal accounts),the very tools that you have in place to protect your network and data could be the cause of a security breach, as users attempt to find workarounds.

passwordSolving the Usability Problem

Just because a security solution limits what users would like to be able to do — or causes them to take a few extra moments to ensure that that everything is protected from prying eyes — doesn’t mean that it isn’t valuable. It’s just as hazardous to focus on productivity and ease of use while putting security on the back burner as it is the other way around.

The key is to find the right balance between implementing solutions that people will actually use and those that provide the highest degree of protection. To that end, it’s often best to approach security with the following in mind:

  1. How does this solution operate? Ideally, security should operates in the background with a minimum of user intervention, like SafeNet cloud security and encryption solutions.
  2. How can we streamline the security process? For example, implementing a single login process that allows an authorized user access to everything he or she needs on the network can make it easier for workers to stay productive while still protecting sensitive data.
  3. What are the security priorities? Does every application need the highest level of protection, or can security be managed in tiers, with lower priorities receiving less stringent access protocols?
  4. How can we move security from a place of “no” to a place of “yes”? Many experts note that modern IT security is largely focused on preventing bad behavior and protecting networks against “what ifs,” without thinking about how people really use them. Instead of focusing on blocking, preventing and denying, security should focus on how to allow people to do what they need while still providing protection.

The balance between usability and security has long been a tenuous one, and there is no easy solution. However, IT security teams that recognize the issues and take steps to mitigate the problem will likely find that they have fewer security issues and an overall safer network.

Share

‘This Content Might Require Java Update 13.6′ Is a Masked Malware Attack

Java update is one of the technique that is used by cyber-criminal to promote their malwares. over this week onlinethreatalerts posted a new article that cover an online advertisement urging users to update their Java application to display certain content. by clicking on the banner victim will be redirected to a malicious website hosting fake updates and viruses.

The website is www.my-movie-player.com normally if you will see this URL it is clear that there is no Java on similar link. Any application or file can harm your system but here attacker will redirect users to get.file2desktop.com where the actual malware hosted. this will add to the browser a toolbar and it will perform hijacking of the browser information.

6Fake Java Update 13.6 by onlinethreatalerts

If you see similar advertisement on any website you visit do not follow the link and make sure to download and update application only from official website that are tested and approved by the application owner.

Share

Malicious Facebook scam claims Tracy Morgan’s Death

Social media including Facebook are often used by scammers to promote their fake applications or malware. the problem with those type of attack that the malicious link will be shared with victim friends and allows to further circulation. over this week a new case was spotted by Malwarebytes for a hoax claiming a video for the death Tracy Morgan.

The scam is titled “[Death Video] R.I.P. Tracy Morgan died few minutes ago in hospital” when the user click on the link he will be redirected to some offers and webpages to download fake applications.

morgan1screenshot  for the video shared on Facebook sourced malwarebytes

When you see similar scam on Facebook do not click on the link and make sure to report the video as a scam. the scam may lead to infect your system and share the malicious link with your contact. if you have mistakenly clicked on the link make sure to run a full system scan with your security software and change your Facebook password.

Share