Tag: Naked | Page 2 | SpinSafe

Tag Archive for: Naked

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond – Naked Security

December 30, 2022/in Computer Security

It’s the last regular working weekday of 2022 (in the UK and the US, at least), in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year…

…so you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What You Simply Must Know About Next Year (Based On The Coolest Stories Of The Year) thinly-disguised-as-not-a-listicle listicle.

After all, even technical writers like to glide into holiday mode at this time of year (or so we have been told), and nothing is quite as relaxed and vacationistic as putting old wine into new skins, mixing a few metaphors, and gilding a couple of lilies.

So we decided to do something almost, but not quite, entirely unlike that.

Those who cannot remember history…

We are, indeed, going to look forward by gazing back, but – as you might have guessed from the headline – we’re going to go further back than New Year’s Day 2022.

In truth, that mention of 33 1/3 is neither strictly accurate nor specifically a tribute to the late Lieutenant-Sergeant Frank Drebbin, because that headline number should, by rights, have been somewhere between 34.16 and 34.19, depending on how you fractionalise years.

We’d better explain.

Our historical reference here goes back to 1988-11-02, which anyone who has studied the early history of computer viruses and other malware will know, was the day that the dramatic Internet Worm kicked off.

This infamous computer virus was written by one Robert Morris, then a student at Cornell, whose father, who also just happened to be called Robert Morris, was a cryptographer at the US National Security Agency (NSA).

You can only imagine the watercooler gossip at the NSA on the day after the worm broke out.

In case you’re wondering what the legal system thought of malware back then, and whether releasing computer viruses into the wild has ever been considered helpful, ethical, useful, thoughtful or lawful… Morris Jr. ended up on probation for three years, doing 400 hours of community service, and paying a fine of just over $10,000 – apparently the first person in the US convicted under the Computer Fraud and Abuse Act.

The Morris…

True crime stories – A day in the life of a cybercrime fighter [Audio + Text] – Naked Security

December 29, 2022/in Internet Security

Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure.

[MUSICAL MODEM]

PAUL DUCKLIN. Welcome to the Naked Security podcast, everybody.

This episode is taken from one of this year’s Security SOS Week sessions.

We’re talking to Peter Mackenzie, the Director of Incident Response at Sophos.

Now, he and his team… they are like a cross between the US Marine Corps and the Royal Navy Special Boat Service.

They go steaming in where angels fear to tread – into networks that are already under attack – and sort things out.

Because this episode was originally presented in video form for streaming, the audio quality isn’t great, but I think you’ll agree that the content is interesting, important and informative, all in equal measure.

[MORSE CODE]

[ROBOT VOICE: Sophos Security SOS]

DUCK. Today’s topic is: Incident response – A day in the life of a cyberthreat responder.

Our guest today is none other than Peter Mackenzie.

And Peter is Director of Incident Response at Sophos.

PETER MACKENZIE. Yes.

DUCK. So, Peter… “incident response for cybersecurity.”

Tell us what that typically involves, and why (unfortunately) you often need to get called in.

PETER. Typically, we’re brought in either just after an attack or while one is still unfolding.

We deal with a lot of ransomware, and victims need help understanding what happened.

How did the attacker get in?

How did they do what they did?

Did they steal anything?

And how do they get back to normal operations as quickly and as safely as possible?

DUCK. And I guess the problem with many ransomware attacks is…

…although they get all the headlines for obvious reasons, that’s often the end of what could have been a long attack period, sometimes with more than one load of crooks having been in the network?

PETER. Yes.

I describe ransomware as the “receipt” they leave at the end.

DUCK. Oh, dear.

PETER. And it is, really – it’s the ransom demand.

DUCK. Yes, because you can’t help but notice it, can you?

The wallpaper has got flaming skulls on it… the ransom…

0-days, RCE bugs, and a curious tale of signed malware – Naked Security

December 13, 2022/in Computer Security

Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days…

…and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval.

For a threat researcher’s view of the Patch Tuesday fixes for December 2002, please consult the Sophos X-Ops writeup on our sister site Sophos News:

For a deep dive into the saga of the signed malware, discovered and reported recently by Sophos Rapid Response experts who were called into deal with the aftermath of a successful attack:

And for a high-level overview of the big issues this month, just keep reading here…

Two zero-day holes patched

Fortunately, neither of these bugs can be exploited for what’s known as RCE (remote code execution), so they don’t give outside attackers a direct route into your network.

Nevertheless, they’re both bugs that make things easier for cybercriminals by providing ways for them to sidestep security protections that would usually stop them in their tracks:

CVE-2022-44710: DirectX Graphics Kernel Elevation of Privilege Vulnerability

An exploit allowing a local user to abuse this bug has apparently been publicly disclosed.

As far as we are aware, however, the bug applies only to the very latest builds (2022H2) of Windows 11.

Kernel-level EoP (elevation-of-privilege) bugs allow regular users to “promote” themselves to system-level powers, potentially turning a troublesome but perhaps limited cybercrime intrusion into a complete computer compromise.

CVE-2022-44698: Windows SmartScreen Security Feature Bypass Vulnerability

This bug is also known to have been expoited in the wild.

An attacker with malicious content that would normally provoke a security alert could bypass that notification and thus infect even well-informed users without warning.

Bugs to watch

And here are three interesting bugs that weren’t 0-days, but that crooks may well be interested in digging into, in the hope of figuring out ways to attack anyone who’s slow at patching.

Remember that patches themselves often unavoidably give attackers clear hints on where to start looking, and what sort of things to…

Chrome fixes 8th zero-day of 2022 – check your version now – Naked Security

November 27, 2022/in Internet Security

Google has just patched Chrome’s eighth zero-day hole of the year so far.

Zero-days are bugs for which there were zero days you could have updated proactively…

…because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published.

So, the quick version of this article is: go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome, and check that you have version 107.0.5304.121 or later.

Uncovering zero-days

Two decades ago, zero-days often became widely known very quickly, typically for one (or both) of two reasons:

A self-spreading virus or worm was released to exploit the bug. This tended not only to draw attention to the security hole and how it was being abused, but also to ensure that self-contained, working copies of the malicious code were blasted far and wide for researchers to analyse.
A bug-hunter not motivated by making money released sample code and bragged about it. Paradoxically, perhaps, this simultaneously harmed security by handing a “free gift” to cybercriminals to use in attacks right away, and helped security by attracting researchers and vendors to fix it, or come up with a workaround, quickly.

These days, the zero-day game is rather different, because contemporary defences tend to make software vulnerabilities harder to exploit.

Today’s defensive layers include: additional protections built into operating systems themselves; safer software development tools; more secure programming languages and coding styles; and more powerful cyberthreat prevention tools.

In the early 2000s, for instance – the era of super-fast-spreading viruses such as Code Red and SQL Slammer – almost any stack buffer overflow, and many if not most heap buffer overflows, could be turned from theoretical vulnerabilities into practicable exploits in quick order.

In other words, finding exploits and “dropping” 0-days was sometimes almost as simple as finding the underlying bug in the first place.

And with many users running with Administrator privileges all the time, both at work and at home, attackers rarely needed to find ways to chain exploits together to take…

Archives