Tag Archive for: Secrets

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

/in


Plenty of people tried to access the system. Over the past three years, it has captured 21 million login attempts, with more than 2,600 successful logins by attackers brute-forcing the weak password they purposefully used on the system. They recorded 2,300 of these successful logins, gathered 470 files that were uploaded, and analyzed 339 of the videos with useful footage. (Some recordings were just a couple of seconds long, and proved less useful.) “We cataloged the techniques, the tooling, everything done on these systems,” Bilodeau says.

Bergeron and Bilodeau have grouped the attackers into five broad categories based on character types from the role-playing game Dungeons and Dragons. Most common were the rangers: once these attackers were inside the trap RDP session, they would immediately start exploring the system, removing Windows antivirus tools, delving into folders, looking at the network it was on and other elements of the machine. Rangers wouldn’t take any action, Bergeron says. “It’s basic recon,” she says, suggesting they may be evaluating the system for others to enter it.

Barbarians were the next most frequent kind of attackers. These use multiple hacking tools, such as Masscan and NLBrute, to brute-force their way into other computers, the researchers say. They work through a list of IP addresses, usernames, and passwords, trying to break into the machines. Similarly, the group they call wizards use their access to the RDP to launch attacks against other insecure RDPs—potentially masking their identity across many layers. “They use the RDP access as a portal to connect to other computers,” Bergeron says.

The thieves, meanwhile, do what their name implies. They try to make money out of the RDP access in any way possible. They use traffic monetization websites and install crypto miners, the researchers say. They might not earn a lot in one go, but multiple compromises can add up.

The final group Bergeron and Bilodeau observed is the most haphazard: the bards. These people, the researchers say, may have purchased access to the RDP and are using it for a variety of reasons. One person the researchers watched Googled the “strongest virus ever,”…

Source…

5 secrets only cybersecurity pros and hackers know

/in


Some security steps are common knowledge. I don’t need to remind you to install that latest update on your computer, right? 

Others are less obvious. Do you lock your computer every time you get up? Unless you live alone, you should. Here’s the easiest way to do it if you’re lazy

On your phone, you’d probably never guess leaving your Bluetooth connected 24/7 is a mistake. Here’s why — and what to do if you can’t live without your AirPods

I’ve got your back with more secrets only tech pros know to keep you safe and secure. 

DON’T USE TIKTOK? THE CHINA-OWNED SOCIAL NETWORK MAY STILL HAVE YOUR DATA.

1. See if someone is secretly getting copies of your emails 

I always get calls to my national radio show from people concerned that someone is watching everything they do.  

One of the first steps I recommend: Make sure your inbox is locked down. Here are steps if you notice or suspect any usual logins. 

Log in to your email, then go to your account or security settings. 

You’ll find an option that allows you to view your recent login activity or login history. It will be labeled something like “Recent Activity,” “Security,” or “Login History.” 

Pro tip: Use Gmail? Click the Details link next to the Last account activity at the bottom of any Gmail page. 

Review the list of recent logins. See anything that isn’t you or one of your devices? You may see a strange location, too. 

If you spot an unknown location or a device that isn’t yours, act fast. Change your password, be sure two-factor authentication is turned on, and log all devices out of your account

Are you in the middle of a breakup or recently divorced? Read through this guide to untangling your digital lives. It’s worth your time. 

2. Make sure your printer didn’t get hacked 

Like your computer, your printer is a goldmine for hackers. Why? Printers often store copies of the docs that have been printed. Any cybercriminal could get copies of sensitive information, like your financial records. 

Here are three signs your printer has been hacked: 

Your printer starts printing blank pages or a bunch of characters.  

A person works at a computer during the 10th International Cybersecurity Forum in Lille on January 23, 2018. 

A person works at a computer during the 10th International Cybersecurity Forum in…

Source…

Hands-on Mobile App and API Security – Runtime Secrets Protection

/in


old key in the forest floor on autunm

DevOps Connect:DevSecOps @ RSAC 2022

In a previous article we saw how to protect API keys by using Mobile App Attestation and delegating the API requests to a Proxy. This blog post will cover the situation where you can’t delegate the API requests to the Proxy, but where you want to remove the API keys (secrets) from being hard-coded in your mobile app to mitigate against the use of static binary analysis and/or runtime instrumentation techniques to extract those secrets.

We will show how to have your secrets dynamically delivered to genuine and unmodified versions of your mobile app, that are not under attack, by using Mobile App Attestation to secure the just-in-time runtime secret delivery. We will demonstrate how to achieve this with the same Astropiks mobile app from the previous article. The app uses NASA’s picture of the day API to retrieve images and descriptions, which requires a registered API key that will be initially hard-coded into the app.

Introduction to Some New Concepts

The last section may have introduced some new technical terms to you, and so an overview of these is below.

What is Mobile App Attestation?

This is the process of authenticating that a running instance of a mobile app is the same exact one that was uploaded to the app store. This process consists of attesting that the mobile app is not running in a compromised device, hasn’t been modified in any way, isn’t being manipulated during runtime, isn’t a target of an ongoing MitM attack, etc.

What are Runtime Secrets?

These are secrets provided to the mobile app at runtime via secure over-the-air updates from a third-party service, as they are required to make the API requests, and protected with Mobile App Attestation on retrieval and subsequent usage in the API calls.

The AstroPiks Mobile App

Now let’s look at the app we are going to use to demonstrate these principles. It’s a very simple mobile app that uses the Nasa API to show some nice pictures in a list from which you can select any and see more details about it.

The Setup

First, you need to clone the provided Github repo:

git clone –branch approov-runtime-secrets-protection https://github.com/approov/hands-on-api-proxy.git

Next, get your free NASA API key on…

Source…

Tesla files suit against former engineer for allegedly stealing Project Dojo’s secrets

/in


Tesla has filed suit against former engineer Alexander Yatskov for allegedly stealing confidential information related to the company’s Project Dojo supercomputer, which the company will be using to train its self-driving neural networks. 

According to Tesla, Yatskov downloaded confidential and tightly guarded information about Dojo on his personal devices. What’s worse is that when Tesla found out about his actions, Yatskov reportedly tried to cover his tracks by surrendering a “dummy” computer instead, which contained none of the stolen information. 

Yatskov began his tenure at Tesla as a thermal engineer in January, where he aided in the design of the Dojo supercomputer’s cooling systems. Tesla noted in its complaint that Yatskov had access to Dojo’s cooling information and other confidential information related to the neural net training supercomputer. 

Tesla stated that Yatskov had violated his non-disclosure agreement (NDA) by “removing Tesla confidential information from work devices and accounts, accessing it on his own personal devices, and creating Tesla documents containing confidential Project Dojo details on a personal computer.” The former engineer was reportedly caught sending emails with classified Tesla information from his personal email address to his work email. 

Tesla remarked that Yatskov actually admitted to storing classified information on his own devices when he was confronted by the company. He was placed on administrative leave starting April 6 and asked to bring in his devices so Tesla could recover any stolen information. Yatskov reportedly provided Tesla with a device, though the company noted that it was a “dummy” since it contained none of the stolen information. 

Yatskov formally resigned from Tesla on May 2. When asked for a comment by Bloomberg, the former Tesla engineer declined to provide a statement about the matter. Tesla, for its part, is looking to receive compensatory and exemplary damages. The company is also seeking to secure an order that would stop Yatskov from disseminating Dojo’s trade secrets

Don’t hesitate to contact us with…

Source…