Tag: Web’ | Page 11

Portugal investigates dark web sale of classified NATO documents – EURACTIV.com

September 14, 2022/in Computer Security

Portugal’s public prosecutor’s office is investigating a cyberattack against the Armed Forces General Staff in which classified NATO documents were extracted and put up for sale on the ‘dark web’, the Attorney General’s Office said on Tuesday.

“The establishment of an enquiry is confirmed. It is led by the public prosecutor’s office of the Central Department of Investigation and Prosecution (DCIAP),” the Attorney General’s Office told EURACTIV’s media partner Lusa.

According to the Portuguese newspaper Diário de Notícias, the government was informed of the situation last week by the US intelligence services, via the embassy in Lisbon, through a communication that was reportedly made directly to Prime Minister António Costa in August.

The same newspaper mentioned that this case was considered “extremely serious” and that US cyber spies had detected “for sale on the ‘dark web’ hundreds of documents sent by NATO to Portugal, classified as secret and confidential.”

The Defence Ministry said it was already investigating “all signs of a potential breach of computer security” and claimed the “sensitivity” of the proceedings meant further comment was not appropriate.

In a statement, the ministry said that the investigations are conducted by the National Security Office, “with which the ministry of defence and the armed forces work in close coordination.”

Among the functions of the National Security Office is to “ensure the security of classified information within the national framework and international organisations to which Portugal is a party” and exercise “the function of accreditation authority for natural or legal persons to access and handle classified information.

(Fernando Carneiro/Lusa.pt)

Source…

DIY Web Attacks Might Still Live on via WebAttacker

September 9, 2022/in Computer Security

Age is rarely an issue when it comes to malware campaigns, and that’s certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20.

While you may think it’s no longer active, our research could suggest otherwise. An in-depth look at three email addresses belonging to the WebAttacker operators revealed these findings.

Close to 350 domains were registered using email addresses identified as indicators of compromise (IoCs).
The domains registered with the email addresses were created between 2011 and 2022.
The domains resolved to more than 130 IP addresses.
The IP addresses were spread out across more than a dozen countries.

A sample of the additional artifacts obtained from our analysis is available for download from our website.

Old but Potentially Not Dead

We began the investigation by using the email addresses belonging to the WebAttacker operators as reverse WHOIS search strings. That led to the discovery of 346 domains registered between 2011 and 2022, at least five years after the exploit kit was made available in cybercriminal underground markets. The domain registration peaked in 2021.

Several of the domains look as if they were randomly generated, such as:

ggssg[.]com
sssffvv[.]com
mmzzaa[.]com
ccpppd[.]com
ppoomm[.]com
ppqqd[.]com
ffggll[.]com
ppssbb[.]com
ddssdd[.]com
hhddn[.]com

A few of them also led to what look to be business sites, specifically rental web pages, based on screenshot lookups.

A bulk Threat Intelligence Platform (TIP) malware check, however, showed that only one domain—ddgcc[.]com—was tagged “malicious” by various malware engines. This web property is currently up for sale, so users looking for a domain for their businesses may want to be wary.

DNS lookups for the domains showed that they resolved to 135 IP addresses spread out over a dozen countries. A majority of them were geolocated in the U.S., followed by China, Canada, Germany, Japan, and South Africa.

Interestingly, while only one domain was dubbed “malicious,” 12 of the IP…

Source…

10 common developer misconceptions about web application security

September 2, 2022/in Internet Security

Where it all begins: The troubled relationship between software innovation and security

Software development is all about making things work and creating new functionality that solves problems and unlocks new possibilities. That creative buzz is part of the appeal of web development – and yet Invicti research shows that 32% of web developers spend at least five hours a day addressing security issues. All too often, inefficient communication and inadequate tools reduce cause developers to treat security-related requests as a chore and distraction that has no clear reason and brings no visible results. This mistrust is reinforced by common misconceptions about web application security – many not exclusive to developers.

Misconception #1: Security is not a development problem

Reality: Application security is a crucial part of modern web development, especially as you move towards DevSecOps.

Let’s start with the mother of all application security misconceptions: that security is someone else’s problem. Whether you’re putting your trust in tools, external systems, or the security team, it’s tempting to put security out of mind and focus only on building software. In reality, web applications are now so complex and can be attacked in so many ways that the only way to truly secure them is to make security everyone’s business – starting but also ending with development. After all, whenever vulnerabilities are found in your custom web applications, the fix requests eventually end up in development, so efficiently dealing with them as they arrive is crucial to avoid bottlenecks and prevent professional burnout.

Misconception #2: Our web framework takes care of security

Reality: A good quality framework can prevent many security flaws but is nowhere near enough on its own.

Web frameworks and libraries have revolutionized development, providing the scaffolding to build production sites and applications using only a fraction of the time and resources that it would take to develop from scratch. Choosing a framework with a solid security record is a must as it helps you entirely avoid some classes of technical vulnerabilities – but only some classes, and only when using…

Source…