“Have you ever downloaded and installed a large Android application that had very few actual UI elements or functionality? Recently, FireEye Labs mobile security researchers have discovered a new kind of mobile malware that encrypts an embedded Android application with an attachment in an asset folder – concealing all malicious activities within a seemingly benign application.”
Page 2 of 3
Is there already a war happening between Russia and Ukraine?
Strategic Analysis: As Russia-Ukraine Conflict Continues, Malware Activity Rises | FireEye Blog.
Here’s an interesting analysis of malware callbacks based on country. Are Russia and Ukraine involved in a “Cyber War”?
A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access Corporate Data – Aorato
This is interesting. Not much we can do about it, but important to understand.
A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access Corporate Data – Aorato.
Understanding Role Based Access Control: Advanced Concepts
This hits the nail on the head – “There are many systems which contribute to roles and privileges, so what may seem basic in theory is often quite complex in practice.”
Securosis Blog | Understanding Role Based Access Control: Advanced Concepts.
xkcd: Heartbleed Explanation
A Little Bird Told Me: Personal Information Sharing in Angry Birds and its Ad Libraries | FireEye Blog
This is a really good analysis of what a mobile app is collecting and sharing.
Alarm Overload
While the title of the linked article is clearly link bait, the message is very important. We talk so much about logging everything that we forget that we actually need to pay attention to that stuff. It’s easy to check off the compliance box that says “centralized logging”, but it’s much harder to actually do something useful with that information.
This comes up almost every time I teach a class. If you’re never going to look at it, is it really worth spending all that time and money to build a logging system? You might as well just dump those logs to /dev/null and be done with it. At least that way you won’t look bad when the forensic results show that you missed 60,000 alarms.
Of course, the most prudent solution is a happy medium. Maybe that includes having your own SIEM and staffing it with trained people 24×7. It could be outsourcing the management and monitoring of the system. Regardless, there is a goldmine of valuable information in those logs and alerts, make sure someone is able and willing to take the appropriate action when needed.
“In the case of the BP Oil rig disaster in the Gulf of Mexico in 2010, it was discovered that an alarm to warn of explosive gas has been intentionally disabled. A crash on the Washington Metro system a year earlier, which killed nine people, happened partly because train dispatchers were overwhelmed by extraneous notifications. Similarly, much has been written about hospitals that are grappling with the massive quantities of alarms that are generated by a wide variety of sensors. Hospital alarms are crucial – they provide notifications of a patient’s condition but only a small percentage of such alarms are issued for new, clinically significant changes.”
via How the Target Breach and the Malaysian Flight MH370 Mystery are Related | The State of Security.
Want to Know How a RAT Works?
This article does a really good job of breaking down a common Remote Access Trojan (RAT). If you’ve never seen a deep dive like this I highly recommend you take a look.
XtremeRAT: Nuisance or Threat? | FireEye Blog.
Friends Don’t Let Friends Mix XSS and CSRF – from The State of Security
This is a good article that explains the difference between cross site scripting attacks and cross site request forgery attacks.
Friends Don’t Let Friends Mix XSS and CSRF | The State of Security.
Troy Hunt: Here’s how Bell was hacked – SQL injection blow-by-blow
Here’s an excellent real-world example of a SQL injection attack. Article courtesy Troy Hunt, pathetic web development by Bell Canada.
Troy Hunt: Here’s how Bell was hacked – SQL injection blow-by-blow.