About Cheryl Biswas

Writer, reader, techie, Trekkie. InfoSec and political analyst. Keeping our world safe one byte at a time.

Diana Initiative CFP Now Open! It’s YOUR year!

Bring it! Show us what you’ve learned, what you’re made of, what you think. Last year’s virtual event was outstanding, and opened the doors for so many more attendees to submit. The Diana Initiative features a diverse speaker line-up covering a wide range of topics – why not yours! There will be multiple speaking tracks. Speakers have a choice of a 20 minute slot or a 50 minute slot. Please review the details and process below and submit your talk! For any CFP questions, email [cfp@dianainitiative.org]

Important Dates

  • Feb 15th, 2021: Call For Papers Opens
  • March 21st, 2021: First Round closes
  • April 7th, 2021: First Round notifications sent
  • May 7th, 2021: Second Round closes
  • May 22nd, 2021: Second Round notifications sent

Submission Guidelines: Papers that don’t meet these may be rejected

  1. Submission Title
  2. Speaker Name(s)
  3. Speaker Email (this is how we will contact you) Hidden from reviewers
  4. Speaker biography (150 words or less per speaker) Hidden from reviewers
  5. Abstract for your talk (200 words or less) Please refrain from including identifying information
  6. Detailed talk outline Please refrain from including identifying information
    Break your talk idea down into subheading with bullet points to provide detail on what it is, why it matters, what attendees will take away as learning or something they can apply. Show approximate speaking times for each section. Less is not more when it comes to the outline and selling your concept.
  7. Whether this would be your first speaking engagement at a conference
  8. Whether this talk has been previously given at another conference

Daily Perk 2/19/2021

Attackers can Bypass Mastercard PIN by Using it as VISA Card per The Hacker News

Oops! Security researchers found a PIN bypass attack using a chip and PIN secured VISA card without requiring the PIN. It exploits “serious” vulnerabilities that are known in the EMV contactless protocol, using an Android app in a man-in-the-middle attack that intercepts and manipulates the NFC or WiFi communications. The good news: Mastercard was notified in advance and attackers need the planets to align to pull this off. But it’s valid.

Decade-old Iranian APT Malware Still Running C&C from Dutch Data Center per Bitdefender

Gone but not forgotten. Actually still very much active and beaconing home. Iranian APT malware “Foudre” and “Tonnerre” were found operating on a server in a Dutch data center. They install a backdoor onto compromised Windows x86 and x64 machines for cyber espionage. Tonnerre is equipped for persistence, data exfil and all the spygame fun that Iranian APTs are notoriously good at.

Details of Exploit for Unpatched Internet Explorer 0-Day per Threatpost

Yes, this is that IE bug that a certain North Korean APT was using to lure security researchers in a very deceptive social engineering attack. The bug is still unpatched but security researchers with 0patch have details on where the bug exists and what triggers it. It’s described as a “double-free bug” triggered with JavaScript code and will corrupt memory in process space in Internet Explorer. No POC till there’s a patch and this could be weaponized.

Daily Perk 2/18/2021

Update to CRA email removal: 100k online accounts were suspended as a precaution when login credentials were found being sold on dark web forums. No breach.

SolarWinds Update: per Bleeping Computer’s article today, the SolarWinds attackers could get access to source code for some components used by Azure, Intune and Exchange. It could lead to gaining API keys, credentials and security tokens embedded in the source code. I’ll just leave that with you 😲

US Charges Three North Korean Hackers over $1.3 Billion Cryptocurrency Heist per The Hacker News

This is significant because North Korea has shifted its targets to cryptocurrency and exchanges to make some coin – bitcoin. Assistant Attorney General John C. Demers summed it up best:

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers”

But remember – this is a nation equipped with and prepared to use destructive malware and are motivated by revenge as well as finances.

Daily Perk 2/17/2021

Missed you all! Sending wishes for warmth and safety to all those in the south without power

CRA Locks Online Accounts Amid Investigation, Leaving Users Worried per CBC News

Since yesterday a growing number of Canadians are reporting being locked out of their accounts for Canada Revenue’s online platform, with the message their email address has been removed. That is disturbing because that can be a preliminary safety measure in response to an information leak or attempted hack. More disturbing if it is issued with no further explanation and tax season is upon us. The CRA has said this is not a breach but is a security precaution “in the context of ongoing investigative work”and that those users locked out will receive a letter by regular mail to help them unlock their account. And unfortunately it seems there is no getting through on the phone lines 😞

Now, the CRA had a breach involving CERB payments fraud last August and did the same thing, shutting down online services, before announcing it. Precedent?

Tracker Pixels in Emails Now an Endemic Privacy Concern per ZDNet

Spy pixels are tracking pixels or web beacons that hide in the content of an email, tiny image files that just blend right in. So when the recipient opens the email, the tracking pixel is automatically downloaded. Great for marketers and business to measure customer engagement but awful for privacy. Users can prevent them from triggering by not configuring browsers to prevent or not allow images to automatically upload.

I am not a marketer and I have a decidedly different view on privacy because I do security for a living. That said, I have had concerns about the use of trackers in emails for sometime, and it’s only getting worse. When I see “automatically downloads” I think of how attackers enable macros and malware, steganography tactics. Call me paranoid.

Happy Valentine’s Day to me!

https://www.amazon.com/This-They-Tell-World-Ends/dp/1635576059/ref=sr_1_1?dchild=1&keywords=nicole+perlroth&qid=1613358035&sr=8-1

Nicole Perlroth is currently a cybersecurity reporter with the New York Times. This book has been years in the making, a history of dark secrets that are rarely divulged, let alone recorded, about cyber arms deals. A history of and cautionary tale on the development of the cyber weapons industry, with America at the center of things.

Now, I have strange tastes in bedtime stories. For years, “Countdown to ZeroDay”, the fabulous history on Stuxnet by Kim Zetter, has been my favourite. Seriously, I did read it to my kids. They’ve sadly outgrown bedtime stories but I haven’t and this book by Nicole Perlroth has everything I could ask for: dark topics, disturbing truths, and echoing thoughts I’ve expressed to the disbelief or disinterest of others (I wasn’t paranoid enough lol)I’ll be sharing tasty morsels as I make my way through.

“Russian hackers made a blood sport of hacking anyone and anything in Ukraine with a digital pulse”

Nicole perlroth

Daily Perk 2/12/2021

Ransomware Attacks Aim Higher at SaaS and Cloud per Dark Reading

Ransomware operators are following that mass migration to the Cloud. Researchers at RiskSense released a report showing a shift in targets to move up the stack, tracking data-dense applications and software as a service, web frameworks and open source tools.

Ransomware attacks are also affecting perimeter technologies, which include VPNs, remote access services and zero trust. And for that initial access, a reported 125 active Ransomware groups are leveraging some critical vulnerabilities, 124 CVEs with active exploits, to gain RCE and privilege escalation. These tactics bypass the need to engage a user. Read the RiskSense report for more details.

Cloud-Native Apps and Supply Chain Security per Dark Reading

Which segues to this topic. The modern programming languages we use are modular, with interchangeable blocks or plugins to provide key functions for text, networking or doing math. The code is shared and available through open source repositories and platforms like GitHub. Per the article, 99% of codebases have components from open source and as much as 70% of code used by enterprises comes from open source.

Welcome to the realities of Third party code, and security issues have become headlines. It’s compromised in Magecart attacks. It’s a conduit for attackers to poison and distribute their malware downstream. Fact is, the flaws and vulnerabilities in that code are now in the attackers’ sights. “The inventory, version and configuration of services in a cloud environment should be looked at as part of the supply chain, including the scripts used by DevOps to provision them”.

Daily Perk 2/11/2021

TrickBot Update: per Bleeping Computer.

TrickBot has levelled up again, this time making its well-equipped BazarBackdoor malware even more evasive but writing it in the Nim programming language, specifically the backdoor component. As conventional AV won’t be looking for this more obscure language just yet, don’t let it slip on in.

Military, Nuclear Entities Under Target by Novel Android Malware per Threatpost

More surveillance malware targeting Android users, the vast majority of mobile users. This malware can severely compromise a user’s safety by accessing SMS messages and encrypted messages from WhatsApp (widely used) as well as geolocation. People everywhere rely on encrypted messaging services and the ability to shield their location for personal protection. Attackers learn from each other and copy what works. Lessons in here to extrapolate and apply more broadly.

Impressive work by Lookout security researchers linking the surveillanceware to APT group Confucius in their latest report.

Daily Perk 2/10/2021

Patch Tuesday Quick Hits: 56 just from Microsoft. 3 critical and high severity TCP/IP bugs that are magnets for exploit. Two for .NET framework which are manual patches. And the critical one for WindowsDNS server. May the patching gods smile upon you

Dependency Confusion: How I Hacked into Apple, Microsoft and Dozens of Other Companies by Alex Birsan on Medium

We live in an increasingly interconnected digital world, where relationships and connections need to be understood and monitored at the system level, up through business and personal levels. Trust but verify. Attackers will be actively seeking out dependency vulnerabilities, leverage automated downloads and target open source repositories.

With automation, trust and expectation are bigger factors than we realize. Security researchers Alex Birsan and Justin Gardner highlight “Dependency Confusion” and how this can become something we missed.

Daily Perk 2/9/2021

WordPress Advisory: Critical vulnerability found in NextGen Gallery plugin. Cross-site request forgery and potential remote code execution will lead to more than tears. Over 800k installs out there and 530k still need to patch.

Security Gaps in OT Exposed With Hacker Attempt to Poison Florida City Water per SC Media

Let this serve as more than just a cautionary tale because next time the consequences could be deadly. An unknown attacker gained remote access and tried to increase the quantity of sodium hydroxide, or lye, in the water treatment plant. Apparently the specialized ICS and SCADA systems running the plant were “outdated, unpatched and available for review on the internet, leaving them incredibly vulnerable to compromise.”

ICS and SCADA were not designed to be internet-facing, so that when facilities using them get set up online, the necessary security, monitoring and controls are not in place. It’s easy for attackers to scan for and find exposed instances, increased by the need for remote work.

Attacks on critical infrastructure have increased over the past year, either as a crime of opportunity by low-level attackers or by highly targeted attacks by nation states, such as Iran’s attack on Israeli water systems in 2020.