with security there is no “done”

there is just constant iterations of the question:

  • is my system safe?
    • Did i leave any doors (too wide) open?
    • Am i allowing any unsafe programs/services?
    • How can i protect users and data?
    • Does my backup and restore (!!!) procedure work?
      • you should ALWAYS have one complete backup at a separate place not physically connected to your company’s network
      • Also test: how long will it take to restore the backup?
        • the more data, the slower the USB port, the longer it will take to restore
    • what services are save or not save to use from within the Company-NET?
      • What services are NO-GOs? (Mail, www, JavaScript)

Humans make mistakes and thus in Open Source just as in Closed Source concepts and software (and even hardware) there can will be bugs and flaws that can be exploited to allow malicious access to systems and data (mostly in order to exploit it for money or bitcoin mining or DDoS attacks on other hosts or sabotage (halt infrastructure, cause dataloss for quiet a significant amount of time (also hospitals can get virus infections… not funny!)).

Example: Microsoft’s File Sharing system “Server Message Block” (SMB), one version of which was also known as “Common Internet File System” (CIFS) had a (we hope not on purpose?) DESIGN-CONCEPT (!) flaw in  (SMBv1) of the protocol, which allowed the Ethernal Blue exploit to basically get into any Windows AND (!) LINUX system (samba) that was running it.

Let yourself be educated by security researches on a regular basis – to estimate – what is possible today – and maybe in the future – and do your best to stay safe.

Update your knowledge! Update your software (but before: Power down and backup,  or maybe on an identical non-production test-system to see what the update could fix but also break (yes updates do those things))

backup the backup! X-D

Events to attend:

https://www.startpage.com/do/dsearch?query=2019+Cybersecurity+Innovation+Forum+&cat=web&pl=opensearch&language=english

https://csrc.nist.gov/Events/2019

https://csrc.nist.gov/Events/2018

Germany:

https://www.it-defense.de/it-defense-2019/programm

https://www.heise-events.de/konferenzen/konferenzen_security

https://hacktoberfest.digitalocean.com/

Very General:

very general: https://www.akamai.com/de/de/about/our-thinking/state-of-the-internet-report/

https://www.akamai.com/de/de/about/our-thinking/state-of-the-internet-report/web-attack-visualization.jsp

https://www.bsi.bund.de/EN/Publications/SecuritySituation/SecuritySituation_node.html

live map:

it security Blogs / Blogger / Mailing Lists / Newsletters / rss feeds:

you can subscribe to RSS feeds via Thunderbird! 🙂

English:

https://googleprojectzero.blogspot.com/ (rss)

blog: https://krebsonsecurity.com/

newsletter: https://krebsonsecurity.com/subscribe/

https://blog.checkpoint.com/

https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/

Russian:

https://exploit.in/

https://threatpost.ru/

German:

blog: http://www.golem.de/specials/security/

Golem rss feed security: https://rss.golem.de/rss.php?tp=sec&feed=RSS2.0

blog: https://www.heise.de/security/

 

 

https://www.kuketz-blog.de/

newsletter: https://www.heise.de/newsletter/manage/heisec-summary

https://exploit.in/ (Russian)

Databases of IT Vulnerabilities: CVE: Common Vulnerabilities Exposures

https://www.securityfocus.com/

https://www.exploit-db.com/

https://cve.mitre.org/

https://kb.cert.org/vuls/

https://kb.cert.org/vuls/bypublished/desc/

https://www.metasploit.com/

https://www.cvedetails.com/

by vendor: https://www.cvedetails.com/vendor.php

nice to look at: https://nvd.nist.gov/

search/browse by product: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3A%3Aandroid

https://nvd.nist.gov/ncp/repository

https://seclists.org/fulldisclosure/2018/Dec/

https://dwaves.de/category/hacking/

https://dwaves.de/category/sicherheit-security/

https://dwaves.de/category/cybercrime/

https://dwaves.de/category/cyberwar/

in German: https://www.cert-bund.de/overview/AdvisoryShort

list of ips of malicious hosts:

https://urlhaus.abuse.ch/browse/

reads like:

Dateadded (UTC) Malware URL Status Tags Reporter
2019-04-11 18:09:06 http://foodphotography.in/v1/WVjVi-P0rfOXzLcY29… Online emotet heodo @spamhaus
2019-04-11 18:08:03 http://frtirerecycle.com/images/RseCL-SM0s9HDmN… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 18:07:03 http://gamarepro.com/plugins/tBtiE-6gQWuklmcGqE… Online emotet heodo @spamhaus
2019-04-11 18:05:04 http://gamarepro.com/plugins/jfNl-GgsP8XQkIpaSt… Online emotet heodo @spamhaus
2019-04-11 18:03:11 http://fullwiz.com.br/jbmix/xhBK-NC3rOuUWFNZiG1… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:59:04 http://further.tv/trust.myaccount.docs.biz/KSUb… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:56:06 http://g-and-f.co.jp/photobox15/fCVjp-zBv0dB1D3… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:54:04 http://gccpharr.org/assets/JNHN-rSasBmJrxmcTol_… Online emotet heodo @spamhaus
2019-04-11 17:52:09 http://gemabrasil.com/mcassab/Mqdz-QwuZNxvQgLRo… Online emotet heodo @spamhaus
2019-04-11 17:51:11 http://gamvrellis.com/MEDIA/iKlUb-ZImFSwyWl1511… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:46:37 http://gaz.cl/FhXY-lQk2ZCuhx3kUnDT_CISswsvvk-p4b/ Offline doc emotet epoch1 @Cryptolaemus1

Tools:

let’s you check if the ip you are browsing with related to any cyber security problems

https://ip.team-cymru.com/

Linux specific news and updates:

https://lwn.net/

PenTesting Service providers:

so you think you did all you can do? have yourself tested!

https://www.cirosec.de/unternehmen/wir-ueber-uns

what if your SmartPhone gets hacked and dials expensive numbers?

also checkout: “StealthCalls

congratulations to Google: The made Android the Number #1 – much to the horror of Microsoft – that tries to counter with increased lobbying. The problem of a market leader: how to stay secure – you have just become a major target that is attractive to be attacked. Android with Linux Kernel… how long will you be save?

heise: “Google fixes critical security holes” – most of them reside in Closed-Source-components of Qualcomm – that’s why there is no further detail.

videos:

https://vizsec.dbvis.de/

https://vimeopro.com/vgtcommunity/vizsec2017

https://media.ccc.de

HP FIRMWARE HACK VIA FAX! ? HP YOU MUST BE KIDDING US ALL! https://mirror-1.server.selfnet.de/CCC/congress/2018/h264-hd/35c3-9462-eng-What_The_Fax.mp4

not sure if this is real or scam: https://www.simpliv.com/search/sub-category/cybersecurity

“GREAT” – thanks to all involved!

Qualcomm but also Cisco are all US based manufacturers known to implement backdoors ON PURPOSE probably for gov agencies to spy and collect data on you – the citizen – that they are so afraid of.

“We are also having tough times with GPS: all the GPS chips found in the Android phones we support implement a secret and non-documented protocol that we just cannot figure out.” (src)

it is called: is it a bug or a feature?

deliberate security holes – now also in the Intel Management Engine

src: http://gs.statcounter.com/os-market-share#monthly-201712-201811-bar

i thought it’s a thing of the past, but now, “expensive numbers” is back!

Google and FSB, CAN YOU FIX THIS HOLE? IT ANNOYS EUROPE! THANKS 🙂

Weihnachtsabzocke Christmas Scam Teure Nummer aus dem Ausland Kazachstan Russland 0079 +79 +79 40 76 9 30 53 – nicht bestellt und doch geliefert Amazon Pakete

tweets / twitter:

 

admin