POS malware, some links to material

Posted on 27 November 2014 by Admin

Increasing number of attacks has been taken against Point of Sales devices and systems. There are several good overviews and materials on this topic, and those are revealing details of the technics used in these targeted attacks.

Main sources

Other Links

Incidents

Posted in Risk Management, Security Incidents and Cases, Security Management, Security News, Security Threats, Security Training, Awareness and Reports | Comments Off on POS malware, some links to material

Murmur, tool for simple and secure voice conference

Posted on 26 November 2014 by Admin

Murmur is an open source alternative for DIY voice conferencing using encrypted communication.

It is used especially in gaming, but it can easily be used for small working teams or for family multiparty talks.

murmur1

Plus:

  • Quick and easy to setup for LAN
  • Clients for windows (mumble) and android mobile (Plumble)
    • also for iOS
  • encrypted communication
    • digital certificates are used (can be self generated)
  • possible to record voice
  • for Windows, Linux, or OS X
  • many functions and extensions for admins (if needed)

Minus:

  • Server configuration need to be edited manually without GUI

murmur-mumble-plumble

For home users, one can use dynamic dns in order to route the connections from internet to one windows computer (where the murmur is running).
In this example, a subdomain from FreeDNS is used (it is free). In the firewall, allow both UDP and TCP.

murmur is included in the mumble installation. One can run murmur when needed, or run it as a service.

Encrypted communication

There exist pages for explaining the protocol. Both the voice and control (including chat) are encrypted by using their own protocol.

murmur2

Links

Posted in Anvanced Tools, DIY, Privacy, Smartphones, Tools | Comments Off on Murmur, tool for simple and secure voice conference

STIX, Structured Threat Information eXpression, by Mitre

Posted on 20 November 2014 by Admin

Structured Threat Information eXpression STIX is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information.

STIX Use Cases

STIX-usecases

STIX sample

This is from the training material.

STIX-sample

From samples page:

STIX Tree Viewer

One can use the tool STIX Tree Viewer from the training package.
See training material download on their training page.
StixViz.exe is included in the directory .\stix-taxii-workshop\stix\stix-viz

STIX-viewer

In the example below, 2 files were selected from the .\stix-taxii-workshop\stix\samples directory.

STIX-tree-view

from FAQ

C2. What is the relationship between STIX and CybOX?

STIX uses the Cyber Observable eXpression (CybOX™) language to describe cyber Observables. The CybOX schema is natively imported and used within STIX to characterize system and network events, characteristics, and behaviors observed within the operational domain.

C5. What is the relationship between STIX and OpenIOC?

STIX Indicators can convey non-standard Indicator patterns in formats other than CybOX using the Test_Mechanism structure. Each format must be implemented as an extension of the Test_Mechanism extension point. STIX provides a default extension for Mandiant’s Open Indicators of Compromise (OpenIOC) as well as extensions for the Open Vulnerability and Assessment Language (OVAL®), SNORT rules, and YARA rules.

Other links

  • CybOX Cyber Observable eXpression
    • standardized schema for the specification, capture, characterization, and communication of events or stateful properties that are observable in the operational domain
  • IOC Bucket
    • shared IOCs
  • TAXII Trusted Automated eXchange of Indicator Information (TAXII) is the main transport mechanism for cyber threat information represented as STIX
  • blog “Indicators of Compromise, OpenIOC and CyBOX
  • Incident vs. Indicator
Posted in ICT, ICT Standards, Security Incidents and Cases, Security Standardization and Practises, Security Threats | Comments Off on STIX, Structured Threat Information eXpression, by Mitre

Indicators of Compromise, OpenIOC and CyBOX

Posted on 20 November 2014 by Admin

Indicator of compromise IOC

IOC in computer forensics is an artifact observed on a network or in operating system that with high confidence indicates a computer intrusion.
Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs of botnet command and control centers.

OpenIOC

OpenIOC stands for Open Indicators of Compromise. OpenIOC is an extensible XML schema for the description of technical characteristics that identify a known threat, an attacker’s methodology, or other evidence of compromise. OpenIOC was created by MANDIANT.

CyBOX

Cyber Observable eXpression (CybOX) is a standardized language for representing cyber observables, whether from observation in the operational cyber domain or as patterns of observables that could be observed.

from FAQ:

A4. What is the difference between “cyber observables” and “cyber indicators”?

Cyber observables are statements of fact; they capture what was observed or could be observed in the cyber operational domain.

Cyber indicators are cyber observable patterns with relevant contextual information that provide meaning and guidance around the observable patterns, such as a registry key value associated with a known bad actor or a spoofed email address used on this date and sent to these accounts on this date.

Other links

Posted in ICT, ICT Standards, Security Incidents and Cases, Security Standardization and Practises, Security Threats | Comments Off on Indicators of Compromise, OpenIOC and CyBOX

Data Breach reports, by ITRC

Posted on 20 November 2014 by Admin

Identity Theft Resource Center (ITRC) has been tracking security breaches since 2005, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.

2005 to October November 12, 2014:

  • Total Number of Recorded Breaches = 4,912
  • Total Number of Records Exposed = 673,293,959

Categories:

  • Banking/Credit/Financial: # of Breaches: 8% # of Records: 13%
  • Business: # of Breaches: 36% # of Records: 56%
  • Educational: # of Breaches: 16% # of Records: 3%
  • Government/Military: # of Breaches: 16% # of Records: 21%
  • Medical/Healthcare: # of Breaches: 25% # of Records: 8%

Breach Reports 2014

Posted in ICT, Security Incidents and Cases, Security Threats, Security Training, Awareness and Reports | Comments Off on Data Breach reports, by ITRC

Cyber essentials

Posted on 19 November 2014 by Admin

Cyber Essentials scheme is one of the actions under the UK Government policy “Keeping the UK safe in cyber space“.

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions.

  • It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security.
  • And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Documents

Other links

  • CyberEssentials-inbigpicture
Posted in Cybersecurity, ICT Regulation, Risk Management, Security Certifications, Security Standardization and Practises | Comments Off on Cyber essentials

Data Protection Laws of the World, by DLA Piper

Posted on 10 November 2014 by Admin

DLA Piper has published a valuable information source on data protection laws.

The handbook is available online (see figure below), or directly as downloadable pdf (almost 400 pages).

dataprotectionlaws

Other links

Posted in ICT, ICT Books, ICT Regulation, Privacy | Comments Off on Data Protection Laws of the World, by DLA Piper