BSidesNOVA 2019, Track 2, JD Work's 'Torn Flags' →
Reconsidering Models Of Adversary Denial & Deception Tradecraft In Current And Future Offensive Cyber Operations
Buckeye'd
Astounding flaws, reported by both Symantec and Ars Technica... What happended to OpSec? As importantly: The true ramifications for our country are yet unknown... Unless of course, this and other 'leaks' of the same or similar ilk - are, in fact - structured information operations of the highest caliber. Crafted to ensnare the miscreant espionage bounders wandering amongst us... You be the judge.
Key Findings
- The Buckeye attack group was using Equation Group tools to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak.
- Variants of Equation Group tools used by Buckeye appear to be different from those released by Shadow Brokers, potentially indicating that they didn't originate from that leak.
- Buckeye's use of Equation Group tools also involved the exploit of a previously unknown Windows zero-day vulnerability. This zero day was reported by Symantec to Microsoft in September 2018 and patched in March 2019.
- While Buckeye appeared to cease operations in mid-2017, the Equation Group tools it used continued to be used in attacks until late 2018. It is unknown who continued to use the tools. They may have been passed to another group or Buckeye may have continued operating longer than supposed. - via Symantec Corporation's Threat Intelligence Blog
TikTok , Privacy's Greatest Enemy?
Read The Telegraph's Robin Pagnamenta's superbly-written piece on TikTok - how the company poses an ostensibly larger and insidious vectored privacy threat as compared to the measly annoyance propagated by Facebook Inc. (NASDAQ: FB); only with a People's Republic of China veneer (and counting amongst it's investors United States based KKR (retired United State Army General David H. Petraeus is a member of the management team at KKR) and Japan - based Softbank Technology Corporation (NASDAQ SFBTF) ). Today's MustRead.
'The Telegraph’s Robin Pagnamenta argues TikTok and its parent company pose a far greater global security concern for Western economies than Chinese telecommunications equipment giant Huawei Technologies. ByteDance’s suite of apps, Pagnamenta warns, “are hoovering up oodles of data on hundreds of millions of foreigners – British, American, Brazilian and Indian – many of them children.' -via Fortune Magazine's Clay Chandler and Eamon Barrett
BSidesNOVA 2019, Track 2, Joel Gray's 'Social Forensication' →
BSidesNOVA 2019, Track 2, Beth Lancaster's 'Multitasking Host Forensics' →
BSides NoVA 2019, Track 1, Allan & Bruce Liska's 'Hanlon's Razor & BGP Hijacking' →
Meanwhile, In Iran: A Doxing Story
The Doxing of the Iranian cybercriminals is evidently ongoing. The story so far, via Andy Greenberg, writing for Wired Magazine. Enjoy! h/t
"We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks," read the original message posted to Telegram by the hackers in late March. "We hope that other Iranian citizens will act for exposing this regime’s real ugly face!" - via Andy Greenberg, writing for Wired Magazine
BSides NoVA 2019, Track 1, Brandon Mitchell's 'Containing Security Vulnerabilities With Containers' →
BSides NoVA 2019, Track 1, Matthew George's 'Domain Fronting FTW!' →
BSides NoVA 2019, Track 1, Bryson Bort's 'No IOUs With IOT' →
BSides NoVA 2019, Track 1, Ian Coldwater' 'PM Keynote' →
BSides NoVA 2019, Track 1, Jeffrey Blevins' 'Communicating Just Like Captain Picard' →
Latest Data Loss Outrage
Chris Morris - writing at Fortune, harsh's my mid-week mellow with a report on the latest data loss outrage. Bad news for oldster's, given that (reportedly) the database contains data on 40+ year olds and older. h/t
"Among the data included on the 24 GB database is people’s full names, full street addresses, marital status, date of birth, income bracket, home ownership status and more. (Information such as income, dwelling type and gender is coded.)..." "Ran Locar and Noam Rotem of VPNMentor discovered the database and say they believe it is the first time a breach of this size has included such detailed information." via Chris Morris, writing for Fortune, files a wel crafted report detailing this data loss