Atom Bombing

Three ways to protect yourself

David Biser

November 10, 2016 - Posted by David Biser to Security News

Atom Bombing

If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.

Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details. 

For the purposes of this blog, I am... read more >

Hacks Targeting Voting Machines

Hack the vote blog series: part 3

Chris Camejo

November 08, 2016 - Posted by Chris Camejo to Security Insight

Voting Machine

We reiterate that there have been no known malicious attacks against voting machines actively being used in an election in the United States. This doesn’t mean that such attacks aren’t possible, but simply that it hasn’t happened yet (or if it has happened nobody has noticed). Still, we should take the attacks against political parties and the voter rolls as a warning that somebody is interested in affecting U.S. elections.

As long as electronic voting machines have been around there have been security researchers finding vulnerabilities in them including one disclosed yesterday, the day before the election. The primary concern is that with the move to electronic voting systems the votes and even the ballots themselves are just bits in a database that can be easily flipped. It has become much more feasible for a malicious actor to have a large impact than in the days of paper ballots. While these technical vulnerabilities are a threat and should be... read more >

Malware Analysis in CRITs

Configuring Triage and Uploading Samples

Jacob Faires

November 03, 2016 - Posted by Jacob Faires to Security Insight

CRITs (Collaborative Research Into Threats) is a threat analysis platform that helps manage and track malicious actors, campaigns, and samples. Getting everything installed for CRITs can be a bit of a task, but the process is getting better. NTT Security has recently been using CRITs to aid in the analysis process. Setting up CRITs for triage is fairly straightforward. Today, I’m going to walk you through the configuration process.

Configure for Triage

Malware triage is the assessment of malware to determine severity and priority. Triage generally entails basic analysis of a sample in order to ascertain its nature and intent.

To configure triage in CRITs, access the Settings menu from the gear in the top left corner of the screen, and select Services under the CRITs Control Panel drop down.

... read more >

The Thief

#WarStoryWednesday

Tim Roberts

November 02, 2016 - Posted by Tim Roberts to Security Insight

Clipboard Assessment Background

Earlier this year, a friend (5tubb0rn) and I toyed around with some ideas at a local hacker workspace. I had been using a Proxmark/BishopFox build to steal proximity badges during some of our Professional Security Services on-site Social Engineering Assessments and covert Physical Security Assessments. The Proxmark/BishopFox build was handy in that I didn’t have to bump into anyone in order to snag their badge for replication. The only problem I’ve had with this device is the size – it is a garage badge reader after all, and about the size of a laptop. There are smaller devices out there but we wanted to create something from scratch, utilizing a Raspberry Pi and some plug-and-play sensors that could be easily hidden by someone in the guise of a contractor. So, the two of us came up with a... read more >

Our Continuously Connected Lives: What’s Your “Apptitude”?

To UPnP or not to UPnP

Jeremy Scott

October 27, 2016 - Posted by Jeremy Scott to Security Insight

To UPnP or not to UPnP

As the internet has changed, so have our lives. We no longer just dial up to find that “you’ve got mail,” instead we stay constantly connected through our phones, tablets, and computers. We are now in the age of never leaving home without a device, and being connected to the internet at all times. Some can’t even imagine going out of range.

These devices that are with us at all times are our own personal Internet of Things (IoT). IoT devices can be baby monitors, home entertainments systems, home security systems, or even a refrigerator fully equipped with a video camera so we can check whether we have milk or not.

Vance Baker presented us with Introduction to Internet of Things (IoT) Security earlier this year that provides some really good advice for creating a safe IoT environment. I know what you may be saying: “If I follow the advice given,... read more >

Hacks Targeting Voter Rolls

Hack the vote blog series: part 2

Chris Camejo

October 25, 2016 - Posted by Chris Camejo to Security Insight

Voter Rolls Hacking

At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?

So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >

The NTT Security SERT Q3 ‘16 Threat Intelligence Report

Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.

Danika Blessman

October 20, 2016 - Posted by Danika Blessman to Threat Intelligence

SERT Threat Report Q3 2016

The NTT Security SERT (Security Engineering Research Team) released its Q3 ‘16 Threat Intelligence Report today.

During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.

NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.

... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS