WannaCry: The North Korea Debate

WannaCry: The North Korea DebateResearchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.Symantec this week doubled down on its theory that the epic WannaCry ransomware worm was the handiwork of hackers out of North Korea, but some security experts dismiss any connection to the DPRK.
WannaCry, which infected some 230,000 machines in 150 countries yet generated only about $110,000 in ransom since its launch on May 12, according to data from Trend Micro, was more of a loud wakeup call about the potential for a ransomware epidemic than it was a massive event. Though hospitals in the UK were the initial high-profile victims of the attacks and nations such as Russia suffered the brunt of the infections, overall, WannaCry’s rapid-fire worm ultimately fizzled.
Attribution, especially with nation-state actors, is always a dicey practice: these attackers tend to be masters of disguise and false flags. But North Korea’s nation-state cyber operations became a possible suspect in WannaCry early last week when famed Google researcher Neel Mehta, and then Kaspersky Lab, Symantec, and BAE, voiced strong suspicions of a link to the infamous North Korean Lazarus Group after spotting the conspicuous use of Lazarus code in WannaCry.
Researchers from Symantec now say they have more evidence that the North Korean Lazarus Group launched WannaCry, but with the caveat that the attack campaign was not a North Korea government-sponsored campaign. Other security firms, including Kaspersky Lab, still point at ties with the Lazarus Group, which was behind the massive 2014 breach of Sony Pictures. FireEye has “moderate confidence” that the attackers behind WannaCry are North Korean, notes John Hultquist, manager of the cybersecurity analysis team at FireEye.
Researchers traced a link between WannaCry and the Lazarus Group back to a February 2017 WannaCry cryptor sample that very closely resembles a malware sample from the Lazarus Group two years before.
Vikram Thakur, principal researcher manager at Symantec, says researchers at his firm studied further the technical crumbs from that earlier, non-worm outbreak of WannaCry as well as the recent worm-spread attack; they found enough overlap between the tools and code used to tie together the attack groups. “There’s a decent amount of code overlap we see that can’t be duplicated by copycats. It would require someone with access to the original source code, along with the Lazarus tools,” Thakur says.
But the attackers didn’t run WannaCry like a full-blown nation-state campaign, according to Symantec. “We don’t believe WannaCry was the work of a nation-state,” Thakur says. WannaCry didn’t target the usual nation-state victims, nor did it operate as smoothly and effectively as a nation-state attack.
Security-Frontline-安全前线
“They had buggy code on May 12,” which was fixed 13 hours later, he says, and they weren’t targeting intellectual property nor did they have a sustainable or effective monetization channel.
So how could it both be the Lazarus Group yet not the North Korean government? The attackers could have been a rogue element of the Lazarus Group trying to make some money, for example, or a defector from the group that still had access to the source code, Thakur suggests. North Korea’s Lazarus hacking group has not targeted regular Internet users in the past: “They’ve gone after organizations, or intellectual property,” he says. “That’s the reason that the likelihood of it being a nation-state attack is very, very low.”
Symantec points to three pieces of malware discovered on WannaCry victim machines that are linked to Lazarus: Trojan.Volgmer and two variants of Backdoor.Destover, the disk-wiping tool used in the Sony Pictures attacks. The big “‘a-ha’ moment,” Thakur says, was connecting the dots between the malware used to plant WannaCry.
“We had a tool responsible for putting WannaCry on the machine, and that tool had similarities with Lazarus,” the so-called Alphanc Trojan used to spread WannaCry in the March and April attacks, he notes. It’s also a morphed version of a Lazarus tool calledBackdoor.Duuzer.
Another Trojan, Bravonc, uses the same IP addresses for its command-and-control as Duuzer and Destover, and has common code obfuscation methods as WannaCry and another Lazarus tool. Symantec also found shared code in WannaCry and a Lazarus backdoor called Contopee.
Even with Symantec’s newly discovered clues, not all security firms are sold on the North Korea connection. Mike Oppenheim, global research lead with IBM X-Force IRIS, says while they’re is indeed code overlap between WannaCry and the Lazarus Group’s backdoor malware, that’s not enough to confirm a connection right now. “More evidence beyond this single piece of data will be required before attribution is possible,” he says. “The Lazarus Group malware has been widely discussed and publicized in recent years and it is possible that whoever is responsible for WannaCry had access to the same source code.”
Ross Rustici, senior manager of intelligence research at Cybereason and an East Asia expert, says a more likely scenario is a wanna-be cybercriminal behind WannaCry. “It’s plausible you had an aspiring cybercriminal start pulling at tools, and came across the Lazarus SMB worm” used in the Sony attack, he says. “They propagated the worm with the code, but didn’t think through the implications of what that would do.”
He doesn’t believe it’s North Korea because news of the ransomware attacks overshadowed North Korea’s missile launch that following weekend. “That’s out of cycle from a messaging standpoint,” Rustici says. And a splinter group or rogue actor in North Korea would be taking a huge risk of physical harm because the nation keeps close tabs on its cyber program and people, according to Rustici.
“WannaCry was sloppy” and used poor coding infrastructure, he says. “The way they decrypted was amateurish and it doesn’t have the hallmarks and tactics of professional hackers.”
The problem with attribution is that it requires more than malware connections, says John Bambenek, manager of threat intelligence systems for Fidelis Cybersecurity. “It could be DPRK, or it could be Shadow Brokers, or a close associate, who wants to make it look like them. They were good enough to steal the Equation Group tools; surely they can mix in some Lazarus tools just for fun,” he says.
WannaCry for a Long Time
WannaCry is the gift that keeps on giving: like any mass malware epidemic, infected machines will remain so for months and possibly years. The payload-less Conficker worm from 2008 is a prime example of how old malware dies hard: it’s still spreading and living on Windows machines around the globe.
The attackers behind WannaCry have been spotted trying to resurrect it, and copycats and new variants are exploding. Security firm Trustlook has identified 386 different malware samples that contain the WannaCry ransomware.
The good news, of course, is that it was nowhere near as destructive as it could have been, and it served as a wakeup call for organizations worldwide. Victims patched WannaCry on average within 18 days: that’s 100 days more quickly than other emergency patching events, according to Qualys.
More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.
Meantime, while some researchers drill down into the code to find clues of the attackers, other security experts maintain that it’s more about the cleanup and lessons learned from WannaCry than who unleashed it.
“It’s going to be an enigma for a long time,” Cybereason’s Rustici says. “We’re not likely to have really solid answers in attribution near-term that’s a smoking gun. It’s going to stay a mystery for a while.”
Related Content:
WannaCry Hit Windows 7 Machines Most
5 Security Lessons WannaCry Taught Us the Hard Way
WannaCry: Ransomware Catastrophe or Failure?
WannaCry’s ‘Kill Switch’ May Have Been a Sandbox-Evasion Tool
手机SIM卡遭恶意补卡时有发生,部分手机用户反映,他们的手机SIM卡不但被停用,与之绑定的QQ和银行卡等信息也遭到窃取。手机用户也要提高保护个人隐私的意识,避免个人信息泄漏。

 
多家网站被黑客频繁光临,厉害的黑客掌控了系统的完全控制权,所有用户的密码和SSH密钥都失窃,SSH钓鱼或中间人攻击威胁着这些远程终端用户,网站安全不能和大的安全体系脱离。

猜您喜欢

华东宁波医药进军大健康产业 开启”内养外护”新时代
保险业信息安全意识培养电子课件受欢迎
网络安全法宣传片 002 国家网络安全的现状与重要性概述
太漂亮!韩雪穿着一字肩礼服 网友:衣美人更美
MUSCLESWORSHIP KDVS
网络信息安全小调

勒索病毒变异版再引爆发高峰:神秘黑客组织曝光

虽然一方面各种应急手册、紧急补丁、漏洞修复工具,以及让家庭用户安心的科普文章在大量刷存在感。但另一方面,我们看到该病毒的变异版如约而至”,被攻击范围和受攻击次数在不断增加,已受攻击网络依旧没有很好的处理方案。

CyberSecurity Law Introduction 网络安全法宣传视频系列
基于云的密码管理产品很能方便用户,不用记忆众多系统的密码,并且安全同步存储在网上,还可以在不同设备上共享,关键的问题在于访问这个密码管理系统的权限被攻击者击溃则会造成受害者全盘皆输。
勒索病毒变异版再引爆发高峰:神秘黑客组织曝光在病毒袭击爆发的48小时之内,我们身边的学校、加油站、政府网络已经相继有受袭案例传出,在国外更是直接产生了病毒影响医院工作的恶性事件。
这样肆虐全世界的病毒袭击,已经很久没有出现在人类世界的新闻当中了。而此次事件的多方矛头,都指向一种名为WanaCrypt0r 2.0”的蠕虫病毒。这种病毒被广泛认定为是根据 NSA(美国国家安全局)此前泄露的黑客渗透工具之一,永恒之蓝(Eternal Blue)升级而来。
假如这次事件明确指向NSA的渗透武器泄露事件,那么此次大规模病毒肆虐恐怕很难被定义为孤立事件。
反而更有可能是,此次事件与之前著名的黑客组织影子经纪人(Shadow Brokers)”攻破NSA黑客武器库,导致大量基于Windows系统漏洞的黑客工具流失事件有关。这次流散出的工具绝不仅仅是永恒之蓝”一种或一个类型。其中隐含的未知风险,也许比目前大众判断中更加惊人。
如果看过生化危机,那这集剧情你可能眼熟
恰好在一个月前的4月15日,已经屡次出手教训”NSA的神秘组织影子经纪人”发布了一份关于NSA的泄密文档。
这份300M的转存文档中,是NSA旗下黑客组织方程式”的入侵工具,主要针对微软的Windows系统和装载SWIFT系统的银行。
这些恶意攻击工具中,包括恶意软件、私有的攻击框架及其它攻击工具。根据已知资料,其中至少有设计微软23个系统漏洞的12种攻击工具,而这次完成变身出击”的永恒之蓝,不过12种的其中之一而已。
永恒之蓝所针对的是Windows中的SMB网络文件共享协议所存在漏洞。其他针对RDP远程显示协议、Kerberos 服务器认证协议的尊重审查(Esteem Audit)、 爱斯基摩卷(Eskimo Roll)等等,说不定还在暗中蠢蠢欲动。[1][2][3][4]下一页
互联网安全全球合作,所有的利益相关者要紧密合作,有效能和效率地处理这些长期问题,进而建立一个全球的在线法规遵循机制。

猜您喜欢

短信认证对于线上交易并不安全
保密意识教育
Security-Frontline-安全前线
奥迪新一代A7有望洛杉矶首发 轻量化设计
RELENTLESSENERGY MORROUTDOORS
网络安全公益短片扫描二维码的安全风险

The volume of 64-bit malware in the wild remains low even though computers running 64-bit operating systems became ubiquitous years ago.
The vast majority (93 per cent) of new computers sold worldwide operate on 64-bit Windows but most nasties were written to infect 32-bit systems, according to a new study by security firm Deep Instinct.
Deep Instinct reckons that 64-bit malware still makes up less than 1 per cent of the current threat landscape. But malware variants have recently begun to appear in 64-bit versions so this small figure is likely to grow.

Various strains of ransomware and banking Trojan families (Zeus) have appeared in 64-bit versions over the last two years or so. Around 60 per cent of the 64-bit threat landscape is dominated by the worm-like Expiro spyware. Following that, the most common 64-bit families are Virut (20 per cent) and Nimda (10 per cent).
“Zeus, the leading banking Trojan, which is responsible for the theft of hundreds of millions of dollars, was the first of its kind to contain a 64-bit version,” Deep Instinct reports. “We expect other banking Trojans and ransomware to follows this trend, causing the numbers of 64-bit malware to increase in the coming years.
“Sophisticated 64-bit malware has already appeared in several APT campaigns. Notably, the destructive disk-wiping Shamoon malware, which destroyed data on 35,000 computers at Saudi Aramco.”
The the cyber-security industry may face “serious challenges in detecting malicious 64-bit files,” according to Deep instinct. Studies presented at Black Hat 2014 and elsewhere show that the industry underperforms on 64-bit files. White hats demonstrated that use of a 64-bit Meterpreter facilitates security package bypass.
A more recent study, published in July 2016, that tested the detection rates of different Meterpreter stagers based on VirusTotal scan results also highlighted shortcomings.
Source: Deep Instinct
Code shift
32-bit applications can run on 64-bit systems through the WOW64 (Windows-on-Windows-64) functionality, which provides backwards compatibility for 32-bit applications installed on 64-bit Windows. This explains why the shift in the malware landscape has lagged behind customer adoption of 64-bit systems.
While both 32-bit and 64-bit applications can be run on a 64-bit system, in most cases 32-bit code cannot access the memory of a 64-bit process. Driver-signing and the kernel “PatchGuard” protection make it extremely hard to infect 64-bit systems with rootkits. These factors, among others, are pushing miscreants into developing 64-bit malware.
天津鼓励租赁业金融创新 租赁公司总资产约占全国四分之一
数据泄露为何层出不穷,黑客主义正当时,得到核心数据正是他们攻击成功的标志,而员工的疏忽和违规操作依然是数据泄漏的主要源头之一。
“While many 32-bit malware variants can work on 64-bit systems, attacks demanding access to 64-bit process memory, such as code injection or privilege escalation attacks, will be much easier to undertake using 64-bit malware,” according to Deep Instinct. “Therefore, the threat landscape is expected to gradually shift to 64-bit malware, as 64-bit architectures and operating systems become the norm.”
Multiplatform
Malicious 64-bit executables are not unique to Windows systems. Linux and macOS systems are also potentially at risk.
As of the end of 2016, 64-bit variants make up just less than 10 per cent of the Linux threat landscape but their numbers are growing, according to Deep Instinct. Malware that supports 64-bit architecture makes up the majority of the macOS threat landscape – unsurprising as all macOS platforms since the 2011 vintage Lion run only on 64-bit architectures.
Examples of recent 64-bit macOS malware include KeRanger, a fully functional ransomware that specifically targets Mac users, and Komplex, a cyber-espionage Trojan created by APT28.
“As users continue to transition to 64-bit, malware authors will follow,” Deep Instinct concludes, adding that many advanced persistent threats discovered in recent years (such as BlackEnergy and Shamoon) included 64-bit malware. ®
网站如果没有足够的内部安全技术力量,需要订阅在线漏洞扫描和网站安全监控的服务,也要购买定期的网站安全渗透测试服务。

猜您喜欢

上海普威图文加密分享数据加密技术
信息安全培训评估
学习管理系统LMS 学员操作演示
本科毕业生就业率前十专业发布 电气工程居首
INQUIRYBUY LNS-K12
一个信息安全动画小故事,随意丢弃损毁的U盘,被保洁员拾走,泄了密……

WannaCry: The North Korea Debate

WannaCry: The North Korea DebateResearchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.Symantec this week doubled down on its theory that the epic WannaCry ransomware worm was the handiwork of hackers out of North Korea, but some security experts dismiss any connection to the DPRK.
WannaCry, which infected some 230,000 machines in 150 countries yet generated only about $110,000 in ransom since its launch on May 12, according to data from Trend Micro, was more of a loud wakeup call about the potential for a ransomware epidemic than it was a massive event. Though hospitals in the UK were the initial high-profile victims of the attacks and nations such as Russia suffered the brunt of the infections, overall, WannaCry’s rapid-fire worm ultimately fizzled.
网络安全法宣传片 002 国家网络安全的现状与重要性概述
Attribution, especially with nation-state actors, is always a dicey practice: these attackers tend to be masters of disguise and false flags. But North Korea’s nation-state cyber operations became a possible suspect in WannaCry early last week when famed Google researcher Neel Mehta, and then Kaspersky Lab, Symantec, and BAE, voiced strong suspicions of a link to the infamous North Korean Lazarus Group after spotting the conspicuous use of Lazarus code in WannaCry.
Researchers from Symantec now say they have more evidence that the North Korean Lazarus Group launched WannaCry, but with the caveat that the attack campaign was not a North Korea government-sponsored campaign. Other security firms, including Kaspersky Lab, still point at ties with the Lazarus Group, which was behind the massive 2014 breach of Sony Pictures. FireEye has “moderate confidence” that the attackers behind WannaCry are North Korean, notes John Hultquist, manager of the cybersecurity analysis team at FireEye.
Researchers traced a link between WannaCry and the Lazarus Group back to a February 2017 WannaCry cryptor sample that very closely resembles a malware sample from the Lazarus Group two years before.
Vikram Thakur, principal researcher manager at Symantec, says researchers at his firm studied further the technical crumbs from that earlier, non-worm outbreak of WannaCry as well as the recent worm-spread attack; they found enough overlap between the tools and code used to tie together the attack groups. “There’s a decent amount of code overlap we see that can’t be duplicated by copycats. It would require someone with access to the original source code, along with the Lazarus tools,” Thakur says.
But the attackers didn’t run WannaCry like a full-blown nation-state campaign, according to Symantec “We don’t believe WannaCry was the work of a nation-state,” Thakur says. WannaCry didn’t target the usual nation-state victims, nor did it operate as smoothly and effectively as a nation-state attack.
“They had buggy code on May 12,” which was fixed 13 hours later, he says, and they weren’t targeting intellectual property nor did they have a sustainable or effective monetization channel.
So how could it both be the Lazarus Group yet not the North Korean government? The attackers could have been a rogue element of the Lazarus Group trying to make some money, for example, or a defector from the group that still had access to the source code, Thakur suggests. North Korea’s Lazarus hacking group has not targeted regular Internet users in the past: “They’ve gone after organizations, or intellectual property,” he says. “That’s the reason that the likelihood of it being a nation-state attack is very, very low.”
Symantec points to three pieces of malware discovered on WannaCry victim machines that are linked to Lazarus: Trojan.Volgmer and two variants of Backdoor.Destover, the disk-wiping tool used in the Sony Pictures attacks. The big “aha moment,” Thakur says, was connecting the dots between the malware used to plant WannaCry.
“We had a tool responsible for putting WannaCry on the machine, and that tool had similarities with Lazarus,” the so-called Alphanc Trojan used to spread WannaCry in the March and April attacks, he notes. It’s also a morphed version of a Lazarus tool calledBackdoor.Duuzer.
Another Trojan, Bravonc, uses the same IP addresses for its command-and-control as Duuzer and Destover, and has common code obfuscation methods as WannaCry and another Lazarus tool. Symantec also found shared code in WannaCry and a Lazarus backdoor called Contopee.
Even with Symantec’s newly discovered clues, not all security firms are sold on the North Korea connection. Mike Oppenheim, global research lead with IBM X-Force IRIS, says while they’re indeed code overlap between WannaCry and the Lazarus Group’s backdoor malware, that’s not enough to confirm a connection right now. “More evidence beyond this single piece of data will be required before attribution is possible,” he says. “The Lazarus Group malware has been widely discussed and publicized in recent years and it is possible that whoever is responsible for WannaCry had access to the same source code.”
政府网站的安全性为何如此脆弱呢?技术人员和专家们不满待遇,老想着走捷径升官发财,哪儿有心情搞不赚钱的网站?
Ross Rustici, senior manager of intelligence research at Cybereason and an East Asia expert, says a more likely scenario is a wanna-be cybercriminal behind WannaCry. “It’s plausible you had an aspiring cybercriminal start pulling at tools, and came across the Lazarus SMB worm” used in the Sony attack, he says. “They propagated the worm with the code, but didn’t think through the implications of what that would do.”
He doesn’t believe it’s North Korea because news of the ransomware attacks overshadowed North Korea’s missile launch that following weekend. “That’s out of cycle from a messaging standpoint,” Rustici says. And a splinter group or rogue actor in North Korea would be taking a huge risk of physical harm because the nation keeps close tabs on its cyber program and people, according to Rustici.
“WannaCry was sloppy” and used poor coding infrastructure, he says. “The way they decrypted was amateurish and it doesn’t have the hallmarks and tactics of professional hackers.”

The problem with attribution is that it requires more than malware connections, says John Bambenek, manager of threat intelligence systems for Fidelis Cybersecurity. “It could be DPRK, or it could be Shadow Brokers, or a close associate, who wants to make it look like them. They were good enough to steal the Equation Group tools, surely they can mix in some Lazarus tools just for fun,” he says.
WannaCry for a Long Time
WannaCry is the gift that keeps on giving: like any mass malware epidemic, infected machines will remain for months and possibly years. The payload-less Conficker worm from 2008 is a prime example of how old malware dies hard: it’s still spreading and living on Windows machines around the globe.
The attackers behind WannaCry have been spotted trying to resurrect it, and copycats and new variants are exploding. Security firm Trustlook has identified 386 different malware samples that contain the WannaCry ransomware.
The good news, of course, is that it was nowhere near as destructive as it could have been, and it served as a wakeup call for organizations worldwide. Victims patched WannaCry on average within 18 days: that’s 100 days more quickly than other emergency patching events, according to Qualys.
More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.
Meantime, while some researchers drill down into the code to find clues of the attackers, other security experts maintain that it’s more about the cleanup and lessons learned from WannaCry than who unleashed it.
“It’s going to be an enigma for a long time,” Cybereason’s Rustici says. “We’re not likely to have really solid answers in attribution near-term that’s a smoking gun. It’s going to stay a mystery for a while.”
Related Content:
WannaCry Hit Windows 7 Machines Most
5 Security Lessons WannaCry Taught Us the Hard Way
WannaCry: Ransomware Catastrophe or Failure?
WannaCry’s ‘Kill Switch’ May Have Been a Sandbox-Evasion Tool
 
在出了大量安全事故之后,忙于灭火救灾的我们痛定思痛,开始主动抓网络信息安全工作,我们制定了信息安全方针,明确了管理层和每位员工的信息安全职责,建立了安全相关的工作流程,并且对全体员工进行了信息意识的宣贯。

猜您喜欢

提高信息安全意识 对网络勒索病毒说不
网络安全公益短片小心披露您的地理位置信息
CyberSecurity Law Introduction 网络安全法宣传视频系列
快评:拿下宝腾 吉利的全球梦又下一城
PODIATRYM ZENCYCLERY
商业间谍与黑客参与搜索专利大战 APT攻击让员工信息安全意识

Target支美$ 18.5M解决数据泄露案

云计算和社交网络等应用的普及让我们的数据开始大规模逃离传统的物理安全控制范围,伴随着数据中心的逐渐没落,我们开始转而加强这些数据使用人员的安全意识教育,并且集中精力在关键的业务系统和核心的机密数据的安全保护上。

网络安全法实施宣传

多国制定和发布反网络犯罪法案,从一个侧面反映出,网络战,电子间谍和由国家资助的黑客行为正在兴盛。

猜您喜欢

持御前带刀侍卫砍刀 菲警官来华培训:印度化学液体泄露
安全基础理论课程助力培养全民网络安全意识
网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
插队未遂后报复?司机高速疯狂别车175秒至车祸
TRENDHURE FIORIDIDANZA
物理场所安全之桌面安全

Avast Releases BTCWare Ransomware Decryptor Tool

While the world was taken by storm by the WannaCry ransomware, there were other strains out there that were doing quite a bit of damage, including BTC ransomware. Thankfully, however, folks from Avast have come up with a decryption tool which is available for free. 
Paying the ransom for any malware that encrypts the files on your computer should never be done, except in dire cases. After all, every time someone pays, the attackers get the incentive to continue doing what they're doing. Victims of the BTCWare ransomware have a way out, however, as the security researchers from Avast built a free decryption tool.

The BTCWare ransomware began spreading a couple of months ago and thus far five variants have been spotted. You can tell them apart by the extension of the encrypted files:
中孚实业获控股股东增持246.8万股
– foobar.docx.[[email protected]].heva
– foobar.docx.[[email protected]].cryptobyte
– foobar.bmp.[[email protected]].cryptowin
– foobar.bmp.[[email protected]].btcware
– foobar.docx.onyon.
As Avast's security researchers note, BTCWare has been using the FileName.Extension.[Email].Ext2 scheme of naming files since it was first observed. Recently, a new variant called Onyonware, was discovered and it does not include a contact email address in the file name.
Once the ransomware infects the computer, it generates a random password which is then used to create the encryption key. The password is then encrypted with a public key and presented as a User ID in the ransom files.
After all files have been encrypted, the ransomware changes the desktop wallpaper with the note and leaves a note in each folder on how to get your files decrypted, threatening that if they don't receive an email within three days, the key will be deleted and the files will no longer be decryptable.
Although a couple of weeks ago the master private key was made public, Avast doesn't use it because it does not work on all variants. Instead, the decryptor they built uses brute force to retrieve the password.
政府、军队、企业、科研院所要联手开发针对人民大众的网络安全战争教育课程,方可在互联网安全保护上发起并赢得“人民战争”的胜利。
要降低泄露机密信息的可能性,首先应该保证数据信息的安全。只有作好了数据信息安全防范,才能保证企业健康而顺利地运行和发展。

猜您喜欢

关于做好”一带一路”国际合作高峰论坛期间网络运行安全和信息服…
环境Environment、健康Health、安全Safety在线动画教程
Security-Frontline-安全前线
5.24汇市解析:恐袭后英镑重整旗鼓,美元休整聚焦纪要
HERNI-KUPONY SWSPINEANDSPORTS
如何应对内部不满的以及离职的员工窃密

BrandPost: Identity Management + Mobility Management = Mobile Productivity

不要希望在灾难出现时,破坏份子会收敛行动,而恰恰相反,利用相关新闻事件的诈骗份子可会好好利用这个时机,组织在这个时候要加强员工计算机安全意识的培训,不要点击那些猎奇的小道消息来源链接及附件。
漫谈保险业信息安全管理
移动设备也更容易连接到其它非安全的网络中,进而增加被攻击和渗透的可能性。

猜您喜欢

全球近100国家遭勒索软件攻击 7.5万台计算机感染
信息安全意识测验
网络安全法宣传片 002 国家网络安全的现状与重要性概述
人机大战2.0 柯洁对弈Alpha围棋
DESTINYPUBLICEVENTS DIYBOND
信息安全责任的变迁

Twitter的漏洞可能允许攻击者从任何帐户鸣叫

Before it was fixed earlier this year, a flaw in Twitter could have allowed an attacker to tweet as any user.
之前,它是固定在今年早些时候,在Twitter的漏洞可能允许攻击者鸣叫作为任何用户。
Twitter was quick to resolve the issue, fixing it three days after the researcher–a bug hunter who goes by the handle Kedrisch–reported it via HackerOne. Kedrisch found the vulnerability in February and was awarded a $7,560 bounty days later in March. The researcher published details on the flaw earlier this month, but the HackerOne ticket wasn’t made public until Monday.
网上交友如何防范泄密?需要加强保密相关的安全意识教育,不和无关人员谈论涉密内容。
推特很快解决问题,固定三天之后,研究人员–漏洞猎人谁去用手柄kedrisch–报道通过HackerOne。Kedrisch在二月发现的漏洞并获得美元的赏金天后在三月。研究人员发表在该漏洞的详细信息本月早些时候,但HackerOne票还
Publish tweets by any other user. Write-uphttps://t.co/5hDenQWAc1 . Thanks @Hacker0x01 and @twitter.#BugBounty #writeup #hackerone
发布任何其他用户的鸣叫。write-uphttps:\/\/t.co\/5hdenqwac1。谢谢@ [email protected]# bugbounty # # HackerOne的文章。

— kedrisec (@kedrisec) May 4, 2017
The vulnerability was tied to Twitter’s ad platform, ads.twitter.com, a self-service platform that allows companies to promote tweets, accounts, and monitor advertising campaigns across the social network.
该漏洞被捆绑到Twitter
According to Kedrisch’s writeup of the vulnerability, he was able to intercept a request and change two parameters, owner_id and user_id, to tweet as another user.
根据Kedrisch
He received a handful of error messages at first but eventually was able to get a response that his tweet was successfully published. The vulnerability, at least at first, relied on the attacker uploading a media file, like an image, into tweets they want to want to send. According to Kedrisch just having the image isn’t enough, an attacker needs the filename associated with the image, a media_key, something that can be difficult to determine.
起初他收到了一些错误信息,但最终能够得到一个回应,他的鸣叫被成功发布。该漏洞,至少在第一,依赖于攻击者上传一个媒体文件,像一个图像,到鸣叫,他们想发送。据kedrisch有形象还
“User which we use to make a publication must have a media-file uploaded. Moreover, it’s needed needed to know media_key of this file and it’s almost impossible to reveal it by the means of brute force, as it contains 18 digits,” Kedsrisch wrote, “In my explorations I didn’t find 100% way to know this media_key. There were always some restrictions and circumstances which allow to get that media_key.”
By uploading an image file and sharing it with a user – something Twitter Ads allows – Kedrisch realized he could carry out the same attack without that 18 digit code. Instead he found he could intercept the same post request that’s sent to Twitter when a user tweets and swap out the Twitter handle.
通过上传图像文件并与用户共享
Twitter marked the vulnerability as high severity according to Kedrisch’s HackerOne report.
推特明显漏洞严重性高据Kedrisch
“This bug was patched immediately after being triaged and no evidence was found of the flaw being exploited by anyone other than the reporter,” Twitter told Threatpost Wednesday.
According to Twitter’s HackerOne page the company has paid out $703,240 to researchers for bugs since launching its bug bounty program in May 2014. While Kedrisch’s $7,560 bounty may seem low to some, its in line with what the company regularly pays for a “Significant Authentication Bypass” in Core Twitter: $7,500. Remote code execution vulnerabilities in the service can fetch up to twice that amount, $15,000.
凯乐科技:非公开发行股票获证监会核准
据推特
有时电商帐户里会有些钱没能及时花掉,就成了黑客的美餐,京东这些电商要减少因用户的过错而引起的麻烦需要加强用户的安全意识教育。

猜您喜欢

信息安全意识试卷
漫谈离职人员的信息安全管理
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
夫妻和好!佟丽娅抱儿探班陈思诚 朵朵近照曝光
INFINIT BACKBONECAMPAIGN
再一次快速了解昆明亭长朗然科技有限公司

Audio-Technica ATH-AG1X review: A good gaming headset with one killer flaw

尽管创新的科技在很大程度上修补了一些技术上的安全漏洞,然而信息安全中最大的安全漏洞莫过于员工脆弱的安全意识。

Security-Frontline-安全前线
除非知晓您的个人信息数据将被如何使用,否则不要向他人或网站分享您的个人信息。

猜您喜欢

山东商业职业技术学院电子信息学院学生荣获2017年全国职业院校…
安全意识宣传——如何选择安全的密码
CyberSecurity Law Introduction 网络安全法宣传视频系列
特朗普偕家人参观耶路撒冷哭墙
CANUWRITE JONATHANFONGSTYLE
网络安全宣传周公益教育动画APT高级持续威胁