A Game of Endpoint Thrones

16 April 2018 in Digital Download

A Game of Endpoint Thrones

Last week, DirectDefense, Inc. disclosed that they've discovered hundreds of thousands of files from Carbon Black customers. According to the firm, Cb Response was leaking customer information by uploading data for analysis by 3rd part scanners, which is concerning (to say the least). As it turns out, the information was misleading BS (to say the least). In reality, Cb Response has an option within their toolset to upload files for analysis by VirusTotal, which is a very handy service. VirusTotal analyzes a file with over 50 different scanning engines in just a few seconds. Cb Response by default does not allow certain files types to be uploaded, but the user can change the setting and upload anything. Naturally, whatever you upload can potentially become exposed, so you have to BE CAREFUL and assume some risk. The plot thickened today when a Carbon Black executive pointed out that DirectDefense is a partner of Cylance, Cb’s competitor. In fact, literally the SAME WEEK this all came out, DirectDefense posted their partner of the year award from Cylance on Twitter. Somehow, I think these things may be related (to say the least). Read more >

My peers seem more diverse than normal 

Less than half of female information security professionals working today have a background in IT or computer science, according to new industry research. This highlights the need for employers to keep an open mind when hiring. (Or do better background checks.) The Women in Cybersecurity report is based on interviews with 300 female IT security professionals, and aims to challenge perceptions and encourage females to enter into the industry. Currently, approximately 11% of Security professionals are women, so certainly diversity is an issue. Women bring a valuable perspective to the workplace and they smell better. However, I have to say my own experience doesn’t line up with the statistics. My boss is a woman, I have recurring calls with a woman at a leading endpoint protection company, another at a major firewall manufacturer, and yet another at a Fortune 100 customer. Lesson learned, ladies. If you want a job in security- get on my calendar. Read more >

Country music dancing and network breaching can both be done in 2 steps 

A study released this week, reported that critical vulnerabilities were detected on 47% of tested corporate systems. Bypassing network perimeters is possible on 55% of systems for an intruder with minimum knowledge and skills, and can be done in an average of two steps. One of the most alarming findings was that user awareness surrounding information security has decreased significantly. How is this possible? On nearly a daily basis, we are barraged with new information about breaches, botnets, ransomware, etc… and yet somehow the workforce is LESS aware that security is a problem? I blame the addition of the millennials into the workforce- they are bringing us all down. These kids today- with the clothes, and the hair, and the lack of security awareness… Read more >

Watch Out for That Bus, Unnamed FireEye Guy 

It was reported last week that FireEye was breached by a hacker claiming to have several documents and other proprietary data. Now, FireEye is reporting that most of the claims were either misleading or completely fabricated. (Kind of the like the claims my 3rd grade teacher made about me cheating on that spelling test. I wrote those words on my hand for study purposes.) According to Steven Booth, who may or may not be related to the notorious assassin John Wilkes Booth, “They falsely implied successful access to our corporate network, despite the fact that we identified only failed login attempts from the attacker. All of the other documents released by the attacker [other than the three mentioned] were previously publicly available or were screen captures created by the attacker.” Instead, the original compromise was related to the 2016 breach of an individual’s personal online accounts, including LinkedIn, Hotmail, and OneDrive. While I’m not saying I’d go to the theater with the man, it does sound like Mr. Booth has a fair point here. In this case, the throwing under the bus of said victim is allowed. Play ball! Read more >

Caveat Android Emptor 


A developer, believed to be from Iraq, has created more than 1,000 Android malware samples. A handful of those samples made it onto the official Google Play store according to researchers from mobile security firm Lookout on Thursday. One of the samples, SonicSpy, masqueraded as a communications tool called Soniac. While it worked as advertised, the app could also silently record audio, take photos, make calls, and pilfer data; including call logs, contacts, and information about Wi-Fi access points. The app had been downloaded between 1,000 and 5,000 times before being removed by Google, but variants could have infected many thousands more. The developer behind Soniac was officially listed as “iraqwebservice”. Did that really sound legit? Come on guys, pay attention. They may has well called it “3rd World Malware App from North Korea Dev Team”. Read more >