Monday, September 18, 2017

Avast download site compromised to host a malicious CCleaner

If you downloaded "CCleaner" software from antivirus company Avast between August 15 and September 12, you have a problem. Cisco's Talos threat research group discovered that company's software download page was compromised to host a malicious version of CCleaner that contains malware.

Computers that downloaded and ran that software became part of a botnet, a network of computers under the control of whomever is behind that malware.

Those that follow my advice to use the free OpenDNS service for their home networks are partially protected - your computer would still download and install the malware, but would be prevented from accessing the command and control servers the criminals use to deliver instructions to your computer.

If you use CCleaner, check your antivirus software to be sure it is completely up-to-date, and run a full system scan. Now that the malware is known, most commercial antivirus programs will begin to detect it (with varying degrees of success).

I have long recommended automatically updating software with the latest available patches and updates, as a core tenet of basic security for individuals and small businesses. After a Ukranian software company was hacked to deliver malware to taxpayers in that country, I wrote up an analysis of why I still held that recommendation. 

I said then:
In over twenty years as a systems administrator and security professional - much of that time overseeing patching for a Fortune 100 company with a quarter million systems to update - I can count on one hand the number of catastrophic failures caused by patching, and still have fingers left over. Conversely, hardly a month goes by that I don't see malware and criminals exploit vulnerabilities in Windows, browsers, office productivity software, mobile apps, building automation systems, industrial control systems, and other computing software.
It is becoming increasingly difficult to maintain that position... I suspect I am up to two hands now, but for the time being, I still find quickly updating is less risky than not patching.


Thursday, September 14, 2017

A change of scenery for this security engineer


If you are looking for a seasoned infosec architect with red team skills in the Austin (Texas) area, or know someone that is, take a few seconds to read on.

Who am I? An incident responder, a log correlation junkie, a malware analyst, a forensic investigator, a threat intelligence handler (real intelligence, not the threat data often thrown under that label), a network engineer, and a security architect.

I've defended a Fortune 50 company, primarily doing network defense, intrusion detection and incident handling, and threat intelligence.

I've built security from the ground up for a mid-sized company you may not even know works for you.

I break and fix things, so I can stop others from breaking or detect them when they do.

I won't list the products I have used because honestly, the right tool for the job depends on large part on what you have in place today, and what problem needs to be solved. That, and I'm an OSINT junkie - I know exactly how useful a list of tools used by my previous employers would be. Suffice to say I know commercial tools and have built custom solutions with open source tools as well. If I don't know a tool vital to your operation, I'll be competent at it shortly.

Why am I writing this? I recently found myself on the wrong side of a "reduction in force." So now I have a chance to build security for you.

Friday, September 8, 2017

Equifax breach exposes 143 million to identity fraud

Updated to add a link to Equifax's official incident response website, https://www.equifaxsecurity2017.com/ . Fake sites and phishing email are already appearing, by criminals attempting to deceive and defraud worried consumers. Also updated to add a comment about identity theft potentially leading to tax fraud.

This breach is likely to be in the news for a while, and the effects will linger long after the media moves on.

Between mid-May and the end of July 2017, criminals accessed sensitive information on a website owned by financial credit reporting bureau Equifax. According to the company, personal information for approximately 143 million US consumers was compromised. An undisclosed number of Canadian and UK residents were also affected. This being a credit bureau - a company whose primary business is keeping track of consumers' financial identities - the information stolen was significant: social security numbers, birth dates, and addresses. In some cases, driver's licenses, credit card numbers and specific details related to dispute documents were also compromised.

For perspective, 143 million is more or less the same number as every working-age human in the United States.

I do not plan on going into how it happened - Brian Krebs did an excellent job of that. My goal is to provide my readers with advice on what to do now.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.