Posts

Showing posts from April, 2017

Detecting & Preventing APT10 Operation Cloud Hopper

There has been much concern over a state-sponsor threat known as APT10 Operation Cloud Hopper, also known as Stone Panda, after the UK National Cyber Security Centre (NCSC) recently spooked UK businesses and their suppliers about a Chinese threat actor posing a serious threat to IT Managed Service Providers (MPS) and their UK clients.    Overview of the Threat APT10, a Chinese-based hacking  group also known as Stone Panda, MenuPass,  CVNX,  and Potassium is operating a hacking  campaign known as Operation Cloud Hopper, which is  believed to have been underway since 2014. There are intelligence reports which indicate the APT10 threat actor has significantly upscaled their capabilities and attack sophistication in early 2016. The APT10 Cloud Hopper campaign focuses on sending malware infected emails to staff working at  IT Managed Service Providers (MPS) , once executed the malware creates a backdoor which allows the attacker remote access t...

WinZip Encryption Password Security (2017)

Image
9 years ago I wrote a post on  WinZip Encryption Security , that post has  received tens of thousands of visits over the years and continues to be pretty popular, but it is high time for that advice to be refreshed. The advice below also applies to 7-Zip , which also supports the same type of encryption as WinZip. Do not use WinZip ‘Standard Zip 2.0 Encryption’ WinZip pre-version 9 only offered WinZip's own proprietary encryption algorithm called Zip 2.0 encryption, which is broken, so never use WinZip pre-version 9 or the “WinZip's Zip 2.0 Encryption” as an option, as passwords of any strength can very easily be recovered with third party cracking tools. WinZip versions 9 to 21 defaults to use the National Institute of Standards and Technology (NIST) scrutinised and US government agency approved encryption algorithm called the A dvanced Encryption Standard  (AES) -  http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html . This is great...

Cyber Security Roundup for March 2017

Security researchers found there were able to find numerous sensitive documents by searching Microsoft’s Office 365 documents made publically accessible through the Docs.com website. Documents found included business confidential information, passwords and personal data. The issue was not caused by any security vulnerability in O365, but by its use rs misconfiguring or not understand the access permissions on their Microsoft O365 file storage, inadvertently permitting public access to t heir confidential data.  Businesses and users need to meet cloud services halfway when it comes to security, that starts obtaining a clear understanding of what security the cloud service does and does not do, so ensure your security homework is done before adopting the cloud. A patch for a critical vulnerability in Apache (Server) Struts was released this month, the vulnerability, which is being actively exploited by cyber criminals in ransomware attacks, allows the remote execution of comma...