Rare public appearance from Tailored Access Operations leader

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.

Source: NSA’s top hacking boss explains how to protect your network from his attack squads

Maybe not all accurate, considering where it came from, but interesting points anyway.

there are plenty of open source utilities available to offer a look inside the ESE Database on a standalone mode, i.e. without external support required. However, this entirely depends on the state in which the database is present. Being ESE database, in case of a dirty shutdown of the machine, there is high possibility of the extracted artifacts to be found in a dirty dismount state. Therefore, in that case, the examiner would first have to process it with Extensible Storage Engine Utilities provided by Microsoft Windows in order to further parse it in search of evidence.

History being the most majorly important database has been used an example for explaining the exploration of evidence in an ESE Database using a viewer or open source ESE DB reader.

Source: Microsoft Edge Browser Forensics – Exploring Project Spartan

“SNAP” allows an attacker to run arbitrary JavaScript code on the vulnerable LG devices, according to security researchers from Israeli security firms BugSec and Cynet. This might be easily exploited to allow private data leakage, phishing attacks and/or crash a vulnerable device, say the researchers.

The security flaw is rooted in a bug in one of the pre-installed LG applications, Smart Notice, which exists on every new LG G3 device. That’s why this device – but not other Android smartphone and tablets from other manufacturers, or earlier smartphones from LG – is vulnerable. LG debuted its Smart Notice app with the G3.

Source: Built-in LG smartphone app created data hack risk

Centene, based in St Louis, says that the hard drives in question contain personal data about people who received laboratory services between 2009 and 2015. Stored on the drives are details including names, addresses, dates of birth, social security numbers, member ID numbers and health information.

Source: A Health Insurer Lost Six Hard Drives Holding Data About 1 Million Customers

Hard-coded password in Lenovo SHAREit for Windows

[CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same.

Remote browsing of file system on Lenovo SHAREit for Windows

[CVE-2016-1490] When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit

Source: Lenovo ShareIT Multiple Vulnerabilities

It’s not going well with Lenovo security

Skype is fully committed to delivering as safe and secure of an experience as possible to our customers. We have recently introduced the ability to hide a Skype user’s IP address and we’ve set this as a default status in the latest versions of Skype. Starting with this update to Skype and moving forward, your…

Source: To our gamers: IP will now be hidden by default in latest update

About bloody time!

By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft’s recent versions of Windows.

Source: Hot Potato Exploit Gives Attackers the Upper Hand in Multiple Windows Versions

Find open webcams on Shodan!

Source: Server: SQ-WEBCAM – Shodan Search

Microsoft engineers are struggling to fix a seven-day-old, self-inflicted Office 365 IMAP outage.

IMAP access to Office 365 tanked on January 18, meaning customers could not access emails using Exchange Online via IMAP or connect third-party mail clients via IMAP.

Microsoft told disgruntled Office 365 customers that the problem affected a limited number of licensees – but that those customers hit had a “large number of users.”

The culprit was found to be a botched Microsoft update that stopped the IMAP protocol automatically loading data from Exchange Online databases.

Source: Microsoft struggles against self-inflicted Office 365 IMAP outage

Cloud is a great idea. Not always.

Medicine is world’s worst industry for data security, it seems

Source: Terrible infections, bad practices, unclean kit – welcome to hospital IT

Hospitals running unpatched XP and 95, hardware vendors that ship 36 trojans with their patches, people running around pressing keyboard keys to make sure none of the PCs ever logs out, pacemakers with open debug routines that allow interruption of service, it’s quite an article.