leave

now browsing by tag

 
 

#cybersecurity | hacker | Malproxying: Leave your malware at home

Source: National Cyber Security – Produced By Gregory Evans

Endpoint protection plays a critical role in
the modern organizational security stack. Yet the very nature of this security
model is fundamentally flawed. Endpoint security solutions, and the malicious
actors trying to breach them, are locked into a perpetual game of cat and
mouse. Each side must continually adapt and react to the tactics of the other.
And, unfortunately for organizational security specialists, the playing field
is radically unbalanced.

Security solutions and professionals need to
maintain perfect endpoint protection; hackers, meanwhile, need only a single
successful attempt to wreak extraordinary damage. Yet security solutions do
have one point in their favor: The most common endpoint security evasion
techniques require constant updating which limits the pool of attackers and the
scale at which attacks are launched.

This leads to a troubling
question — what if a technique existed that allowed attackers to evade defense
mechanisms while requiring little in the way of adjustments to malicious code?
That was the topic of a well-received recent presentation I gave along with my
colleague security researcher Hila Cohen at DEF CON 27 in Las Vegas, Nevada.

Let’s take a closer look at this technique
and its implications for endpoint security.

The Current State of Endpoint Security

Existing security solutions use three
mechanisms to maintain protection:

  • Static signatures — these can be a simple hash from a sequence
    of bytes in a file. Signatures sign file segments (or memory blocks), enabling
    a check against common IOCs (Indicators of Compromise) to see if the file is
    infected.
  • Heuristic rules — these rules can inspect the imported
    function list, executable uses, its sections sizes and structure, and many more
    properties including entropy. Heuristic rules attempt to discern properties
    that are common among malicious files yet don’t exist in safe executables. They
    are not based on IOCs and don’t examine binary sequences or hashes included in
    the static signature category.
  • Behavioral signatures –these
    signatures attempt to identify, evaluate and block all malicious activity.
    Because of the limitations of static signatures and heuristic rules, infected
    files are often miscategorized as safe. Behavioral signatures take a different
    approach, as they are based on an operational sequence executed in the system,
    rather than the implementation of malicious logic.

As mentioned above, endpoint protection
solutions have a variety of weaknesses. Attackers can change the IOCs,
properties and behavior of malicious files, allowing them to evade detection
and quarantining. However, these techniques are highly manual and require significant
expertise, making it difficult for attackers to implement at scale.

There is, however, another approach enabling
the circumvention of endpoint security without the need for extensive labor or
expertise: Malproxying.

How Malproxying Works

The core operational model of endpoint
security solutions is simple: Identify and analyze code, then classify and
(potentially) block. Yet what if an attacker could obscure that code entirely?

That’s the premise of the malproxying
technique, which avoids deploying malicious code on target machines and
therefore separates that code from any interaction with the target operating
system. Here’s how it works:

A piece of code interacts with its operating
system and environment through a set of API calls. The attacker redirects those
API calls, and instead of running them on his operating system, he proxies them
over the network to the target machine. So, the malicious code resides on the
attacker side, where it is not monitored by any security solution (as the
attacker completely controls the environment), but the actions performed by
that malicious code actually interact with the target environment, allowing it
to bypass common endpoint security protection mechanisms. The malicious code,
meanwhile, cannot tell that it has not been executed on the targeted machine.

On a deeper level, the technique involves two
key components: attacker and target stubs. The attacker code loads and executes
malicious instructions, controls its API function calls and redirects them over
a network tunnel to the target stub.

The target code appears innocent and has no
malicious activity pre-coded. It receives the API requests and parameters,
executes those requests and returns the results back to the attacker stub.
These results are returned to the malicious code, in the exact way they would
be returned if the malicious code had called the API functions locally. The
malicious code is totally unaware of the long journey the response went through
until it arrived at its destination.

Countering Malproxying

The malproxying technique is designed to
evade the primary mechanisms used by endpoint detection solutions. The target
stub contains no malicious logic in its base form, rendering it hard to
identify and easy to modify if caught. Static signatures and heuristic rules
are easily bypassed.

Behavioral signatures, however, are another
matter. In the bottom line, a “malicious” sequence of API calls must be
executed on the target machine to achieve the attacker’s malicious goals. A
sophisticated monitoring tool can detect that malicious flow and trigger an
alarm. This merely invites another protracted cat and mouse battle, as the
attackers have to find new ways to make it very hard for monitoring tools to
assemble the trace of their malicious actions.

For example, an attacker could trigger each
API function call in a different thread, making it harder for security
solutions to identify a single code flow to check whether it is malicious or
not. Second, the attacker could bypass the detection points, where the security
solution tracks the activity of our process. Once those detection points are
bypassed, the security solution is blind to any API-based activity.

Continual improvement and refinement of
behavioral detection capabilities represent a better option. Actions triggered
by malicious logic can be tracked using various techniques to ensure that calls
are fully tracked. By building a more robust log of executed system function
calls — and the signatures that define malicious behavior — organizations can
develop a more viable line of defense against this novel attack technique.

Amit Waisel, Senior Technology Lead in Security Research, XM Cyber

The post Malproxying: Leave your malware at home appeared first on SC Media.

Original Source link

The post #cybersecurity | hacker | Malproxying: Leave your malware at home appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Cops to leave druggies high and dry on NYE- The New Indian Express

Source: National Cyber Security – Produced By Gregory Evans Express News Service BENGALURU: With Bengalureans all set to welcome the new year, with some heading to discos, pubs, restaurants or farmhouses on the outskirts of the city, the police have upped vigilance to curb drug abuse at parties. The Central Crime Branch (CCB), on Tuesday, nabbed […] View full post on AmIHackerProof.com

#deepweb | 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World

Source: National Cyber Security – Produced By Gregory Evans

UNESCO report shows fewer than 5% of people in many countries benefit from adult learning opportunities

Paris, 04 December—In almost one-third of countries, fewer than five per cent of adults aged 15 and above participate in education and learning programmes, according to UNESCO’s fourth Global Report on Adult Learning and Education (GRALE 4). Adults with disabilities, older adults, refugees and migrants, minority groups and other disadvantaged segments of society are particularly under-represented in adult education programmes and find themselves deprived of crucial access to lifelong learning opportunities.

Published by the UNESCO Institute for Lifelong Learning, the report monitors the extent to which UNESCO Member States put their international commitments regarding adult learning and education into practice and reflects data submitted by 159 countries. It calls for a major change in the approach to adult learning and education (ALE) backed by adequate investment to ensure that everyone has the opportunity to access and benefit from adult learning and education and that its full contribution to the 2030 Agenda for Sustainable Development is realized.

“We urge governments and the international community to join our efforts and take action to ensure that no one – no matter who they are, where they live or what challenges they face – is left behind where the universal right to education is concerned,” says UNESCO Director-General Audrey Azoulay, endorsing the report’s recommendations. “By ensuring that donor countries respect their aid obligations to developing countries, we can make adult learning and education a key lever in empowering and enabling adults, as learners, workers, parents, and active citizens.”

The publication stresses the need to increase national investment in ALE, reduce participation costs, raise awareness of benefits, and improve data collection and monitoring, particularly for disadvantaged groups.

Progress in participation in adult learning and education is insufficient

Despite low participation overall, many more than half of responding countries (57% of 152) reported an increase in the overall participation rate in adult learning and education between 2015 and 2018. Low-income countries reported the largest increase in ALE participation (73%), trailed by lower middle income and upper middle income countries (61% and 62%).

Most increases in adult learning and education participation were in sub-Saharan Africa (72% of respondents), followed by the Arab region (67%), Latin America and the Caribbean (60%) and Asia and the Pacific (49%). North America and Western Europe reported fewest increases (38%) though starting from higher levels.

The data shows persistent and deep inequalities in participation and that key target groups such as adults with disabilities, older adults, minority groups as well as adults living in conflict-affected countries are not being reached.

Women’s participation must improve further

While the global report shows that women’s participation in ALE has increased in 59 per cent of the reporting countries since 2015, in some parts of the world, girls and women still do not have sufficient access to education, notably to vocational training, leaving them with few skills and poor chances of finding employment and contributing to the societies they live in, which also represents an economic loss for their countries.

Quality is improving but not fast enough

Quality ALE can also provide invaluable support to sustainable development and GRALE 4 shows that three-quarters of countries reported progress in the quality of education since 2015. Qualitative progress is observed in curricula, assessment, teaching methods and employment conditions of adult educators. However, progress in citizenship education, which is essential in promoting and protecting freedom, equality, democracy, human rights, tolerance and solidarity, remained negligible. No more than 3% of countries reported qualitative progress in this area.

Increase in funding for adult learning and education needed

GRALE 4 shows that over the last ten years, spending on adult learning and education has not reached sufficient levels, not only in low-income countries but also in lower middle income and high-income countries. Nearly 20% of Member States reported spending less than 0.5 per cent of their education budgets on ALE and a further 14% reported spending less than 1 per cent. This information demonstrates that many countries have failed to implement the intended increase in ALE financing proposed in GRALE 3 and that ALE remains underfunded. Moreover, under-investment hits socially disadvantaged adults the hardest. Lack of funding also hampers the implementation of new policies and efficient governance practices.

Source link
——————————————————————————————————

The post #deepweb | <p> 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Apple Confirms iPhone Regularly Gathers Location Data, But Says It Doesn’t Leave the Phone

Source: National Cyber Security – Produced By Gregory Evans Apple confirmed that their latest iPhone 11 phones come with a feature that requires regular geolocation checks, but the company said that information doesn’t leave the phone. Security researcher Brian Krebs noticed that the latest iPhone 11 was making geolocation check seven when all apps that […] View full post on AmIHackerProof.com

9 Everyday Habits That Leave You Vulnerable Online

Source: National Cyber Security – Produced By Gregory Evans

Whether you read email, check social media, or do most anything online, your internet behavior may put you at risk. Hackers and scammers can take advantage of your online movements to get your financial data and other sensitive information. To stay safe and protect your identity, make sure you avoid…

The post 9 Everyday Habits That Leave You Vulnerable Online appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

U.S. Spy Agencies Leave Americans Vulnerable to Hackers In the Name of “Protection”

Source: National Cyber Security – Produced By Gregory Evans

If those of us who regularly use the Internet for work, recreation, shopping, and more find ourselves increasingly vulnerable to hackers, malware, spies and cyber-thieves out to steal our personal information, we have U.S. intelligence agencies to thank. Furthermore, those …

The post U.S. Spy Agencies Leave Americans Vulnerable to Hackers In the Name of “Protection” appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Springfield teacher put on leave, faces charges of sexual abuse, luring a minor

A teacher at a Springfield middle school has been put on leave after being booked into the Lane County Jail on ­Friday for ­multiple child sexual abuse charges, the school district ­confirmed Saturday.

Matthew McKinley ­Woodford, 34, faces 17 charges, including luring a minor, according to jail records.

Woodford is charged with five felony counts of luring a minor, five felony counts of ­displaying child-sexual conduct and two felony counts of online sexual corruption of a child. He also was charged with five misdemeanor counts of third-degree sexual abuse of a minor.

Springfield School District spokeswoman Jenna ­McCulley confirmed ­Saturday that Woodford was put on leave from his job as Thurston Middle School’s music director, teaching band and orchestra, pending the police ­investigation.

Read More

The post Springfield teacher put on leave, faces charges of sexual abuse, luring a minor appeared first on Parent Security Online.

View full post on Parent Security Online

Many State Report Cards Leave Parents in the Dark About School Achievement – Inside School Research – Education Week

With jargon, “meaningless” tables and missing data, state report cards can be difficult for parents to use, a new report shows.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Many State Report Cards Leave Parents in the Dark About School Achievement – Inside School Research – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

School Bullying Can Leave Lifelong Scars – BookMarks – Education Week

The negative effects of school bullying can last long after childhood, says professor and author Ellen Walser deLara.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post School Bullying Can Leave Lifelong Scars – BookMarks – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

The Privilege of Maternity Leave: What the NICU Taught Me

I’ve always been a planner — building spreadsheets and crossing items off my to-do list. So when I became pregnant, I naturally sought to plan every last detail so that I would be fully prepared by the time the baby arrived. I gathered lists of friends’ product recommendations, bought every parenting book, and signed up for birthing classes for a month before my due date.

I thought I was perfectly prepared. And then my water broke at 33 weeks, and my whole life changed.

My daughter spent the first four weeks of her life in the Neonatal Intensive Care Unit (NICU) at Mt.

Read More

The post The Privilege of Maternity Leave: What the NICU Taught Me appeared first on Parent Security Online.

View full post on Parent Security Online