Search Results for: cloud

Real Cloud Security

(Please note this post was originally published in the Spanish version of Security Art Work last 2nd Oct 2012)

Act I: The cloud

(In a small room we find the Chief Executive Officer (CEO), the Chief Security Officer (CSO) and the Chief Marketing Officer (CMO). The latter comes with a PC World magazine under his arm)

CMO: Blablablabla Cloud blablabla costs blablabla availability blablablabla Google.
CSO: Blablabla SLA blablabla, blablabla privacy, blablabla blablabla outsourcing, blablabla.
CEO: Blablablabla dollars, blablabla staff, IT blablabla servers. ¿Security? Blablablabla.
CSO: Blablabla, blablabla SOX, penalties, blablabla data theft blablabla, blablabla press. Blablabla impact and risk.
CMO: Insecure? Hahahaha, blablabla, blablabla and blablabla. CSO blablabla, distrust. Blabla, blabla, Gartner, blablabla?? Blablablabla. That does not happen.
CEO: blablablabla CIO, blablabla blablabla IT budget.
CSO: Alea jacta est.

Act II: Hunky-dory

(While the Chief Executive Officer looks at the Chief Marketing Officer tablet, they see the Chief Security Officer, who quickens the pace but is intercepted in the aisle)

CMO: Blablabla access, blablabla iPad, iPhone. Blablabla? CSO? Blablabla, this security guys blablabla. Access, blablabla, password blablabla, blablabla SSL.
CEO: Blablabla friendly, blabla, blablabla success. Blablablabla reason blabla costs, blablabla enterprise 2.0.
CSO: Pater Noster qui es in caelis, sanctificétur nomen Tuum

Act III: A small problem

(There is a problem in the Marshall Islands that has disabled the connection to the cloud provider, and althought it is not known yet, may have caused data loss)

CEO: Blablabla connection, blabla deletion, blablabla access. Blablablabla data, blablabla cloud!!
CMO: Blablablabla probability blabla blablablabla Gartner CIO, blabla CSO .
CSO: Blablabla risk, blablabla impact, blabla quality of service, blablabla Google.
CEO: Blablabla reputation, blablabla bussiness, blablabla Google!
CMO: …
CSO: …

Act IV: Choose Your Own Adventure

(Do you remember these books? ;)

Option #1

CSO: Blablabla backup, blabla fireproof, blablablabla recovery blablabla system.
CEO: Muacs.

Option #2

10 CEO: …
20 CMO: …
30 CSO: …
goto 10

Option #3

CSO: Blablablabla ¿CIO?
CIO: Blablabla, Terms of Service, blablablabla complaint, blablabla compensation, blablablabla.
CEO: Blablabla data, blablabla available blablabla #@!*& blablabla ten dollars.

Well, how did finished the adventure in the cloud?

If you’ve been able to continue this conversation, you might like this video that our colleague Adrian has found:

Guide to Assessing Your Organization’s Internal Cybersecurity Readiness in 2020

Today’s post is authored by Robert Mardisalu, co-founder & editor of TheBestVPN.com, a computer security professional, privacy specialist and cybersecurity writer.
He has written for many insightful blogs that help readers to think beyond the surface.


Every new year presents new cybersecurity issues and challenges for organizations. Skimming through the latest cybersecurity statistics will show how much of a threat cyberattacks pose. Handling information means you are charged with ensuring its availability, confidenciality and integrity against attackers, and be ready for the possible threats it may face.

In order to determine whether your organization is prepared to face these threats, you need to assess its cybersecurity readiness. This guide will help you do just that.

[Read more…]

The Importance of Server Hardening – Part 2. Hardening the Server

(Editor’s note: this post was originally published in the Spanish version of Security Art Work on 4th July 2019)

Today we publish the second of three articles courtesy of Jorge Garcia on the importance of server bastioning. You can find the first one here: The importance of server hardening – I


All right, we have the mission of hosting an online commerce web application and offering it to the world on a server that we own. Our goal is to make it as impregnable as possible at all levels. Since it is a web application, it is foreseeable that the main attack entry vector is through vulnerabilities of the application itself. Really, let’s not fool ourselves, all CMS are sure candidates for severe vulnerabilities. The scheme of how the platform will be organized is the usual one in a virtual server:

Therefore, the issue is to choose a CMS with these premises:

  1. That it is actively developed and supported by a large community of developers or by a large company. This ensures that when a vulnerability is published, it is quickly corrected.
  2. That the installed CMS is the last available version of a branch that has support, and that it is expected to continue having it for quite some time. Do not forget that, since we do not have a development environment at home, updates or migrations mean a loss of service which in turn means potential loss of money.
  3. That it is compatible with the operating system of the server that we have. A consideration that is obvious but important.
  4. May the history of critical vulnerabilities be as low as possible. A CMS that is actively developed and has good support but that on average finds a critical vulnerability every week is not viable to maintain or safe to use.

[Read more…]

The Importance of Server Hardening – Part 1. Introduction and Types of Infrastructure

(Editor’s note: this post was originally published in the Spanish version of Security Art Work on 1st July 2019)

Today we publish the first of three articles courtesy of Jorge García on the importance of server hardening. Jorge introduces himself as follows: “Although I am officially a systems administrator and responsible for security in the company where I work, the truth is that my job is also my hobby. I am a big fan of geek computing, defensive security, deploying my own servers and any DIY process that poses new learning challenges as I fend for myself to solve problems. Evolution is my passion.”


All companies, regardless of the field in which they are developed, have, to a greater or lesser extent, an IT infrastructure of servers that store and process corporate information of vital importance to the business. The question that always assails me is: if this information is so important, why does experience tell us that it is so frequent that companies do not keep their servers, applications and equipment updated and properly hardened?

It is well known that a large part of companies do not take computer security seriously. Without going any further this report published three months ago indicates that 7 of the 10 most exploited vulnerabilities during 2018 were between 1 and 6 years old; or this other report that indicates that a large number of companies do not patch their systems quickly. This is because, companies think that they are not targeted by hiding behind the typical “my company is small and has nothing attractive to hackers” thinking, or because they do not have or do not consider it necessary to have staff resources and tools to keep the platform updated. Or at least they don’t do it until it’s too late, and that’s what I’m going to talk about in today’s post. It’s a true story. Let’s go with a little background.

[Read more…]

IoT in the Industry 4.0 – Our data – collaboration or use?

On 7 February, a meeting was held in Madrid at the Vodafone Observatory of the Company, where experts in the cloud, artificial intelligence, robotics and digital transformation gave a vision on how to face the challenges of industry 4.0. In previous articles by Joan Balbastre about Industry 4.0, we could see what characterizes this industrial revolution and its basic design principles. In these articles, up to six different principles are named and one of them allows us to focus on this text: service orientation. This orientation turned out to be the fundamental axis of the whole event.

It is true that, in the face of strong competition between companies from different sectors, the optimization of the products or services provided has become a priority. There are many ways to improve a company or product. In recent years, information gathering has become one of the fundamental pillars on which the Industry 4.0 revolution is based. The data collected from consumers allows companies to perform different actions such as preventive maintenance, quality assurance, real-time defect management, operations management, etc. A clear example of the change that companies in the industry are undergoing is the case of Quality Espresso, which has gone from producing only one product, designing, producing and marketing coffee makers, to the provision of an added service thanks to the collection of information. Quality Espresso coffee machines not only allow connectivity with different devices, but are also able to collect statistical information for the company, in order to improve the products or even influence the design of new ones, as indicated in the event.

[Read more…]

WIRTE Group attacking the Middle East

The Intelligence Development Group of S2 Grupo has carried out an investigation on an actor from whom LAB52 has not been able to find references or similarities in open sources and who has been identified as WIRTE.

The DFIR (Digital Forensics and Incident Response) team of S2 Grupo first identified this actor in August 2018 and since then the follow-up has been carried out during the last few months.

This group attacks the Middle East and does not use very sophisticated mechanisms, at least in the campaign started in August 2018 which was monitored. It is considered unsophisticated by the fact that the scripts are unobtrusive, communications go unencrypted by HTTP, they use Powershell (increasingly monitored), and so on. Despite this apparently unsophisticated modus operandi compared to other actors, they manage to infect their victims and carry out their objectives. In addition, as will be seen during the report, the detection rate of some of the scripts in December 2018 by the main antivirus manufacturers is low, an aspect that must be highlighted. We must be aware that once these scripts are executed, it is when the behavior analysis of many solutions will detect them, but this fact has not been studied by LAB52.

This actor in all the artifacts analyzed shows his victims a decoy document in Arabic with different themes. During the report these documents will be analyzed and who could be the objectives depending on the topic dealt with in the document. [Read more…]

Analysis of Linux.Haikai: inside the source code

A few days ago we got the source code of the Haikai malware, which corresponds to one of the many implementations carried out by the continuous recycling of source code belonging to different IoT botnets. Although we have not identified any new developments compared to previous IoT malware versions, it has allowed us to obtain a lot of information on techniques, improvements and authors.

It should also be noted that, according to different records obtained, this botnet has been in operation for most of the last month of June.

In the following lines the code will be analyzed, as well as the possible attributions and the implementations not referenced in the execution thread, which allow us to guess that the code is mutating in different lines in parallel for the same function.

So let’s start by analyzing the structure of the files. [Read more…]

The tools of the gods

Today at SAW we are not going to talk about security but about religion. About the true religion, the good one: about Unix. And about its gods: Kernighan, Ritchie, Thompson … we could cite a few. And about the tools that, in the seventies, these gods sent to us poor mortals, like the manna fallen from heaven for the chosen people.

The thing is that these gods created a real operating system, with some technically wonderful tools and a very simple philosophy: simple capabilities that combined make complex tasks. Perfection. Life is Unix running a script. More than forty years have gone by and we, poor mortals who were the chosen people, what have we done all this time? Trying to dishonor that divine legacy with artificial and useless layers (“of abstraction”, they call them, to try to make sense of them) that introduce two unnecessary problems in any “modern” technological environment: complexity, and therefore probability of error, and slowness.

Exemplary is the “true” executable, in line with the story recently commented by Rob Pike on Twitter:


$ >mytrue;chmod +x mytrue
$ ./mytrue
$ echo $?
0
$

A program whose only purpose is to always return 0. An empty executable. EMPTY. There can be nothing simpler that works, and has been for forty years … well, that’s where we mortals come in. Year 2018:

[Read more…]

Publication of the NIS Implementation Regulation (for digital service providers)

(This entry has been prepared in collaboration with Ana Marzo, from Equipo Marzo, which provided a good part of the information).

Just a couple of weeks ago Ana March, from Equipo Marzo, an attorney for whom I have great professional respect, contacted me to tell me about the publication, not expected (at least by me), of a new regulation of the Commission related to the NIS Directive, which I have called in a display of originality NIS implementation regulation.

In fact, on 30 January, the Implementing Regulation (EU) 2018/151 of the Commission from 30 January 2018 was published, laying down rules for the application of the Directive (EU) 2016/1148 of the European Parliament and of the Council with regard to the specification of the elements to be taken into account by digital service providers in order to manage the existing risks for the security of networks and information systems, as well as the parameters for determining whether an incident has a significant impact..

At least it caught me by surprise (and I am sure that some of our readers will see the same thing), since I expected a transposition of the directive, not a regulation emanating directly from the Commission (which does not mean, of course, that we will not enjoy our own NIS-compliant legislation, as the legislator must be kept busy…). Given that, although in different areas, we had both coincided at the same client that fitted into the concept of digital services provider and could therefore be affected, we asked ourselves about the applicability of the regulation to this specific client. For example, is an online newspaper affected? And an online sales website? An online bingo? And the purchase-sale between individuals? Deriving the answer to these questions is the subject of this entry.
[Read more…]

Some vulnerability in ASUS routers

A few months ago, I changed my old TP-LINK router to an ASUS. Since it is the de facto manufacturer recommended by my ISP, in order to avoid any complications that could lead to delays in getting my Internet up and running I decided to go with it.

Then comes a lonely afternoon of boredom, or perhaps out of habit (I wanted to start writing a report:D), so I start by trying a little apostrophe here, a marquee as the Wi-Fi name, , command execution in one of the network diagnostic pages and a long list of etc. In the end, one thing leads to another (you know how that goes…), you get involved and when you’re conscious you have Burp or ZAP open, you’ve gone over halfway through OWASP and you’ve been looking for hours for something to play with, something interesting to see how safe your brand-new router is. [Read more…]