Kevin Beaumont Profile picture
https://t.co/r8moXSpOva. I create cyber weather.
Sep 19, 2018 4 tweets 2 min read
I've written about Magecart compromise of customer data at Sophias Style (who've been informed) - the Javascript used is supplied differently server side depending on which page you're browsing from, to hinder security research doublepulsar.com/magecart-new-t… This is the code you see on a non-cart page vs the code supplied when you register and go on a payment page. Exactly same .js URL.
Sep 11, 2018 5 tweets 2 min read
Well crap. It looks like JavaScript library Feedify got owned and were serving Magecart 😬 any comment @_Feedify? Check out the regex, looking for generic checkout processes 😬
Sep 9, 2018 5 tweets 2 min read
US gov report into Equifax breach, 40 pages, worth a read. They essentially had a lack of asset inventory, vulnerable infrastructure, and failures in SecOps (eg vuln mgmt didn’t identify Struts issue, 10 month expired certificate so no monitoring etc) gao.gov/assets/700/694… The expired certificate is likely going to be IDS not working - if you can afford SSL decryption (you want to budget for this ideally) somebody has to maintain the SSL certs for in line decryption, so you have to budget for that too.
Aug 16, 2018 10 tweets 4 min read
Next Gen AV vs My Shitty Code time :D Watching James pop Metasploit shells without issue on next gen products from Cylance, Symantec, Sophos InterceptX, ESET, McAfee.
Aug 14, 2018 10 tweets 4 min read
There’s a new CPU vulnerability with a website, logo (free to use), website with no mitigation advice etc. Spin up the Vulnerability Hype Train while I analyse. foreshadowattack.eu Re Foreshadow, “With the August, 2018 Windows security updates applied... any attempt to read from it using L1TF will fail.”
blogs.technet.microsoft.com/srd/2018/08/14…
Aug 14, 2018 4 tweets 1 min read
Re hotel issue at Black Hat and DEF CON. I think both orgs should work together to agree clear standards for room entry with all venues. If venues don’t agree to generally accepted terms, they should not be venues. Pragmatically organisers will need to accept certain things and communicate these to attendees. But some things are really important - eg room entry by security while attendee in room needs clear ID, with hotel security phone # to verify creds *before entry*.
Aug 14, 2018 4 tweets 1 min read
Imagine sitting in a company, writing this in Word, attaching it in Outlook and hitting Send. 😂😂😂😂😅 List of “rolls” I want, in rank order: 1) Dark Blockchain Wrangler 2) bread roll taster 3) 3rd penguin in Pingu 4) Shadow Broker broker 5) head of letter head design 6) new Tellytubby in Tellytubby reboot 7) the fanciest of bears 8) Morgan Freeman
Aug 11, 2018 7 tweets 1 min read
I’ve never seen Hackers and just found it on Netflix. I’m gonna watch it now. The racist TV show at the beginning of Hackers going on about “blacks” was called “America First”.
Aug 6, 2018 30 tweets 11 min read
This is going to backfire. West Virginia are moving to mobile phone voting for this midterm elections - software is a ‘Blockchain voting system’ by “Votez”, a 2018 startup with $2m of funding money.cnn.com/2018/08/06/tec… The Voatz website is running on a box with out of date SSH, Apache (multiple CVSS 9+), PHP etc. shodan.io/host/54.164.75…
Jul 25, 2018 9 tweets 3 min read
Will be interesting to see if we found out what happened here. Their website, email and phone system still offline. supplychaindive.com/news/COSCO-US-… Yikes, the Cosco shipping ransomware issues are so bad they are using free Yahoo.com email addresses and Twitter to communicate with customers
Jun 27, 2018 7 tweets 2 min read
Inbenta’s JavaScript library compromised, it was embedded on Ticketmaster’s payment processing page security.ticketmaster.co.uk I’ve tweeted about this a few times prior and should really do a write up. Here’s the short version: compromise 3rd party JavaScript embedded in payment page. Use JavaScript to silently copy credit card info, including CV2 data, to attacker server. Nobody notices for months.
Jun 14, 2018 4 tweets 2 min read
Recommended life sentence for murder in UK (as we set terms) is 30 years, so technically MWT is facing just over two life sentences for allegedly writing some malware which allegedly made $5k and has no US victims. The complete lack of UK gov protest over this case is not okay. For reference.