Securing business data

Blog Item

The Security Train - Sandboxes Really Are Great!

/>

shutterstock_523923208

While the world seems to be pretty much underwater for the last few weeks there have been some interesting developments in the security world that are worth discussing during today’s train journey..

The first is a little update on DoH or DNS over HTTPs for those that did not catch my last posting. Given the number of potential issues raised by security researchers and other interested parties about the use of the technology Mozilla in recent weeks hit back with Senior director of trust and security Marshal Erwin citing a number of interesting incidents in which ISP’s have been caught selling off users location data, manipulating DNS traffic to serve adverts and let’s also not forget the use of super cookies to track user data...all good points, but it’s not like ISP’s are the only ones taking part in the manipulation of private user data is it? I’m not pointing fingers here but it seems in the age of the modern internet everyone is at it...now...maybe I am getting old, but the Internet used to be a much better place when a web page just served up shared information for the good of expanding human knowledge without having to click through 101 cookie warnings, whilst fighting off embedded adverts for toasters from totally unrelated websites...bring back the good old flat html websites with occasional gif hit counters please...ahh those were the days.

In other news we spoke about BlueKeep a few postings back which is a huge vulnerability affecting Microsoft’s RDP service, we warned the about malware potential...and guess what! There’s a fair amount of it floating about now, a recent noteworthy variant uses bluekeep to spread a crypto miner. An interesting article about BlueKeep being weaponised was posted here: 
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ and is a great read if you get the time.

The final bit of news I wanted to talk about was Microsoft’s recent announcement that office365 was going to benefit from a security upgrade soon as a move is being made to sandbox the whole thing just like they already do with their internet browsers; what’s neat about this is should malware attempt to spread via droppers embedded within word documents for example, opening them within the sandbox should (at least in theory) contain what may have been the beginnings of a nasty infection. For now, that’s a job well done and personally I think we should be doing more of this, sandboxing is just ace.

That's all from me for another week, catch up soon.

If you would like to know more about how you may be vulnerable to attack, why not enquire about our free Penetration Testing Training sessions CLICK HERE.

 

       
 Andy Swift - Head of Offensive Security   Andy Swift is, Head of Offensive Security at CNS Six Degrees
and has written countless articles on information security.
He has a particular speciality in Malware and Virus Analysis. 
Andy holds Global Industrial Cyber Security Professional (GICSP) status,
certifying his expertise in ICS Security Essentials for Engineering,
Operating Technology and Cyber.
   



 
     
       
Andy Swift - Head of Offensive Security            


call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere