Who owns social media?

In spite of the fact that I have very little connection with the security business at this point, I was asked for my opinion regarding the topic of deleting your content on social media.

I tend to think that the safest way of looking after sensitive data is to avoid posting it in the first place, that’s pretty much what I said, though at greater length and in more detail. However, the final article, now published, is actually pretty good, and while it does include my comments, it also covers a wider range of opinion.

Worth reading…

David Harley

Advertisements

Support scams update

It’s not exactly hot news that support scammers have tended to move away from cold-calling towards other techniques such as deceptive pop-up messages and putting their contact details in deceptive advertising that victims with a real problem might come across.

Still, this is quite interesting. Trend Micro: Shifting Strategies: Using Social Media, SEO in Tech Support Scams

David Harley

Virus Bulletin Newsletter/new resource page

As already announced, I’m not currently working in the security industry, and therefore not maintaining these resources or posting current security news. Here’s a resource that many of the people who’ve followed this blog will find useful, however, if they aren’t subscribed already.

The Virus Bulletin newsletter is archived here, and there’s also a button for subscribing to the mailing list. A good spread of news and information from VB editor Martijn Grooten.

I’ve added this to a new resource page – essentially, a currently sparse list of places you may find some useful mailing lists and other resources. I don’t promise that it will ever be a major resource…

News/information resources

Over the years I’ve received lots of mail from companies hoping to get some publicity for their products by offering some sort of information resource. Please note that I won’t add such resources unless they’re very good indeed… In principle, AVIEN has always been maintained independently of commercial products, though it was my (now discontinued) association with a security vendor that allowed me to maintain these pages. (However, that company never attempted to influence the content published here.)

David Harley

Normal service will be resumed…

… Well, probably. But not just yet.

Due to bereavement and personal health issues, I’m unable to maintain this site at the moment. I can probably give you an update on that by the 17th December 2018, but it’s more likely that I’ll start over with security news updates and additions to the specialist resource pages, rather than try to catch up with all the news that’s passed through my mailbox since mid-November.

In the meantime, here’s a brief summary of Apple-related news on the Mac Virus blog: Apple updates 10th December 2018

David Harley

November 18th 2018: AVIEN resource updates

Updates to Anti-Social Media 

The Register: Sorry, Mr Zuckerberg isn’t in London that day. Or that one. Nope. I’d give up if I were you – “Facebook boss delays, denies and deflects more invitations to international committee …. The UK’s digital committee has been trying to get Mark Zuckerberg to have a chat with them since the Cambridge Analytica scandal broke in April. Its latest tactic is an “international grand committee” made up of parliamentary committees from five different nations” ”


My attention was drawn via an article from the Homeland Security News Wire – Using social media to weaken impact of terrorist attacks – to a report spearheaded by Cardiff University’s Crime and Security Research Institute and commissioned by the Five Country Ministerial (FCM) Countering Extremism Working Group, and  called From Minutes to Months – A rapid evidence assessment of the impact of media and social media during and after terror events. According to the Executive Summary it centres on:

1. An overview of the relationships between terrorist violence and media, and
how these have been influenced by changes to the media ecosystem.
2. A brief outline of the key typical developments that take place in particular
time periods as one moves further away from the occurrence of the original
violence.
3. Recommendations for police, government and others involved in public
safety provision, in terms of what strategic communications postures they
can adopt to limit the impacts and harms of terror attacks.

Interesting stuff.


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”


Graham Cluley: On eve of US elections, Facebook blocked 115 accounts engaged in ‘coordinated inauthentic behavior’ – “In a statement posted on its website … Facebook explained that in the last year it has found and removed bad actors from the site on many occasions – based on its own internal investigations and information provided by law enforcement, and external experts.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Matthieu Faou for ESET: Supply-chain attack on cryptocurrency exchange gate.io – “Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange”


Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

Updates to GDPR page

Tomáš Foltýn for ESET: Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites – “The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes”


ThreatPost: GDPR’s First 150 Days Impact on the U.S. – “So, roughly 150 days after the passage of one of the most significant data privacy laws ever, how has it impacted U.S. companies’ privacy efforts? The reality is, not so much.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Well, here’s a  twist. For Sophos, Lisa Vaas cites an article in the Washington Post regarding a murder in New Hampshire in January 2017. The Post quotes documents that state:

The court finds there is probable cause to believe the server(s) and/or records maintained for or by Amazon.com contain recordings made by the Echo smart speaker from the period of Jan. 27 to Jan. 29, 2017… and that such information contains evidence of crimes committed against Ms. Sullivan, including the attack and possible removal of the body from the kitchen.

Lisa Vaas also tells us that this is at least the 2nd occasion on which “a court has demanded Alexa recordings so that a digital assistant can testify in a murder case.”


Lisa Vaas also drew my attention to an article from Pen Test Partners article  Tracking and snooping on a million kids, which looks at the MiSafes ‘Kids Watcher’ tracking watch, which sounds like a reasonable idea in terms of keeping an eye on your children’s safety. However, it appears that the implementation is far from perfect, in several respects. If you’ve bought or are considering buying one of these, you need to read the article.


The Register: This one weird trick turns your Google Home Hub into a doorstop – “Secret API leaves door open for remote commands from other gadgets sharing its Wi-Fi”


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”

The Register: Creepy or super creepy? That is the question Mozilla’s throwing at IoT Christmas pressies – “‘Tis the season to be tracked by your connected water bottle”


The Register: Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses – “”I challenge you to find an industry in the last 100 years that has improved security without being told [to do so] by the government.”


Graham Cluley for TripWire: Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw – “Analysts working at Qihoo 360’s Netlab team say that they first identified the new botnet in September 2018. They have dubbed it “BCMUPnP_Hunter” because of its exploitation of a security hole in the Broadcom UPnP SDK first discovered in 2013.””

Updates to Meltdown/Spectre and other chip-related resources

The Register: Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips – “CPU slingers insist existing defenses will stop attacks – but eggheads disagree [….] “‘Speculative execution’ is often falsely used as an umbrella term…” they explain in a paper distributed through ArXiv on Tuesday.”


Danny Bradbury for Sophos: PortSmash attack steals secrets from Intel chips on the side – “The proof of concept code, called PortSmash, comes from researchers at Finland’s Tampere University of Technology and the Technical University of Havana, Cuba. It uses a category of exploit called a side channel attack, in which one program spies on another as it runs.”

Updates to Specific Ransomware Families and Types

The Register: Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken – “”Considering the lowest ransom note is $600 and almost half of infected victims give in to ransomware, the developers might have made at least $300m in the past couple of months alone,” says BitDefender’s Liviu Arsene.”


ZDNet: New SamSam ransomware campaign aims at targets across the US
“Hackers behind powerful file-locking malware with high ransom demands continue to target organisations they find vulnerable to attacks.”


David Bisson for Tripwire: Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Updates to Tech support scams resource page

Jérôme Segura for Malwarebytes: Browlock flies under the radar with complete obfuscation – “Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users.  [….] Recently we’ve seen the “evil cursor” that prevents you from closing the fake alert, and the fake virus downloadthat insinuates your computer is already infected. This time, we look at how browser locker pages use encoding to bypass signature-based detection.”

Updates to Mac Virus

Apple and Android updates 17th November 2018

  • iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo
  • ESET: Google’s data charts path to avoiding malware on Android
  • Android security patches
  • Apple Watch patch
  • iOS 12.1 lockscreen bypass
  • Krebs on SIM-swapping

David Harley

Malwarebytes on Browlock encoding

Posted on the Malwarebytes blog over a week ago, but I’ve been out of office. Still, this is definitely worth reading.

Jérôme Segura for Malwarebytes: Browlock flies under the radar with complete obfuscation – “Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users.  [….] Recently we’ve seen the “evil cursor” that prevents you from closing the fake alert, and the fake virus download that insinuates your computer is already infected. This time, we look at how browser locker pages use encoding to bypass signature-based detection.”

David Harley

Update about updates

Hello, my esteemed readers.

How are you both? Did you miss me?

I’m afraid AVIEN is very much a one-man band, these days, and I’ve been too tied up with family issues to devote any time to this site for a week or two. It’s likely that I’ll find time to put up a catch-up blog or two over the weekend, but it’s actually pretty time-consuming to do these, and home circumstances mean that there might be timelag issues for the rest of the year. I’ll have to think about reprioritizing these.

David Harley

29th October AVIEN updates

Updates to Anti-Social Media 

Tomáš Foltýn for ESET: Nothing exceeds like excess; or, a lack of privacy in the digital age 
What has the internet brought us? And how does privacy stay anchored in the data deluge of the digital age? Here’s a brief reflection to celebrate today’s Internet Day

Updates to Cryptocurrency/Crypto-mining News and Resources

Lawrence Abrams for Bleeping Computer: Exposed Docker APIs Continue to Be Used for Cryptojacking – “Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. ”


Sophos: Call of Duty players caught up in cryptocurrency theft racket – “According to the Chicago Sun-Times, which has seen the first-hand report from a court filing in Chicago, the FBI alleges that the criminals involved stole more than $3.3 million USD in a variety of cryptocurrencies, including Reputation and Ethereum tokens and that the thieves coerced other Call of Duty players into joining their criminal activities.”

Updates to: Ransomware Resources

Stephen Cobb for ESET: Ransomware and the enterprise: A new white paper
“Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk”

David Harley

26th October resource updates

Cryptocurrency updates

ZDNet: North Korea blamed for two cryptocurrency scams, five trading platform hacks
” A Group-IB report published last week pinned five of 14 cryptocurrency exchange hacks on Lazarus Group, a codename assigned by the cyber-security industry to North Korea’s military hacking units….In a report published today by threat intel firm Recorded Future, individuals associated with the North Korean regime have also been blamed for running cryptocurrency-related scam.” [sic]


Pierluigi Paganini: Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol – “The presentation titled “BOTCHAIN aka The Dark side of Blockchain” includes details about the first fully functional Botnet built upon the Bitcoin Protocol named “BOTCHAIN”.”

Updates to Anti-Social Media 

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”


The Register: Jeez, not now, Iran… Facebook catches Mid East nation running trolly US political ads – “Whack-a-Troll: Ad biz smashes latest manipulation plot to show it’s doing…something … Facebook, the antisocial advertising platform on which anyone can promote just about anything, on Friday said it found people promoting political discord in the US and UK, yet again.”

IoT update


Tomáš Foltýn for ESET: IoT: A roomful of conundrums
“How can you stay safe in a world where “smart” is the new default?”


The Register: We asked 100 people to name a backdoored router. You said ‘EE’s 4GEE HH70’. Our survey says… Top answer! – SSH hardcoded ‘admin’ login found, patch, er, patch coming?


Europol press release: If your toothbrush calls you, it might not be for dental hygiene: the importance of securing the internet of things

“Building on this work, ENISA continues to engage with stakeholders and will publish a new study in 2018 on Good Practices for Security of IoT with a focus on Industry 4.0 and smart manufacturing, while in 2019 relevant efforts concerning smart cars are expected.”

Updates to Specific Ransomware Families and Types

ESET: ESET releases new decryptor for Syrian victims of GandCrab ransomware – “ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators”

Updates to Anti-Malware Testing

SE Labs introduces penalty shootout

Updates to Chain Mail Check

Je te plumerai le BEC

Updates to Mac Virus

ZDnet: Apple blocks GrayKey police tech in iOS update – “Reports suggest the data-slurping tool has been rendered useless — but no-one knows how.”

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”

David Harley