27th April resources updates

Updates to Anti-Social Media 

Also from Sophos: Know what Instagram knows – here’s how you download your data

The Register: Facebook: Crisis? What crisis? Look at our revenue, it’s fantastic “But analysts say ditch your stock as opex set to blow up”

And again from Sophos: Yahoo fined $35m for staying quiet about mega breach

Updates to Cryptocurrency/Crypto-mining News and Resources

The Register: Power spike leads Chinese police to 600-machine mining rig – “Six Bitcoiners cuffed for electricity heist”

Updates to Meltdown/Spectre and other chip-related resources

Kaspersky Threat Post: MICROSOFT ISSUES MORE SPECTRE UPDATES FOR INTEL CPUS – “Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware (microcode) updates for Intel CPUs that include the Broadwell and Haswell chipsets.”

ZDnet: A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Commentary on Exploiting CVE-2018-1038 – Total Meltdown

Updates to Internet of (not necessarily necessary) Things

Graham Cluley: The NSA wants its algorithms to be a global IoT standard. But they’re simply not trusted – “Why were the algorithms – known as Simon and Speck, and – rejected? It seems because … [they] might contain encryption backdoors that would be abused by US authorities.” I’ve always tended to mistrust standards espoused by professional politicians, who are rarely as knowledgeable on security issues as they would have us believe. Film and TV makers are often deeply mistrustful of government agencies – conspiracy theories make good drama. And in recent years, that mistrust has been reinforced by real news. It’s no wonder if people fear that the Internet of Things will tip into 1984 telescreens. But perhaps they should be at least as distrustful of the private sector. 

The Register: Princeton research team hunting down IoT security blunders – “IoT Inspector is currently at the data-gathering stage, with the aim of launching an open source tool for users to get some idea of what their devices are doing.”

Bleeping Computer: Ski Lift in Austria Left Control Panel Open on the Internet – “Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift’s operational settings.”

Updates to Tech support scams resource page

Erik Wahlstrom for Microsoft talks about tech support scams, the volume of complaints Microsoft receives, and the partnerships it has built in an effort to reduce their impact. Worth reading. Teaming up in the war on tech support scams. Some commentary and basic advice from Graham Cluley: Reports of tech support scams rocket, earning handsome returns for fraudsters.

Updates to: Ransomware Resources

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Updates to Specific Ransomware Families and Types

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Bleeping Computer: New C# Ransomware Compiles itself at Runtime. Announced by the MalwareHunterTeam.

Updates to Chain Mail Check

Me… Microsoft on support scams – plus, assessing gullibility

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s