September 19th 2018 Updates

Updates to Anti-Social Media 

Danny Bradbury for Sophos: Deepfake pics and videos set off Facebook’s fake news detector Centres on FB’s announcement that “To date, most of our fact-checking partners have focused on reviewing articles. However, we have also been actively working to build new technology and partnerships so that we can tackle other forms of misinformation. Today, we’re expanding fact-checking for photos and videos to all of our 27 partners in 17 countries around the world (and are regularly on-boarding new fact-checking partners). This will help us identify and take action against more types of misinformation, faster.”

The Register: Not so much changing their tune as enabling autotune: Facebook, Twitter bigwigs nod and smile to US senators – “Google slammed for no-show”


Graham Cluley: Twitter testing new feature that reveals when you’re online – “WHO OTHER THAN STALKERS ACTUALLY WANTS THIS?”


Lisa Vaas for Sophos: Review that! Fake TripAdvisor review peddler sent to jail

“The owner of a fake-review factory is going to get a chance to write a review about his trip to the inside of an Italian jail.

TripAdvisor announced (PDF) on Wednesday that, in one of the first cases of its kind, the criminal court of the Italian city of Lecce has ruled that writing fake reviews, under a fake identity, is criminal conduct.”


Michigan News (University of Michigan): Fake news detector algorithm works better than a human – “ANN ARBOR—An algorithm-based system that identifies telltale linguistic cues in fake news stories could provide news aggregator and social media sites like Google News with a new weapon in the fight against misinformation.

The University of Michigan researchers who developed the system have demonstrated that it’s comparable to and sometimes better than humans at correctly identifying fake news stories.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Palo Alto: Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows – “Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers that we have named XBash. We can tie this malware to the Iron Group, a threat actor group known for ransomware attacks in the past.”


Tomáš Foltýn for ESET: One in three UK orgs hit by cryptojacking in previous month, survey finds – “Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies”


Trend Micro took a little time out from snarfing customer data to issue a report that tells us of “a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. Unseen Threats, Imminent Losses Phil Muncaster notes, based on that report, that Cryptomining Malware Soars 956% in a Year and also cites a report from Checkpoint which “warned last month that the number of global organizations affected by cryptojacking rose from just under 21% in the second half of 2017 to 42% in 1H 2018, with cyber-criminals making an estimated $2.5bn over the past six months.”


Graham Cluley: Cryptominers killing cryptominers to squeeze more out of your CPU

“As security researcher Xavier Mertens describes, a newly-encountered malicious miner for the Monero cryptocurrency is working hard to kill any potential competitors it encounters for system resources, using an ever-expanding list.”


Kaspars Osis for ESET: Kodi add-ons launch cryptomining campaign – “ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware”

Commentary from Bleeping Computer: Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans – “Security researchers discovered a campaign that infects machines running Kodi via a legitimate add-on that has been altered by cybercriminals looking to mine the onero cryptocurrency with the resources of Kodi users.”


Danny Bradbury for Sophos: Blockchain hustler beats the house with smart contract hack – “A wily hacker has scored a thousand dollar cryptocurrency jackpot … by using their own code to tamper with a smart contract run by a betting company on the EOS blockchain …. Unlike Bitcoin, which uses a blockchain to record the transfer of digital currency, EOS and Ethereum both enable people to run computer programs. These programs are called smart contracts, and instead of running in one place they run on many computers connected to the blockchain.” Fascinating article.

Updates to GDPR page

Veronika Gallisova for ESET: 100 days of GDPR – “What impact has the new data protection directive had on businesses so far?”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

John Leyden for The Register: 2-bit punks’ weak 40-bit crypto didn’t help Tesla keyless fobs one bit – “Eggheads demo how to clone gizmo, nick flash motor in seconds – flaw now patched”

“Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive away the electric sports car.”


The Register: Mikrotik routers pwned en masse, send network data to mysterious box – “Researchers uncover botnet malware pouncing on security holes”


The Register: Thousands of misconfigured 3D printers on interwebz run risk of sabotage

“Internet-connected 3D printers are at risk of being tampered with or even sabotaged because users fail to apply security controls, a researcher has warned.”


The Register: M-M-M-MONSTER KILL: Cisco’s bug-wranglers swat 29 in single week – “If you’re running the end-of-life RV110 Wireless-N VPN firewall or RV215W Wireless-N VPN router, bad news: some of their security vulnerabilities won’t be patched and there’s no workaround – so it is probably time to replace them.”


Tomáš Foltýn for ESET: Could home appliances knock down power grids? –  “The researchers tested the plausibility of the new type of attack on “state-of-the-art simulators on real-world power grid models”. The threat is described in a paper called “BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid”, and the research was also presented at a recent USENIX security symposium.”

Updates to: Ransomware Resources

Mark Stockley for Sophos: The rise of targeted ransomware

“While cryptomining and cryptojacking have been sucking all the air out of the press room, a snowball that started rolling well before anyone had ever heard of WannaCry has been gathering pace and size.

The snowball is a trend for stealthier and more sophisticated ransomware attacks – attacks that are individually more lucrative, harder to stop and more devastating for their victims than attacks that rely on email or exploits to spread.”

Updates to Specific Ransomware Families and Types

John Leyden for The Register: Sextortion scum armed with leaked credentials are persistent pests – “If you’re going to batter 8,497 folk with over 60,000 threats, odds are someone will crack”

Bleeping Computer: Barack Obama’s Blackmail Virus Ransomware Only Encrypts .EXE Files – “It is unknown how this ransomware is distributed or if the developer will even provide a decryption key if paid. ”

Updates to Mac Virus

Dangers on Safari – The Safari Reaper attack, and URL spoofing

Android Issues – Android Malware-as-a-Service botnet, CVE-2018-9489, and open-source vulnerabilities in Android apps.

Smartphones that talk too much acoustic side-channel attacks

Flushing the Mac App Store  Ad-Doctor and three Trend apps removed

Apple to make life easier for law enforcement – portal to apply for access to information and training

Krebs: commentary on global authentication via your wireless carrier – what could go wrong?

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.