Category Archives: cryptocurrency

Hi ho, hi ho, off to cryptomine we go

Updates to Cryptocurrency/Crypto-mining News and Resources

Sophos: The Pirate Bay is plundering your CPU for cryptocash, again – “Popular file sharing site The Pirate Bay seems to have returned to its old tricks again by mining cryptocurrency in visitors’ browsers without telling them.” Graham Cluley: The Pirate Bay is cryptomining for Monero with your CPU again

The Hacker News: New Virus Decides If Your Computer Good for Mining or Ransomware – “Researchers at Russian security firm Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well.”

The Register: Japanese cryptominer slapped with suspended sentence – “Said to have netted only £34…”

Sophos: Think that bitcoins and a VPN keep you anonymous? Think again… – “A security lapse by a VPN operator can therefore be very worrying news indeed, and that’s what popular online cybercurrency wallet service MyEtherWallet (MEW) is warning about right now…Hola is a free VPN that essentially shares out participating users’ browser connections out amongst the community in order to get around geoblocks.”

David Harley

Advertisements

Resource updates 5th July 2018

Updates to Anti-Social Media 

Graham Cluley: Carole Cadwalladr takes us behind the scenes of the Cambridge Analytica investigation – HOW MILLIONS OF FACEBOOK USERS’ PERSONAL DATA WERE USED TO INFLUENCE THE US ELECTION AND BREXIT. “Last week, Carole Cadwalladr won The Orwell Prize for Journalism for her work investigating the impact of big data on the EU Referendum at the US Presidential election.”

John E. Dunn for Sophos: Facebook gave certain companies special access to customer data – “What do Russian internet company Mail.ru, car maker Nissan, music service Spotify, and sports company Nike have in common? They, and 57 other companies, were revealed by Facebook in a US House of Representatives’ Energy and Commerce Committee submission to have been given temporary extensions to access private Friends data API despite the company supposedly changing the policy allowing this in May 2015.”

The Hacker News: Facebook Admits Sharing Users’ Data With 61 Tech Companies

Rhett Jones for Gizmodo: Google Says It Doesn’t Go Through Your Inbox Anymore, But It Lets Other Apps Do It

Updates to Cryptocurrency/Crypto-mining News and Resources

Pierluigi Paganini: Crooks leverage obfuscated Coinhive shortlink in a large crypto-mining operation – “Crooks leverage an alternative scheme to mine cryptocurrencies, they don’t inject the CoinHive JavaScript miner directly into compromised websites.”

Paul Ducklin for Sophos: Serious Security: How to cut-and-paste your way to Bitcoin riches – “Whether it’s cryptocurrency addresses, payment card details, ID numbers or other snippets of personal information, malware that sneakily changes data in the clipboard as you work online can trick you into paying the wrong people.”

Updates to GDPR page

The Register: United States, you have 2 months to sort Privacy Shield … or data deal is for the bin – Eurocrats – “MEPs call for urgent fix”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

DZone Security Zone: Glimpse Inside IoT-Triggered DDoS Attacks and Securing IT Infrastructures

Tech support scams resource page

SANS Ouch Newsletter: Phone Call Attacks & Scams

Updates to Mac Virus

Andrew Orlowski for The Register: Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn’t even know it – “Over 89 per cent of apps in the Google Play store make use of an API that requests screen capture or recording – and the user is oblivious as it evades the Android permission framework.” Summary of a paper”…titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications (summary and PDF).”

Pierluigi Paganini: A Samsung Texting App bug is sending random photos to contacts – ”

“The problem affected Galaxy S9 and S9+ devices, but we cannot exclude that other devices may have been affected…several users reported the anomalous behavior on Reddit and the company official forums.”

John E. Dunn for Sophos: Samsung phones sending photos to contacts without permission and also Your smartphone can watch you if it wants to, study finds.

Elcomsoft:  Apple Warns Users against Jailbreaking iOS Devices: True or False? Not whether Apple has issued the warnings – of course it has – but more about how justified the warnings are. The conclusion seems to be mostly true, with “with few caveats and one major exception.” Interesting article, anyway.

David Harley

Cryptomining – it’s off to scam we go

1.

ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

2.

Catalin Cimpanu for Bleeping Computer: Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million – Online crooks promoting fake “giveaways” have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.”

3.

Graham Cluley: Bitcoin price takes a dive after another cryptocurrency exchange hack
– “Billions of dollars worth of wealth were wiped out this weekend after a South Korean cryptocurrency exchange was hacked … The exchange in question is called Coinrail…”

4.

Lisa Vaas for Sophos: SHOCK! HORROR! SURPRISE! Bitcoin priceplosion may have been market manipulation – “Last year’s meteoric rise in the value of Bitcoin and other cryptocurrencies might well have been artificially inflated, according to a paper released on Wednesday by University of Texas finance professor John Griffin and graduate student Amin Shams.” Maybe not an outright scam, but a bit shady, if true.

David Harley

Resource updates May 1 2018

Updates to Anti-Social Media 

The Guardian: WhatsApp CEO Jan Koum quits over privacy disagreements with Facebook – “WhatsApp was built with a focus on privacy and a disdain for ads, but the Facebook-owned service is now under pressure to make money”

Selina Wang for Bloomberg: Twitter Sold Data Access to Cambridge Analytica–Linked Researcher. And commentary from Help Net.

ENISA: Strengthening network & information security & protecting against online disinformation (“fake news”) – “In this paper, ENISA presents some views on the problem of online disinformation in the EU from a Network and Information Security (NIS) perspective. A number of recommendations are presented which relate both to general NIS measures, as well as targeted measures to protect against online disinformation specifically.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Coin Telegraph: Scammers Hijack Verified Twitter Account To Steal Crypto By Posing As Telegram CEO

Updates to Chain Mail Check

ESET: This test will tell you how likely you are to fall for fraud

David Harley

Intel gives up and Microsoft tries again…

Updates to Meltdown/Spectre – Related Resources

[April 4 2018] John Leyden for The Register: Badmins: Magento shops brute-forced to scrape card deets and install cryptominers

April 2nd/3rd 2018 updates

Updates to Anti-Social Media 

[2nd April 2018] Facecrooks: Facebook Is Making Its Privacy Settings Easier To Find

[3rd April 2018] John Leyden for The Register: One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools – Chad Loder is quoted as saying “The internet ought to “route around” known privacy abusers, shifting from passive blocking of cookies, host names, and scripts to a more active deception model. ” Lots of other useful commentary.

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

‘Android action updates’

David Harley

AVIEN resource updates 31st March 2018

Updates to Anti-Social Media

 (HT to Mich Kabay for pointing out the Economist articles – NB there’s a limit on how many you can view without subscribing.)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Updates to Mac Virus

(1) iOS

(2) Android

Updates to Anti-Malware Testing Blog

David Harley

Resource updates March 29th 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

  • Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)

David Harley

Resources updates, 26 March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

David Harley

Resources updates, 23rd March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

  • Catalin Cimpanu for Bleeping Computer: City of Atlanta IT Systems Hit by SamSam Ransomware
  • An older article (January) but well worth reading: SamSam – The Evolution Continues Netting Over $325,000 in 4 Weeks
  • ESET on the Atlanta ransomware attack City of Atlanta computers held hostage in ransomware attack
  • My response (not used) to a request for comment: “Lately, quite a few comparatively new security issues have tended to overshadow ransomware in the media: cryptojacking, vulnerabilities relating to hardware and firmware, even privacy issues relating to social media (and especially Facebook). Yet this incident is a salutary reminder that ransomware has not gone away just because it isn’t talked about so much, and there are some examples for which there is still no decryptor available except by the ‘goodwill’ of the criminals. As long as some of the bad guys are making money out of it, the attacks will continue. It should, therefore, still be a priority for organizations and individuals to ensure that their data and systems are safely backed up and that ransomware can’t reach the backups as well as the original files.”
  • Thomas Claburn for The Register: City of Atlanta’s IT gear thoroughly pwned by ransomware – “nasty Data gone with the wind as attacker goes full Sherman”

In other news… Richard Chirgwin, for the Register: ‘R2D2’ stops disk-wipe malware before it executes evil commands – ‘Reactive Redundancy for Data Destruction Protection’ stops the likes of Shamoon and Stonedrill before they hit ‘erase’. Summarizes research from Purdue university.

Updates to Meltdown/Spectre – Related Resources (Microsoft/Windows section)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

  • V3: Apple to fix iOS11 bug that enables Siri to read hidden notifications – “Bug means Siri can be asked to read aloud all your hidden notifications” (Yes, it’s more on that Siri silliness.)

Updates to Chain Mail Check