Category Archives: Resources

Anti-social media part umpteen

BBC: Children ‘blackmailed’ for sexual images in online video chats. “A surge in the use of video chats and live-streaming among children is leaving them vulnerable to abuse, the NSPCC has warned, calling for a social network regulator to be introduced.”


Graham Cluley: Facebook Portal isn’t designed to be as private as you might hope – Graham says “I doubt I’m alone in the world in thinking that allowing Facebook, of all companies, into your home with a microphone and a video camera is a pretty terrible idea.” Indeed he isn’t… And this story is not reassuring, with FB’s weaselly partial backtracking on the assertion that it would not collect data for targeted advertising.


I’m not the biggest fan of SANS and its newsletters. (That would be SANS…) But the Top Of The News section in its October 19th 2018 Newsbites newsletter includes a number of links relevant to election interference and social media that you might find worth reading.

David Harley

Advertisements

AVIEN, Chainmailcheck, & MacVirus updates

Updates to Anti-Social Media 

ESET: Tumblr patches bug that could have exposed user data
The microblogging platform is assuring its users that has found no evidence that any data was actually stolen

The Register: Tumblr turns stumblr, left humblr: Blogging biz blogs bloggers’ private info to world+dog – “Tumblr today reveal it has fixed a security bug in its website that quietly revealed private details of some of its bloggers”


The Next Web: Twitter releases 10M Iranian and Russian propaganda tweets ahead of US Midterms – “Twitter yesterday released a bevy of data related to Iranian and Russian-sponsored misinformation campaigns started as long ago as 2009. The hope, in releasing the trove, is that academics and researchers will use it to come up with solutions to the propaganda problem plaguing US politics.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Bleeping Computer: Researcher Livestreams 51% Attack on Altcoin Blockchain – “A little over a week ago, researcher promised to run a 51% attack on the blockchain of a small cryptocurrency called Einsteinium (EMC2), to show the world how easy the entire process was.”

Updates to GDPR page

ZDNet: Apple to US users: Here’s how you can now see what personal data we hold on you – “Apple’s privacy tools now go beyond Europe, so more now get to download the personal data it has collected….he move brings the four countries in line with Europe, where Apple began offering a simpler way to download a copy of user data in May, just before the EU’s strict GDPR privacy legislation came into effect.”

Updates to Meltdown/Spectre and other chip-related resources

The Register: Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3’s security chip – “Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor”

Updates to Specific Ransomware Families and Types

Bleeping Computer: GandCrab Devs Release Decryption Keys for Syrian Victims – “After seeing this tweet, the GandCrab developers posted on a forum that they have released the keys for all Syrian victims. They also stated that it was a mistake that Syria was not added to the original list of countries that GandCrab would not encrypt, but did not say if they would be added going forward.”

Updates to Chain Mail Check

Recognizing scams

Updates to Mac Virus

Apple and personal data, plus Android issues

David Harley

IoT updates

Updates to Internet of (not necessarily necessary) Things

Added a few days ago, in fact, but I’ve been a bit busy…

  • Threat Post: Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers – “The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.”
  • The Register: Last year, D-Link flubbed a router bug-fix, so it’s back with total pwnage – “Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check….Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched.”
  • The Register: Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound – “Gadgets taught to identify actions via always-on mics” What could go wrong?
  • Pierluigi Paganini: A Russian cyber vigilante is patching outdated MikroTik routers exposed online – “Alexey described his activity on a Russian blogging platform, he explained he hacked into the routers to change settings and prevent further compromise.” As Paganini points out, this is still ‘cybercrime’. Well, in most jurisdictions. Indeed, I remember dissuading a friend from taking somewhat similar action to remediate the impact of the Code Red worm in 2001 . Even if the motivation is pure, it’s still unauthorized access and modification. I talked about related issues in the context of the BBC’s purchase of a botnet in 2009 here and elsewhere linked in the article. Unfortunately, the ESET link there no longer works, and it’s on ESET’s blog that I did most of my writing on the topic, but you could try this.
  • The UK’s National Cyber Security Centre (NCSC), in collaboration with the Department for Digital, Culture, Media and Sport (DCMS) , has published a Code of Practice for Consumer IoT Security (a differently-formatted – i.e. picture-free – version is available here). It is based on the following guidelines:
    • No default passwords
    • Implement a vulnerability disclosure policy
    • Keep software updated
    • Securely store credentials and security-sensitive data
    • Communicate securely
    • Minimise exposed attack surfaces
    • Ensure software integrity
    • Ensure that personal data is protected
    • Make systems resilient to outages
    • Monitor system telemetry data
    • Make it easy for consumers to delete personal data
    • Make installation and maintenance of devices easy
    • Validate input data

Commentary from The Register: GCHQ asks tech firms to pretty please make IoT devices secure – “Hive, HP Inc sign up to refreshed code of practice”

 

12th October resource updates

Updates to Anti-Social Media 

Sophos: Instagram tests sharing your location history with Facebook – “For those Facebook users who still cling to the notion that they can limit Facebook’s tracking of our lives like it’s an electronic bloodhound, you should be aware that its Instagram app has been prototyping a new privacy setting that would enable location history sharing with its parent company.”

The Register: Facebook mass hack last month was so totally overblown – only 30 million people affected – “Good news: 20m feared pwned are safe. Bad news: That’s still 30m profiles snooped…”

Me, for ESET: Facebook cloning revisited

Updates to Cryptocurrency/Crypto-mining News and Resources

Brad Duncan for Palo Alto Unit 42: Fake Flash Updaters Push Cryptocurrency Miners – “…As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

The Register: If you haven’t already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

Updates to Chain Mail Check

Facebook cloning revisited

Updates to Mac Virus

Chinese iPhone users – Apple IDs compromised

David Harley

AVIEN resources update 10th October 2018

Updates to Anti-Social Media 

Catalin Cimpanu for ZDnet: Google sets new rules for third-party apps to access Gmail data – “All Gmail third-party apps with full access to Gmail user data will need to re-submit for a review by February 15, 2019, or be removed.” Meanwhile, according to the Hacker News: Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data.

“The vulnerability was open since 2015 and fixed after Google discovered it in March 2018, but the company chose not to disclose the breach to the public—at the time when Facebook was being roasted for Cambridge Analytica scandal.”

The Register comments: Google now minus Google Plus: Social mini-network faces axe in data leak bug drama – “Project Zero would have been all over this – yet it remained under wraps”


Pierluigi Paganani: Hackers can compromise your WhatsApp account by tricking you into answering a video call

The Register:  Rap for WhatsApp chat app chaps in phone-to-pwn security nap flap – “Memory corruption flaw present in Android, iOS builds. Aaand it’s been fixed”

Updates to Cryptocurrency/Crypto-mining News and Resources

Cecilia Pastorino for ESET: Blockchain: What is it, how it works and how it is being used in the market – “A closer look at the technology that is rapidly growing in popularity”


Help Net, citing a report by Webroot: Cryptomining dethrones ransomware as top threat in 2018

Updates to GDPR page

Amber Welch for Security Boulevard: Phishing the GDPR Data Subject Rights – “Companies across the globe are now working toward compliance with the EU GDPR, while phishers may be preparing to exploit their new compliance processes. Airbnb first fell prey to a GDPR-related scam, with more surely to come. Unfortunately, many GDPR security efforts have focused primarily on Article 32 while overlooking new ancillary compliance program risks.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

SEC Consult: MILLIONS OF XIONGMAI VIDEO SURVEILLANCE DEVICES CAN BE HACKED VIA CLOUD FEATURE (XMEYE P2P CLOUD)

Shaun Nichols for The Register: World’s largest CCTV maker leaves at least 9 million cameras open to public viewing – “Xiongmai’s cloud portal opens sneaky backdoor into servers….Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses.”


Netlab 360: 70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS – “Just like the regular dnschanger, this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg.cgi exploit, then changes the router’s default DNS address to the Rogue DNS Server[3]through the corresponding DNS configuration interface.”

Tomáš Foltýn for ESET: Most routers full of firmware flaws that leave users at risk
– “If you own a Wi-Fi router, it may well be riddled with security holes that expose you to a host of threats” There’s a comment to this piece by TrevorX that’s well worth reading.


The Register: Which? That smart home camera? The one with the vulns? Really? – “Which? Magazine has been called out for recommending a line of smart home cameras with known vulnerabilities.”


Pierluigi Paganini: Expert presented a new attack technique to compromise MikroTik Routers – “The experts at Tenable Research presented the technique on October 7 at DerbyCon 8.0 during the talk “Bug Hunting in RouterOS” at Derbycon, it leverages a known directory traversal flaw tracked as CVE-2018-14847.”

Updates to Meltdown/Spectre and other chip-related resources

Thomas Claburn for The Register: Intel’s commitment to making its stuff secure is called into question – ‘In an email to The Register in response to our report about the problems posed by the Manufacturing Mode in Intel’s Management Engine (ME), which if left open leaves processors vulnerable to local attack, Kanthak called Intel’s statement “a blatant lie.”‘

Updates to: Ransomware Resources

Help Net, citing a report by Webroot: Cryptomining dethrones ransomware as top threat in 2018

Updates to Tech support scams resource page

Probably won’t get to be a full post, but a comment on one of my ESET blog articles pointed out that “A similar variation is still going round starting with the assertion that your broadband speed is below par and he was working on behalf of my ISP. When we got as far as typing “assoc” in the command window I looked for proof of identification (which I should have asked for at the start!). As tempers flared I hung up the line.”

Updates to Mac Virus

More commentary on China, Apple, and supply-chain hacking

Android, iOS, and macOS issues

 

David Harley

September 19th 2018 Updates

Updates to Anti-Social Media 

Danny Bradbury for Sophos: Deepfake pics and videos set off Facebook’s fake news detector Centres on FB’s announcement that “To date, most of our fact-checking partners have focused on reviewing articles. However, we have also been actively working to build new technology and partnerships so that we can tackle other forms of misinformation. Today, we’re expanding fact-checking for photos and videos to all of our 27 partners in 17 countries around the world (and are regularly on-boarding new fact-checking partners). This will help us identify and take action against more types of misinformation, faster.”

The Register: Not so much changing their tune as enabling autotune: Facebook, Twitter bigwigs nod and smile to US senators – “Google slammed for no-show”


Graham Cluley: Twitter testing new feature that reveals when you’re online – “WHO OTHER THAN STALKERS ACTUALLY WANTS THIS?”


Lisa Vaas for Sophos: Review that! Fake TripAdvisor review peddler sent to jail

“The owner of a fake-review factory is going to get a chance to write a review about his trip to the inside of an Italian jail.

TripAdvisor announced (PDF) on Wednesday that, in one of the first cases of its kind, the criminal court of the Italian city of Lecce has ruled that writing fake reviews, under a fake identity, is criminal conduct.”


Michigan News (University of Michigan): Fake news detector algorithm works better than a human – “ANN ARBOR—An algorithm-based system that identifies telltale linguistic cues in fake news stories could provide news aggregator and social media sites like Google News with a new weapon in the fight against misinformation.

The University of Michigan researchers who developed the system have demonstrated that it’s comparable to and sometimes better than humans at correctly identifying fake news stories.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Palo Alto: Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows – “Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers that we have named XBash. We can tie this malware to the Iron Group, a threat actor group known for ransomware attacks in the past.”


Tomáš Foltýn for ESET: One in three UK orgs hit by cryptojacking in previous month, survey finds – “Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies”


Trend Micro took a little time out from snarfing customer data to issue a report that tells us of “a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. Unseen Threats, Imminent Losses Phil Muncaster notes, based on that report, that Cryptomining Malware Soars 956% in a Year and also cites a report from Checkpoint which “warned last month that the number of global organizations affected by cryptojacking rose from just under 21% in the second half of 2017 to 42% in 1H 2018, with cyber-criminals making an estimated $2.5bn over the past six months.”


Graham Cluley: Cryptominers killing cryptominers to squeeze more out of your CPU

“As security researcher Xavier Mertens describes, a newly-encountered malicious miner for the Monero cryptocurrency is working hard to kill any potential competitors it encounters for system resources, using an ever-expanding list.”


Kaspars Osis for ESET: Kodi add-ons launch cryptomining campaign – “ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware”

Commentary from Bleeping Computer: Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans – “Security researchers discovered a campaign that infects machines running Kodi via a legitimate add-on that has been altered by cybercriminals looking to mine the onero cryptocurrency with the resources of Kodi users.”


Danny Bradbury for Sophos: Blockchain hustler beats the house with smart contract hack – “A wily hacker has scored a thousand dollar cryptocurrency jackpot … by using their own code to tamper with a smart contract run by a betting company on the EOS blockchain …. Unlike Bitcoin, which uses a blockchain to record the transfer of digital currency, EOS and Ethereum both enable people to run computer programs. These programs are called smart contracts, and instead of running in one place they run on many computers connected to the blockchain.” Fascinating article.

Updates to GDPR page

Veronika Gallisova for ESET: 100 days of GDPR – “What impact has the new data protection directive had on businesses so far?”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

John Leyden for The Register: 2-bit punks’ weak 40-bit crypto didn’t help Tesla keyless fobs one bit – “Eggheads demo how to clone gizmo, nick flash motor in seconds – flaw now patched”

“Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive away the electric sports car.”


The Register: Mikrotik routers pwned en masse, send network data to mysterious box – “Researchers uncover botnet malware pouncing on security holes”


The Register: Thousands of misconfigured 3D printers on interwebz run risk of sabotage

“Internet-connected 3D printers are at risk of being tampered with or even sabotaged because users fail to apply security controls, a researcher has warned.”


The Register: M-M-M-MONSTER KILL: Cisco’s bug-wranglers swat 29 in single week – “If you’re running the end-of-life RV110 Wireless-N VPN firewall or RV215W Wireless-N VPN router, bad news: some of their security vulnerabilities won’t be patched and there’s no workaround – so it is probably time to replace them.”


Tomáš Foltýn for ESET: Could home appliances knock down power grids? –  “The researchers tested the plausibility of the new type of attack on “state-of-the-art simulators on real-world power grid models”. The threat is described in a paper called “BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid”, and the research was also presented at a recent USENIX security symposium.”

Updates to: Ransomware Resources

Mark Stockley for Sophos: The rise of targeted ransomware

“While cryptomining and cryptojacking have been sucking all the air out of the press room, a snowball that started rolling well before anyone had ever heard of WannaCry has been gathering pace and size.

The snowball is a trend for stealthier and more sophisticated ransomware attacks – attacks that are individually more lucrative, harder to stop and more devastating for their victims than attacks that rely on email or exploits to spread.”

Updates to Specific Ransomware Families and Types

John Leyden for The Register: Sextortion scum armed with leaked credentials are persistent pests – “If you’re going to batter 8,497 folk with over 60,000 threats, odds are someone will crack”

Bleeping Computer: Barack Obama’s Blackmail Virus Ransomware Only Encrypts .EXE Files – “It is unknown how this ransomware is distributed or if the developer will even provide a decryption key if paid. ”

Updates to Mac Virus

Dangers on Safari – The Safari Reaper attack, and URL spoofing

Android Issues – Android Malware-as-a-Service botnet, CVE-2018-9489, and open-source vulnerabilities in Android apps.

Smartphones that talk too much acoustic side-channel attacks

Flushing the Mac App Store  Ad-Doctor and three Trend apps removed

Apple to make life easier for law enforcement – portal to apply for access to information and training

Krebs: commentary on global authentication via your wireless carrier – what could go wrong?

David Harley

31st August 2018 AVIEN resource updates

Updates to Anti-Social Media 

Tomáš Foltýn for ESET: Instagram expands 2FA and account verification – “The move is part of a three-pronged plan that is intended to bolster user trust and safety on the photo-sharing platform”

Brian Krebs: Instagram’s New Security Tools are a Welcome Step, But Not Enough – “…Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number…”


Raj Samani (McAfee) for Help Net: The anatomy of fake news: Rise of the bots

Updates to Cryptocurrency/Crypto-mining News 

ZDNet: Bitfi finally gives up claim cryptocurrency wallet is unhackable – ‘On Twitter, the company posted a statement which said the company had hired external help in the form of a “Security Manager” who is “confirming vulnerabilities that have been identified by researchers.” “Effective immediately, we will be removing the “Unhackable” claim from our branding which has caused a significant amount of controversy,” the company added.’


Talos: Rocke: The Champion of Monero Miners – “Rocke actively engages in distributing and executing cyrptomining malware using a varied toolkit that includes Git repositories, HttpFileServers (HFS), and a myriad of different payloads, including shell scripts, JavaScript backdoors, as well as ELF and PE miners.”

ThreatPost: New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace – “Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary since April as it continues to plant various Monero miners on vulnerable systems. … “Rocke will continue to leverage Git repositories to download and execute illicit mining onto victim machines,” the research team said in a post Thursday.”


The Register: Cryptojacking isn’t a path to riches – payout is a lousy $5.80 a day – “Hackers shouldn’t quit their day scams if they want to eat…Cryptojacking, the hijacking of computing resources to mine cryptocurrency, turns out to be both relatively widespread and not particularly profitable, according to a paper published by code boffins from Braunschweig University of Technology in Germany.” The paper is here. 

Updates to Ransomware Recovery and Prevention and Specific Ransomware Families and Types

Decrypter for RansomWarrior [sic] from Checkpoint: Ransom Warrior Decryption Tool

Updates to GDPR page

The Register: Fear mongers forced to eat shorts over spam swamping claims – “GDPR and no Whois hasn’t caused catastrophe…Researchers at Recorded Future have been tracking spam through Cisco’s Talos reporting system and have concluded that GDPR has had zero impact on online problems.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Help Net: Old “Misfortune Cookie” flaw opens medical gateway and devices to attack summarizes this article from CyberMDX: CyberMDX Discovers Vulnerability in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS)

See also

Updates to Mac Virus

Nightwatch Security: Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489] – “System broadcasts by Android OS expose information about … WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address.”

Commentary by TechRepublic: Android ‘API breaking’ vulnerability leaks device data, allows user tracking 


Sophos: Hacked stalking app reveals victims’ photos, texts and location info – “TheTruthSpy sells an iOS and Android app that enables someone to spy on someone else’s phone. The software is not available on official app stores and has to be installed on a jailbroken iPhone or via an alternative source on an Android phone.”


Ionut Ilascu for Bleeping Computer: Unsophisticated Android Spyware Monitors Device Sensors – “Tagged BusyGasper by security experts at Kaspersky, the malware stands out through its ability to monitor the various sensors present on the targeted phone. … Kaspersky’s Alexey Firsh writes in the analysis.”

David Harley

28th August updates – AVIEN Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Bleeping Computer: Atlas Quantum Cryptocurrency Investment Platform Suffers Data Breach – “Atlas Quantum said the hacker (or hackers) did not steal any funds from users’ accounts.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Meltdown/Spectre and other chip-related resources

The Register: Linux 4.19 lets you declare your trust in AMD, IBM and Intel – “Wave the the CPU trust flag if you’re feeling safe enough….When random number generation is insufficiently random, encryption based on such numbers can be broken with less effort.”

Updates to Specific Ransomware Families and Types

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Tech support scams resource page

Link to Chainmailcheck article below.

Updates to Chain Mail Check

William Tsing for Malwarebytes: Green card scams: preying on the desperate – Green card scams are far from new. Though in fact this site does actually indicate in the small print that its usefulness to someone wanting to improve their chances of getting a green card via the diversity visa lottery is going to be very limited indeed. But Tsing makes the interesting point that the scam site looks more authentic than the real site because it provides more information, and compares it to “what we see with legitimate tech support and tech support scammers. An official entity does a poor job communicating with its constituency, and that creates a vacuum that scammers are all too eager to fill.” Seems an entirely valid point.

I talked about the issue of inadequate tech support in an article for ESET – Tech support scams and the call of the void – The importance of providing the best possible after-sales service to customers. That article was sparked off by a useful article on the Security Boulevard site by Christopher Burgess on When Scammers Fill the Tech Support Void.

Updates to Mac Virus

Tomáš Foltýn for ESET: Why now could be a good time to fortify your Android defenses
“Stop us if you’ve heard this before: avoid installing apps from outside Google Play. But what if you’re itching to battle it out in Fortnite?”

Follow-up article- interview with Lukáš Štefanko, who says I hope other app developers don’t follow Epic‘s example – “After Epic Games shunned Google Play, debates about threats faced by Android users have taken on a whole new tenor. Joining us to add his voice to the mix is ESET Malware Researcher Lukáš Štefanko”

My own view is slightly (but only slightly) different, as discussed in my MacVirus article: Fortnite and Android: an Epic disagreement

David Harley

Other resource updates August 24th 2018

Updates to Cryptocurrency/Crypto-mining News and Resources

Brian Krebs: Alleged SIM Swapper Arrested in California – “Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers.”

Commentary from CoinTelegraph.


SecureList: Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Commentary by The Register: Nork hackers Lazarus brought back to life by AppleJeus to infect Macs for the first time – “Malware with polished website spotted stealing crypto-coins from traders”

Updates to GDPR page

Rebecca Hill for The Register: Chap asks Facebook for data on his web activity, Facebook says no, now watchdog’s on the case – “Info collected on folk outside the social network ‘not readily accessible’ … Facebook’s refusal … is to be probed by the Irish Data Protection Commissioner … Under the General Data Protection Regulation … people can demand that organisations hand over the data they hold on them.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

John Leyden for The Register: If it doesn’t need to be connected, don’t: Nurse prescribes meds for sickly hospital infosec – “Pro shares healthcare horror stories”. I met Jelena Milosevic when she presented at Virus Bulletin in 2017 on a similar topic. She made several good points.

Updates to Mac Virus

Graham Cluley for BitDefender: Facebook pulls its VPN from the iOS App Store after data-harvesting accusations – “Facebook has withdrawn its Onavo Protect VPN app from the iOS App Store after Apple determined that it was breaking data-collection policies.”

Juli Clover for MacRumors: Facebook Removing Onavo VPN From App Store After Apple Says It Violates Data Collection Policies

Based on a story from the Wall Street Journal (requires subscription).


Also from Bitdefender: Triout – The Malware Framework for Android
That Packs Potent Spyware Capabilities


SecureList: Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

David Harley

August 22nd resources update

Updates to Cryptocurrency/Crypto-mining News and Resources

Next Web: Arrested BitConnect kingpin is connected to yet another cryptocurrency scam – “Something is cooking up in the Indian state of Gujarat”

Updates to GDPR page

Catalin Cimpanu for Bleeping Computer: Number of Third-Party Cookies on EU News Sites Dropped by 22% Post-GDPR  “Researchers looked at 200 news sites in total, from seven countries —Finland, France, Germany, Italy, Poland, Spain, and the UK.” Sadly, there seem to be an awful lot of sites outside the EU that regard GDPR as avoidable simply by saying “We use cookies: live with it or live without us.” Sigh…

The Register takes a slightly broader view: That’s the way the cookies crumble: Consent banners up 16% since GDPR – “While news sites cut cookies by 22% – but Google retains omnipresence”

Updates to Meltdown/Spectre and other chip-related resources

Foreshadow web page resource:


The Register: Fix for July’s Spectre-like bug is breaking some supers – “RDMA-Lustre combo swatted, HPC admins scramble”

Updates to Specific Ransomware Families and Types

GandGrab:

Trend Micro: .EGG Files in Spam Delivers GandCrab v4.3 Ransomware to South Korean Users Apparently the otherwise obscure .EGG file compression format is widely used in South Korea.

Commentary by Graham Cluley: Rotten EGGs spread ransomware in South Korea – “RANSOMWARE CHANGES FILE EXTENSION TO .KRAB.”

Commentary by David Bisson for Tripwire: Spam Campaign Targeting South Korean Users With GandCrab v4.3 Ransomware


Ryuk:

Catalin Cimpanu for Bleeping Computer: Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge – “There have been several reports from victims regarding infections with Ryuk in the past week, including one on the Bleeping Computer forums.”

David Harley