Category Archives: Resources

June 16th updates

Updates to Anti-Social Media 

Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.

Updates to GDPR page

  1. The Register: EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs –
    “Civil liberties committee votes: US has until Sept to comply”
    (In case you thought all those GDPR notifications had fixed everything.
  2. Help Net, citing Avecto: With the GDPR, companies face new era of compliance and transparency – “Just 56 percent of North American professionals and two-thirds of respondents from UK and Germany were aware that the GDPR impacts any company with European customers, employees and partners.”

Updates to Meltdown/Spectre and other chip-related resources

1.

Lawrence Abrams for Bleeping Computer: New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs – ‘According to Intel this new vulnerability affects all Intel Intel Core-based microprocessors and is a bug in the actual CPU, so it does not matter what operating system the user is running. It could be Windows, Linux, BSD, or any other operating running an an Intel Core-based CPU and using “Lazy FPU context switching”.’

2.

The Register: Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune – “Malware on Cores, Xeons may lift computations, mitigations in place or coming … In short, the security hole could be used to extract or guess at secret encryption keys within other programs, in certain circumstances, according to people familiar with the engineering mishap.”

3.

The Register: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix – “Good thing too because Intel’s planned chip changes may break Google’s Retpoline”

“In a paper distributed this week through the ArXiv preprint server, “SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation,” computer scientists from University of California, Riverside, College of William and Mary and Binghamton University describe a way to isolate the artifacts produced by speculative execution so that they can’t be used to glean privileged data.”

Updates to Specific Ransomware Families and Types

Everbe: Pierluigi Paganini – Experts released a free decryptor for Everbe Ransomware

Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

Updates to Chain Mail Check

Updates to Mac Virus

  1.  ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

2.

The Register: Apple will throw forensics cops off the iPhone Lightning port every hour

“Initially, Restricted Mode required a passcode after one week. But Apple confirmed yesterday that a plugged-in iPhone will require a passcode every hour for the data transfers to continue. … Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work.”

3.

Josh Pitts, for Okta, goes into extensive detail about a “vulnerability [that] exists in the difference between how the Mach-O loader loads signed code vs how improperly used Code Signing APIs check signed code and is exploited via a malformed Universal/Fat Binary.” I can be Apple, and so can you – A Public Disclosure of Issues Around Third Party Code Signing Checks

For Bleeping Computer, Lawrence Abrams summarizes: Mac Security Tool Bugs Allow Malware to Appear as Apple Software.

John Leyden for The Register: Hello, ‘Apple’ here, and this dodgy third-party code is A-OK with us – “Subtle attack thwarts macOS code-signing process”

4.

Lukas Stefanko for ESET: Android users: Beware these popularity-faking tricks on Google Play
– “Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers … …since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.”

5.

Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.

6.

Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

David Harley

Advertisements

Cryptomining – it’s off to scam we go

1.

ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

2.

Catalin Cimpanu for Bleeping Computer: Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million – Online crooks promoting fake “giveaways” have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.”

3.

Graham Cluley: Bitcoin price takes a dive after another cryptocurrency exchange hack
– “Billions of dollars worth of wealth were wiped out this weekend after a South Korean cryptocurrency exchange was hacked … The exchange in question is called Coinrail…”

4.

Lisa Vaas for Sophos: SHOCK! HORROR! SURPRISE! Bitcoin priceplosion may have been market manipulation – “Last year’s meteoric rise in the value of Bitcoin and other cryptocurrencies might well have been artificially inflated, according to a paper released on Wednesday by University of Texas finance professor John Griffin and graduate student Amin Shams.” Maybe not an outright scam, but a bit shady, if true.

David Harley

AVIEN resource updates 8th June 2018

Updates to Cryptocurrency/Crypto-mining News and Resources

Help Net Security: Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines – “Unknown attackers have compromised 40,000+ servers, networking and IoT devices around the world and are using them to mine Monero and redirect traffic to websites hosting tech support scams, malicious browser extensions, and so on.”

Updates to GDPR page

James Barham of PCI Pal for Help Net: Shape up US businesses: GDPR will be coming stateside  – “European consumers have long been preoccupied by privacy which leaves us wondering why the US hasn’t yet followed suit and why it took so long for consumers to show appropriate concern? With the EU passing GDPR to address data security, will we see the US implement similar laws to address increased consumer anxiety?” And yes, Facebook gets more than one mention here.

Caleb Chen for Privacy News Online: Apple could have years of your internet browsing history; won’t necessarily give it to you – “Apple has years of your internet browsing history if you selected “sync browser tabs” in Safari. This internet history does not disappear from their servers when you click “Clear internet history” on Safari  … Additionally, the data stored and provided seems to be different for European Union based requesters versus United States based requesters. Discovering these sources of metadata is arguably one of the side effects of GDPR compliance. ”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary – you may not be able to read this without a router. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface. And sometimes even necessary devices entail security risks.]

Stephen Cobb for ESET: VPNFilter update: More bad news for routers 
“New research into VPNFilter finds more devices hit by malware that’s nastier than first thought, making rebooting and remediating of routers more urgent.”

The Register: IoT CloudPets in the doghouse after damning security audit: Now Amazon bans sales “Amazon on Tuesday stopped selling CloudPets, a network-connected family of toys, in response to security and privacy concerns sounded by browser maker and internet community advocate Mozilla.” Commentary by Graham Cluley for BitDefender: Creepy CloudPets pulled from stores over security fears

Updates to Tech support scams resource page

Help Net Security: Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines – “Unknown attackers have compromised 40,000+ servers, networking and IoT devices around the world and are using them to mine Monero and redirect traffic to websites hosting tech support scams, malicious browser extensions, and so on.”

Updates to Chain Mail Check

Tomáš Foltýn for ESET: You have NOT won! A look at fake FIFA World Cup-themed lotteries and giveaways

“With the 2018 FIFA World Cup in Russia just days away, fraudsters are increasingly using all things soccer as bait to reel in unsuspecting fans so that they get more than they bargained for”

Updates to Mac Virus

John E. Dunn for Sophos: Apple says no to Facebook’s tracking
“Later this year, users running the next version of Apple’s Safari browser on iOS and macOS should start seeing a new pop-up dialogue box when they visit many websites…this will ask users whether to allow or block web tracking quietly carried out by a certain co”mpany’s ‘like’, ‘share’ and comment widgets.” And the dialog text in the demo to which the article refers specifically mentions Facebook.

Caleb Chen for Privacy News Online: Apple could have years of your internet browsing history; won’t necessarily give it to you – “Apple has years of your internet browsing history if you selected “sync browser tabs” in Safari. This internet history does not disappear from their servers when you click “Clear internet history” on Safari  … Additionally, the data stored and provided seems to be different for European Union based requesters versus United States based requesters. Discovering these sources of metadata is arguably one of the side effects of GDPR compliance. ”

And from the New York Times: Facebook Gave Device Makers Deep Access to Data on Users and Friends –
“The company formed data-sharing partnerships with Apple, Samsung and
dozens of other device makers, raising new concerns about its privacy protections.” And commentary by Help Net Security: Facebook gave user data access to Chinese mobile device makers, too

David Harley

June 1st AVIEN resources updates

Updates to (Anti)Social Media

Tomáš Foltýn for ESET: More curious, less cautious: Protecting kids online – “How we can help protect a generation for which digital is the way of the world?”

Updates to Cryptocurrency/Crypto-mining News and Resources

Trend Micro: Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

Updates to GDPR page

For Tech Beacon, Richi Jennings curates some blog-y thoughts on GDPR and what comes next from the EU: Think GDPR was a disaster? EU’s ePrivacy Regulation is worse

Milena Dimitrova for Security Boulevard: GDPR Is Affecting the Way WHOIS Works, Security Researchers Worry – as indeed it is, and indeed they should…

Graham Cluley: An advert against online privacy “NO, YOU CAN TAKE ANYTHING… JUST DON’T TAKE MY APPS!” – “The advertising industry … has its knickers in a twist so tightly about European privacy regulations that it made videos like this to try to sway public opinion”

For Help Net, Arcserve’s Oussama El-Hilali discusses The emergence and impact of the Data Protection Officer. Not a bad article, but extraordinarily US-centric in its assertion that “… one of the lesser known mandates of the regulation is the creation of a completely new role: The Data Protection Officer (DPO).” That role, if not necessarily that job title, has long been known in Europe and the UK as a direct result of the Data Protection Directive 95/46/EC, which it supersedes and the UK’s Data Protection Act(s).

Sophos:  European Commission “doesn’t plan to comply with GDPR” – well, sort of

Updates to Meltdown/Spectre and other chip-related resources

The Register: Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode) – “Apps, 32 or 64-bit, will continue to run just fine as design biz looks to ditch baggage … Linux and Android, Windows, and other operating systems built for this latest Cortex-A family member are being positioned, or are already positioned, to work within this 64-bit-only zone.”

Also from The Register: Spectre-protectors: If there’s something strange in your CPU, who you gonna call? “Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more … Enhanced Spectre-protectors will soon come to the Chrome browser … and upgrades for Windows, Mac and Linux have started to flow.”

Updates to Internet of (not necessarily necessary) Things

Dearbytes: Smartwatches disclosing children’s location

The Register: OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats – “Infamous IoT menace lives on in its hellspawn”. Summarizes Netscout’s research – OMG – Mirai Minions are Wicked – “In this blog post we’ll delve into four Mirai variants; Satori, JenX, OMG and Wicked, in which the authors have built upon Mirai and added their own flair.”

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Backup Cryptomix Ransomware Variant Actively Infecting Users

Updates to Mac Virus

John Gruber for Daring Fireball: 10 Strikes and You’re Out – the iOS Feature You’re Probably Not Using But Should. The feature he’s referring to is the passcode option “Erase all data on this iPhone after 10 failed passcode attempts”. I don’t have an iPhone, so haven’t really looked into the feature, but it certainly seems that it’s a more useful, less daunting option than you might think.

Paul Ducklin for Sophos: Apple’s iOS 11.4 security update arrives in an iCloud of silence – “We updated to iOS 11.4, because that’s our habit – but Apple still isn’t saying what was fixed yet. How we wish Apple wouldn’t do that!”

Updates to Chain Mail Check

Tomáš Foltýn for ESET: World Cup scams: how to avoid an own goal – “Whether travelling to enjoy the matches in person, or watching from home, fans should be on the lookout for foul play” (I always enjoy Tomáš’s wordplay.)

Snopes: Is Starbucks Installing ‘Shatter-Proof Windows’? – “An image circulating online falsely promised “free coffee for a year” to anyone who could damage the company’s new windows.” Put away that bazooka…

David Harley

May 30th updates

Updates to Anti-Social Media 

Sophos: Facebook battles tiny startup over privacy accusations John E. Dunn remarks:

“You can argue Six4Three’s allegations either way … they’re another example of the way the company perfectly understood the value of its user data and wanted to monetise it.”

“Alternatively, by restricting third parties, Facebook was simply reigning in risky access that privacy advocates believe should never have been allowed in the first place.”

Updates to Cryptocurrency/Crypto-mining News and Resources

ESET: UNICEF now using cryptocurrency mining for fundraising – “So far in 2018, the NGO has launched two charity campaigns with the aim of raising funds through cryptocurrency mining.”

Technode: Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems – “Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 […] EOS is a blockchain-based, decentralized system that enables the development, hosting, and execution of commercial-scale decentralized applications (dApps) on its platform.”

Updates to GDPR page

The Register: Businesses brace themselves for a kicking as GDPR blows in – “Securing company data just got even harder”

Updates to Internet of (not necessarily necessary) Things

The Register: Softbank’s ‘Pepper’ robot is a security joke – “Big-in-Japan ‘bot offers root access through hard-coded password and worse bugs too”

Sophos: California tests digital license plates. Is tracking cars next? –  Lisa Vaas comments: ‘Yes, now we can add license plates to the pile of “do we really need xyz IoT thing,” which already includes internet-enabled fridges, toasters, washing machines and coffee makers.’ And mentions quite a few of the issues that this initiative raises. What could go wrong?

Updates to MELTDOWN/SPECTRE AND OTHER CHIP-RELATED RESOURCES

Interesting paper: Post-Spectre Threat Model Re-Think

Updates to Mac Virus

(1) Bleeping Computer: Malware Found in the Firmware of 141 Low-Cost Android Devices – “Two years after being outed, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.” 

Dr Web report from 2016: Doctor Web discovers Trojans in firmware of well-known Android mobile devices – “Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.”

Avast report from 24th May 2018: Android devices ship with pre-installed malware – “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”

(2) Meanwhile, Sophos’ Matt Boddy has been looking at how to find out the answer to the question Are your Android apps sending unencrypted data? He says:

“My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.

I’ll tell you what I did, what I discovered and how you can do it too.”

Updates to Anti-Malware Testing

AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.

No information at present on exactly how the voting went, which I’d like to have seen in the interests of transparency.

David Harley

21st May 2018 update

Updates to Anti-Social Media 

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users  – “Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.” And some commentary from The Register: How could the Facebook data slurping scandal get worse? Glad you asked – “Three million “intimate” user profiles offered to researchers”

And commentary from Sophos: Facebook app left 3 million users’ data exposed for four years

Updates to Cryptocurrency/Crypto-mining News and Resources

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

ZDNet: Brutal cryptocurrency mining malware crashes your PC when discovered  – “…the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency.”

Help Net Security: 25% of companies affected by cloud cryptojacking

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page may indeed be necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Updates to Tech support scams resource page

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Bip Dharma Ransomware Variant Released

ArsTechnica: All of Mugshots.com’s alleged co-owners arrested on extortion charges

Updates to Mac Virus

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

Help Net Security: Google will force Android OEMs to push out security patches regularly

Kaspersky: WHO’S WHO IN THE ZOO. CYBERESPIONAGE OPERATION TARGETS ANDROID USERS IN THE MIDDLE EAST

Symantec: Malicious Apps Persistently Appearing on Google Play and Using Google Icons
– “Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported.”

Sophos: The next Android version’s killer feature? Security patches “…the next version of Google’s mobile OS will require device makers to agree to implement regular security patches for the first time in the operating system’s history.’

Updates to Anti-Malware Testing

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

Updates to Chain Mail Check

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

May 12th resources update

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre and other chip-related resources

Updates to Mac Virus

Updates to Chain Mail Check

Palo Alto’s Unit 42 announces its report ‘Silverterrier: the rise of Nigerian business email compromise’ in the blog article SilverTerrier Update: Increasingly Sophisticated Nigerian Cybercriminals Take Bigger Part of $3B BEC-Related Losses

Springer: Leaving on a jet plane: the trade in fraudulently obtained airline tickets

David Harley

Ransomware/Wiper-related updates

Updates to: Ransomware Resources

Help Net Security: Organisations across the UK are still struggling with ransomware

F-Secure: The Changing State of Ransomware

Updates to Specific Ransomware Families and Types

In response to this useful article by Kaspersky, this page now includes information on wipers, which often resemble or masquerade as ransomware but are essentially just destructive.

Kaspersky Threat Post: 

Secrets of the Wiper: Inside the World’s Most Destructive Malware. “Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies.”

ESET has previously published quite a lot of material on Black Energy which can be found here. Of course, other articles are available, but I get to see most of the ESET articles before they’re published, so I’m more aware of them.

Added to the WannaCry (WannaCrypt, WannaCryptor etc.) resources page: 

Bleeping Computer: One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever

ESET:

David Harley

May 5th resource updates

Updates to Anti-Social Media 

Lots of commentary this week on Twitter’s mishaps with our credentials:

The Register: Google will vet political ads to ward off Phantom Menace of fake news – “Mountain View’s Empire Strikes Back against election meddling”

And The Register again, on old favourites Facebook: Time to ditch the Facebook login: If customers’ data should be protected, why hand it over to Zuckerberg? – “How The Social Network and its partners use that info is a total black box”

Updates to Cryptocurrency/Crypto-mining News and Resources

Help Net Security: Organizations should not overestimate the short-term benefits of blockchain

Updates to Meltdown/Spectre and other chip-related resources

The Register: Fresh fright of data-spilling Spectre CPU design flaws haunt Intel – “Chipzilla checking fresh set of CVEs in chip side-channel flaw”

And ESET’s resource article has been updated again: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

Updates to Internet of (not necessarily necessary) Things

Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.

Sophos: Half a million pacemakers need a security patch – refers to the FDA-approved firmware patch for Abbot pacemakers. “In September 2016, the company sued Internet of Things (IoT) security firm MedSec for defamation after it published what St Jude said was bogus information about bugs in its equipment … security consultants at Bishop Fox confirmed the validity of MedSec’s findings. The company begrudgingly stopped fighting and litigating and issued security fixes.

David Harley

3rd May AVIEN resources updates

Updates to Anti-Social Media 

Kaspersky Threat Post: TENS OF THOUSANDS OF MALICIOUS APPS USING FACEBOOK APIS – “At least 25,936 malicious apps are currently using one of Facebook’s APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address.”

The Register:

Talking of Zuckerberg, here’s his summary of the forthcoming ‘Clear History’ control.

Updates to Cryptocurrency/Crypto-mining News and Resources

Catalin Cimpanu for Bleeping Computer: New MassMiner Malware Targets Web Servers With an Assortment of Exploits

The Register: Whoa, Gartner drops a truth bomb: Blockchain is overhyped and top IT bods don’t want it – “Didn’t you know it’s panacea to all corporate woes, bro?!”

Gad Naveh for Help Net: Dig this: The future of crypto-mining botnets

Trend Micro: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Updates to Meltdown/Spectre and other chip-related resources

Hilbert Hagedoorn for The Guru of 3-D: Eight new Spectre Variant Vulnerabilities for Intel Discovered – four of them critical

The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”

ESET: further updates to Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

Updates to Internet of (not necessarily necessary) Things

The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”

Trend Micro: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Sophos:

Richi Jennings for Tech Beacon: VW bugs: “Unpatchable” remote code pwnage – “Two security researchers have excoriated Volkswagen Group for selling insecure cars. As in: hackable-over-the-internet insecure.”

Updates to Specific Ransomware Families and Types

Paul Ducklin for Sophos: “SamSam” ransomware – a mean old dog with a nasty new trick

David Harley