Category Archives: Uncategorized

November 18th 2018: AVIEN resource updates

Updates to Anti-Social Media 

The Register: Sorry, Mr Zuckerberg isn’t in London that day. Or that one. Nope. I’d give up if I were you – “Facebook boss delays, denies and deflects more invitations to international committee …. The UK’s digital committee has been trying to get Mark Zuckerberg to have a chat with them since the Cambridge Analytica scandal broke in April. Its latest tactic is an “international grand committee” made up of parliamentary committees from five different nations” ”


My attention was drawn via an article from the Homeland Security News Wire – Using social media to weaken impact of terrorist attacks – to a report spearheaded by Cardiff University’s Crime and Security Research Institute and commissioned by the Five Country Ministerial (FCM) Countering Extremism Working Group, and  called From Minutes to Months – A rapid evidence assessment of the impact of media and social media during and after terror events. According to the Executive Summary it centres on:

1. An overview of the relationships between terrorist violence and media, and
how these have been influenced by changes to the media ecosystem.
2. A brief outline of the key typical developments that take place in particular
time periods as one moves further away from the occurrence of the original
violence.
3. Recommendations for police, government and others involved in public
safety provision, in terms of what strategic communications postures they
can adopt to limit the impacts and harms of terror attacks.

Interesting stuff.


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”


Graham Cluley: On eve of US elections, Facebook blocked 115 accounts engaged in ‘coordinated inauthentic behavior’ – “In a statement posted on its website … Facebook explained that in the last year it has found and removed bad actors from the site on many occasions – based on its own internal investigations and information provided by law enforcement, and external experts.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Matthieu Faou for ESET: Supply-chain attack on cryptocurrency exchange gate.io – “Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange”


Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

Updates to GDPR page

Tomáš Foltýn for ESET: Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites – “The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes”


ThreatPost: GDPR’s First 150 Days Impact on the U.S. – “So, roughly 150 days after the passage of one of the most significant data privacy laws ever, how has it impacted U.S. companies’ privacy efforts? The reality is, not so much.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Well, here’s a  twist. For Sophos, Lisa Vaas cites an article in the Washington Post regarding a murder in New Hampshire in January 2017. The Post quotes documents that state:

The court finds there is probable cause to believe the server(s) and/or records maintained for or by Amazon.com contain recordings made by the Echo smart speaker from the period of Jan. 27 to Jan. 29, 2017… and that such information contains evidence of crimes committed against Ms. Sullivan, including the attack and possible removal of the body from the kitchen.

Lisa Vaas also tells us that this is at least the 2nd occasion on which “a court has demanded Alexa recordings so that a digital assistant can testify in a murder case.”


Lisa Vaas also drew my attention to an article from Pen Test Partners article  Tracking and snooping on a million kids, which looks at the MiSafes ‘Kids Watcher’ tracking watch, which sounds like a reasonable idea in terms of keeping an eye on your children’s safety. However, it appears that the implementation is far from perfect, in several respects. If you’ve bought or are considering buying one of these, you need to read the article.


The Register: This one weird trick turns your Google Home Hub into a doorstop – “Secret API leaves door open for remote commands from other gadgets sharing its Wi-Fi”


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”

The Register: Creepy or super creepy? That is the question Mozilla’s throwing at IoT Christmas pressies – “‘Tis the season to be tracked by your connected water bottle”


The Register: Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses – “”I challenge you to find an industry in the last 100 years that has improved security without being told [to do so] by the government.”


Graham Cluley for TripWire: Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw – “Analysts working at Qihoo 360’s Netlab team say that they first identified the new botnet in September 2018. They have dubbed it “BCMUPnP_Hunter” because of its exploitation of a security hole in the Broadcom UPnP SDK first discovered in 2013.””

Updates to Meltdown/Spectre and other chip-related resources

The Register: Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips – “CPU slingers insist existing defenses will stop attacks – but eggheads disagree [….] “‘Speculative execution’ is often falsely used as an umbrella term…” they explain in a paper distributed through ArXiv on Tuesday.”


Danny Bradbury for Sophos: PortSmash attack steals secrets from Intel chips on the side – “The proof of concept code, called PortSmash, comes from researchers at Finland’s Tampere University of Technology and the Technical University of Havana, Cuba. It uses a category of exploit called a side channel attack, in which one program spies on another as it runs.”

Updates to Specific Ransomware Families and Types

The Register: Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken – “”Considering the lowest ransom note is $600 and almost half of infected victims give in to ransomware, the developers might have made at least $300m in the past couple of months alone,” says BitDefender’s Liviu Arsene.”


ZDNet: New SamSam ransomware campaign aims at targets across the US
“Hackers behind powerful file-locking malware with high ransom demands continue to target organisations they find vulnerable to attacks.”


David Bisson for Tripwire: Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Updates to Tech support scams resource page

Jérôme Segura for Malwarebytes: Browlock flies under the radar with complete obfuscation – “Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users.  [….] Recently we’ve seen the “evil cursor” that prevents you from closing the fake alert, and the fake virus downloadthat insinuates your computer is already infected. This time, we look at how browser locker pages use encoding to bypass signature-based detection.”

Updates to Mac Virus

Apple and Android updates 17th November 2018

  • iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo
  • ESET: Google’s data charts path to avoiding malware on Android
  • Android security patches
  • Apple Watch patch
  • iOS 12.1 lockscreen bypass
  • Krebs on SIM-swapping

David Harley

Advertisements

26th October resource updates

Cryptocurrency updates

ZDNet: North Korea blamed for two cryptocurrency scams, five trading platform hacks
” A Group-IB report published last week pinned five of 14 cryptocurrency exchange hacks on Lazarus Group, a codename assigned by the cyber-security industry to North Korea’s military hacking units….In a report published today by threat intel firm Recorded Future, individuals associated with the North Korean regime have also been blamed for running cryptocurrency-related scam.” [sic]


Pierluigi Paganini: Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol – “The presentation titled “BOTCHAIN aka The Dark side of Blockchain” includes details about the first fully functional Botnet built upon the Bitcoin Protocol named “BOTCHAIN”.”

Updates to Anti-Social Media 

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”


The Register: Jeez, not now, Iran… Facebook catches Mid East nation running trolly US political ads – “Whack-a-Troll: Ad biz smashes latest manipulation plot to show it’s doing…something … Facebook, the antisocial advertising platform on which anyone can promote just about anything, on Friday said it found people promoting political discord in the US and UK, yet again.”

IoT update


Tomáš Foltýn for ESET: IoT: A roomful of conundrums
“How can you stay safe in a world where “smart” is the new default?”


The Register: We asked 100 people to name a backdoored router. You said ‘EE’s 4GEE HH70’. Our survey says… Top answer! – SSH hardcoded ‘admin’ login found, patch, er, patch coming?


Europol press release: If your toothbrush calls you, it might not be for dental hygiene: the importance of securing the internet of things

“Building on this work, ENISA continues to engage with stakeholders and will publish a new study in 2018 on Good Practices for Security of IoT with a focus on Industry 4.0 and smart manufacturing, while in 2019 relevant efforts concerning smart cars are expected.”

Updates to Specific Ransomware Families and Types

ESET: ESET releases new decryptor for Syrian victims of GandCrab ransomware – “ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators”

Updates to Anti-Malware Testing

SE Labs introduces penalty shootout

Updates to Chain Mail Check

Je te plumerai le BEC

Updates to Mac Virus

ZDnet: Apple blocks GrayKey police tech in iOS update – “Reports suggest the data-slurping tool has been rendered useless — but no-one knows how.”

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”

David Harley

Krebs/Sager interview on supply chain security

Further to the Bloomberg reports previously mentioned here, here’s a fascinating article from Brian Krebs, featuring an interview with Tony Sager. Not at all Apple-specific, but essential reading, so also linked from the MacVirus blog.

Supply Chain Security 101: An Expert’s View

“Sager said he hadn’t heard anything about Supermicro specifically, but we chatted at length about the challenges of policing the technology supply chain.”

David Harley

Another Bloomberg report, another supply-chain issue

In a story from 9th October, Bloomberg tells us of New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom.

“A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.”

The tampering described differs from that in Bloomberg’s previous report. This one describes an ‘implant’ in a server’s Ethernet connector. The communications company has not been named, but the report is based on information from Yossi Appleboum, described as “co-chief executive officer of Sepio Systems”, who suggests that this approach to snooping has been seen in other equipment supplied by China, while Bloomberg compares it to manipulations used by the NSA.

Commentary from The Verge: Tampered Chinese Ethernet port used to hack ‘major US telecom,’ says Bloomberg report.

Whatever the truth is of this story, it seems to go far beyond Apple. Nevertheless, also published on the Mac Virus blog. as it develops a story previously published there.

David Harley

6th October 2018 updates

Updates to Anti-Social Media 

Lisa Vaas for Sophos: Facebook finds “no evidence” attackers accessed third-party apps – “Facebook said … Nevertheless, it’s building a tool to allow developers to manually identify which of their apps’ users may have been affected, so they can log them out.”

Updates to: Ransomware Resources

Updates to Chain Mail Check

Extortion & Breach Compilation archive; BEC as a service

Updates to Mac Virus

Supply chain hacking: bull in a China shop? [updated]

Android SMS Worm, plus setting up a Mac for kids

David Harley

Resources update: 3rd October

Updates to Anti-Social Media 

ESET: Facebook: No evidence attackers used stolen access tokens on third-party sites
“The social networking behemoth is expected to face a formal investigation by Ireland’s Data Protection Commission in what could be the “acid test” of GDPR since the law became effective in May”


Graham Cluley: Two reasons to reconsider your Facebook membership
“Not only was it revealed that millions of users had their accounts exposed by a vulnerability, but the site has been up to dirty tricks with mobile phone numbers you gave them to supposedly enhance your security.”


Joseph Cox for Motherboard: Hackers Are Holding High Profile Instagram Accounts Hostage
“Hackers have hijacked the accounts of at least four high profile Instagrammers recently, locking them out and demanding a bitcoin ransom.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Lawrence Abrams for Bleeping Computer: Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones
“Kaspersky has discovered that [Roaming Mantis Group] is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page.”


John E. Dunn for Sophos: Monero fixes major ‘burning bug’ flaw, preventing mass devaluation
“…the developers realised that the apparent non-expert had just confirmed a major flaw in wallets used to transact the controversial and what is reportedly the world’s tenth most popular cryptocurrency.”

Updates to GDPR page

ESET: Facebook: No evidence attackers used stolen access tokens on third-party sites
“The social networking behemoth is expected to face a formal investigation by Ireland’s Data Protection Commission in what could be the “acid test” of GDPR since the law became effective in May”

Updates to Internet of (not necessarily necessary) Things

Gabrielle Ladouceur Despins for ESET: Top tips for protecting your Smart TV
“The final few months of 2018 will likely be a busy time of year for people and cybercriminals will be no different as they continue to look for weak spots in networks”

Updates to: Ransomware Resources

Joseph Cox for Motherboard: Hackers Are Holding High Profile Instagram Accounts Hostage
“Hackers have hijacked the accounts of at least four high profile Instagrammers recently, locking them out and demanding a bitcoin ransom.”

Updates to Mac Virus

News Update October 3rd


David Harley

September 19th 2018 Updates

Updates to Anti-Social Media 

Danny Bradbury for Sophos: Deepfake pics and videos set off Facebook’s fake news detector Centres on FB’s announcement that “To date, most of our fact-checking partners have focused on reviewing articles. However, we have also been actively working to build new technology and partnerships so that we can tackle other forms of misinformation. Today, we’re expanding fact-checking for photos and videos to all of our 27 partners in 17 countries around the world (and are regularly on-boarding new fact-checking partners). This will help us identify and take action against more types of misinformation, faster.”

The Register: Not so much changing their tune as enabling autotune: Facebook, Twitter bigwigs nod and smile to US senators – “Google slammed for no-show”


Graham Cluley: Twitter testing new feature that reveals when you’re online – “WHO OTHER THAN STALKERS ACTUALLY WANTS THIS?”


Lisa Vaas for Sophos: Review that! Fake TripAdvisor review peddler sent to jail

“The owner of a fake-review factory is going to get a chance to write a review about his trip to the inside of an Italian jail.

TripAdvisor announced (PDF) on Wednesday that, in one of the first cases of its kind, the criminal court of the Italian city of Lecce has ruled that writing fake reviews, under a fake identity, is criminal conduct.”


Michigan News (University of Michigan): Fake news detector algorithm works better than a human – “ANN ARBOR—An algorithm-based system that identifies telltale linguistic cues in fake news stories could provide news aggregator and social media sites like Google News with a new weapon in the fight against misinformation.

The University of Michigan researchers who developed the system have demonstrated that it’s comparable to and sometimes better than humans at correctly identifying fake news stories.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Palo Alto: Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows – “Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers that we have named XBash. We can tie this malware to the Iron Group, a threat actor group known for ransomware attacks in the past.”


Tomáš Foltýn for ESET: One in three UK orgs hit by cryptojacking in previous month, survey finds – “Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies”


Trend Micro took a little time out from snarfing customer data to issue a report that tells us of “a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. Unseen Threats, Imminent Losses Phil Muncaster notes, based on that report, that Cryptomining Malware Soars 956% in a Year and also cites a report from Checkpoint which “warned last month that the number of global organizations affected by cryptojacking rose from just under 21% in the second half of 2017 to 42% in 1H 2018, with cyber-criminals making an estimated $2.5bn over the past six months.”


Graham Cluley: Cryptominers killing cryptominers to squeeze more out of your CPU

“As security researcher Xavier Mertens describes, a newly-encountered malicious miner for the Monero cryptocurrency is working hard to kill any potential competitors it encounters for system resources, using an ever-expanding list.”


Kaspars Osis for ESET: Kodi add-ons launch cryptomining campaign – “ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware”

Commentary from Bleeping Computer: Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans – “Security researchers discovered a campaign that infects machines running Kodi via a legitimate add-on that has been altered by cybercriminals looking to mine the onero cryptocurrency with the resources of Kodi users.”


Danny Bradbury for Sophos: Blockchain hustler beats the house with smart contract hack – “A wily hacker has scored a thousand dollar cryptocurrency jackpot … by using their own code to tamper with a smart contract run by a betting company on the EOS blockchain …. Unlike Bitcoin, which uses a blockchain to record the transfer of digital currency, EOS and Ethereum both enable people to run computer programs. These programs are called smart contracts, and instead of running in one place they run on many computers connected to the blockchain.” Fascinating article.

Updates to GDPR page

Veronika Gallisova for ESET: 100 days of GDPR – “What impact has the new data protection directive had on businesses so far?”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

John Leyden for The Register: 2-bit punks’ weak 40-bit crypto didn’t help Tesla keyless fobs one bit – “Eggheads demo how to clone gizmo, nick flash motor in seconds – flaw now patched”

“Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive away the electric sports car.”


The Register: Mikrotik routers pwned en masse, send network data to mysterious box – “Researchers uncover botnet malware pouncing on security holes”


The Register: Thousands of misconfigured 3D printers on interwebz run risk of sabotage

“Internet-connected 3D printers are at risk of being tampered with or even sabotaged because users fail to apply security controls, a researcher has warned.”


The Register: M-M-M-MONSTER KILL: Cisco’s bug-wranglers swat 29 in single week – “If you’re running the end-of-life RV110 Wireless-N VPN firewall or RV215W Wireless-N VPN router, bad news: some of their security vulnerabilities won’t be patched and there’s no workaround – so it is probably time to replace them.”


Tomáš Foltýn for ESET: Could home appliances knock down power grids? –  “The researchers tested the plausibility of the new type of attack on “state-of-the-art simulators on real-world power grid models”. The threat is described in a paper called “BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid”, and the research was also presented at a recent USENIX security symposium.”

Updates to: Ransomware Resources

Mark Stockley for Sophos: The rise of targeted ransomware

“While cryptomining and cryptojacking have been sucking all the air out of the press room, a snowball that started rolling well before anyone had ever heard of WannaCry has been gathering pace and size.

The snowball is a trend for stealthier and more sophisticated ransomware attacks – attacks that are individually more lucrative, harder to stop and more devastating for their victims than attacks that rely on email or exploits to spread.”

Updates to Specific Ransomware Families and Types

John Leyden for The Register: Sextortion scum armed with leaked credentials are persistent pests – “If you’re going to batter 8,497 folk with over 60,000 threats, odds are someone will crack”

Bleeping Computer: Barack Obama’s Blackmail Virus Ransomware Only Encrypts .EXE Files – “It is unknown how this ransomware is distributed or if the developer will even provide a decryption key if paid. ”

Updates to Mac Virus

Dangers on Safari – The Safari Reaper attack, and URL spoofing

Android Issues – Android Malware-as-a-Service botnet, CVE-2018-9489, and open-source vulnerabilities in Android apps.

Smartphones that talk too much acoustic side-channel attacks

Flushing the Mac App Store  Ad-Doctor and three Trend apps removed

Apple to make life easier for law enforcement – portal to apply for access to information and training

Krebs: commentary on global authentication via your wireless carrier – what could go wrong?

David Harley

August 29th 2018 resources update

Updates to Anti-Social Media 

Lisa Vaas for Sophos: Tumblr outlaws creepshots and deepfake porn – “The blogging site wants to go back to a simpler time, where, it says, people were a lot nicer … and didn’t glorify gore and upskirting.”

Updates to GDPR page

Recorded Future: 90 Days of GDPR: Minimal Impact on Spam and Domain Registration – “While it has only been three months since the GDPR went into effect, based on our research, not only has there not been an increase in spam, but the volume of spam and new registrations in spam-heavy generic top-level domains (gTLDs) has been on the decline.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

The Register: Voting machine maker claims vote machine hack-fests a ‘green light’ for foreign hackers – “NSA code smacker says no, hackers perform a service” – ES&S criticized for reluctance to participate in DEF CON demo.

Updates to Mac Virus

Android/iOS malware detections down, but Fortnite flaw problematic

David Harley

Three mobile app issues and a Mac 0-Day

Updates to Mac Virus

John Leyden for The Register: Baddies of the internet: It’s all about dodgy mobile apps, they’re so hot right now  “Rogue mobile apps have become the most common fraud attack vector, according to the latest quarterly edition of RSA Security’s global fraud report.” If you don’t mind giving your contact information away, the report is available here.


For Sophos, Matt Boddy explains how to use AppMon to see which of your Android apps are paying more attention to your conversations than you’re comfortable with. Not for beginners, but interesting. Are your Android apps listening to you?


Also for Sophos, Paul Ducklin analyses Patrick Wardle’s 0-day Mac exploit, as discussed recently at Def Con. While there’s no fix as yet, Paul points out that “Fortunately, as zero-days hacks go, this one isn’t super-serious – a crook would have to infect your Mac with malware first in order to use Wardle’s approach, and it’s more a tweak to an anti-security trick that Wardle himself found and reported last year than a brand new attack.” Apple Mac “zero day” hack lets you sneakily click [OK]


Martin Beltov for Security Boulevard: Android Man-in-the-Disk Attack Can Expose Apps & User Data –  “Security experts discovered a new Android infection mechanism called the Man-in-the-Disk attack. It takes advantage of a design issue found to be with the operating system itself that takes advantage of the external storage access. Abuse of this possibility can expose sensitive data to the criminal operators.”

David Harley

July 23rd resources updates

[Updates that haven’t been flagged in my other AVIEN articles today]

Updates to Specific Ransomware Families and Types

Catalin Cimpanu for Bleeping Computer: Vaccine Available for GandCrab Ransomware v4.1.2 Cimpanu reckons that “The GandCrab ransomware has slowly become the most widespread ransomware strain in use today.” At the moment Ahnlab’s vaccine app only works with version 4.1.2 of GandCrab, but Cimpanu suggests that it might be backported. The app can be downloaded from here or here.

John Leyden for The Register: Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records – “Tens of thousands of Canadian medical files, healthcare worker details snatched” Not ransomware, but still extortion.

Updates to Chain Mail Check

HelpNet Security: Microsoft tops list of brands impersonated by phishers. Summarizes an article by Vade Secure’s Phishers’ Favorites Top 25 List. Trailing quite a long way behind are PayPal, Facebook, Netflix etc. Vade reckon that Microsoft is such a favourite because it can be so profitable to get into a Microsoft Office 365 account.

Updates to Mac Virus

  1. Following up this story: USB restricted mode: now you don’t see it, now you do…

Elcomsoft’s claims hinged on the assertion that “…iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before…Most (if not all) USB accessories fit the purpose — for example, Lightning to USB 3 Camera Adapter from Apple.”

Andrew O’Hara, for AppleInsider, tells us that iOS 12 developer beta 4 requires device to be unlocked before connecting any USB accessories. “In the fourth developer beta of iOS 12, a passcode is required any time a computer or USB accessory is connected…Before the change, authorities or criminals would have an hour since last unlock to connect a cracking device, like the GreyKey box. Now, they don’t have that hour, making it that much more difficult to brute force a password attempt into a device.”

2. SecureList: Calisto Trojan for macOS – “The first member of the Proton malware family? … Conceptually, the Calisto backdoor resembles a member of the Backdoor.OSX.Proton family: … it masquerades as a well-known antivirus (a Backdoor.OSX.Proton was previously distributed under the guise of a Symantec antivirus product) … Like Backdoor.OSX.Proton, this Trojan is able to steal a great amount of personal data from the user system, including the contents of Keychain”

David Harley