Category Archives: Uncategorized

July 23rd resources updates

[Updates that haven’t been flagged in my other AVIEN articles today]

Updates to Specific Ransomware Families and Types

Catalin Cimpanu for Bleeping Computer: Vaccine Available for GandCrab Ransomware v4.1.2 Cimpanu reckons that “The GandCrab ransomware has slowly become the most widespread ransomware strain in use today.” At the moment Ahnlab’s vaccine app only works with version 4.1.2 of GandCrab, but Cimpanu suggests that it might be backported. The app can be downloaded from here or here.

John Leyden for The Register: Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records – “Tens of thousands of Canadian medical files, healthcare worker details snatched” Not ransomware, but still extortion.

Updates to Chain Mail Check

HelpNet Security: Microsoft tops list of brands impersonated by phishers. Summarizes an article by Vade Secure’s Phishers’ Favorites Top 25 List. Trailing quite a long way behind are PayPal, Facebook, Netflix etc. Vade reckon that Microsoft is such a favourite because it can be so profitable to get into a Microsoft Office 365 account.

Updates to Mac Virus

  1. Following up this story: USB restricted mode: now you don’t see it, now you do…

Elcomsoft’s claims hinged on the assertion that “…iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before…Most (if not all) USB accessories fit the purpose — for example, Lightning to USB 3 Camera Adapter from Apple.”

Andrew O’Hara, for AppleInsider, tells us that iOS 12 developer beta 4 requires device to be unlocked before connecting any USB accessories. “In the fourth developer beta of iOS 12, a passcode is required any time a computer or USB accessory is connected…Before the change, authorities or criminals would have an hour since last unlock to connect a cracking device, like the GreyKey box. Now, they don’t have that hour, making it that much more difficult to brute force a password attempt into a device.”

2. SecureList: Calisto Trojan for macOS – “The first member of the Proton malware family? … Conceptually, the Calisto backdoor resembles a member of the Backdoor.OSX.Proton family: … it masquerades as a well-known antivirus (a Backdoor.OSX.Proton was previously distributed under the guise of a Symantec antivirus product) … Like Backdoor.OSX.Proton, this Trojan is able to steal a great amount of personal data from the user system, including the contents of Keychain”

David Harley

Advertisements

22nd June 2018 resource updates

Updates to Cryptocurrency/Crypto-mining News and Resources

Carl Sigler (Trustwave) for Help Net Security: Why cybercriminals are turning to cryptojacking for easy money. While another article cites a Morphisec report: Banking Trojans and cryptojacking on the rise.

Trend Micro: Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware

ESET: South Korea’s largest cryptocurrency exchange hacked – “Bithumb has claimed that $31.5 million worth of virtual coins were stolen by hackers”

Updates to GDPR page

Threatpost: SNEAKY WEB TRACKING TECHNIQUE UNDER HEAVY SCRUTINY BY GDPR

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

SEC Consulting: TRUE STORY: THE CASE OF A HACKED BABY MONITOR (GWELLTIMES P2P CLOUD) – commentary by the Register: Don’t panic, but your baby monitor can be hacked into a spycam

The Register: Schneier warns of ‘perfect storm’: Tech is becoming autonomous, and security is garbage – “Schneier told El Reg after his speech: “Everybody understands what might happen if your pacemaker is hacked and it delivers a lethal charge, but what if I took over some inter-connected robot toy and tripped you in your house? It’s a little more subtle.”

The Register: Are your IoT gizmos, music boxes, smart home kit vulnerable to DNS rebinding attacks? Here’s how to check – “Fancy website, code emitted – Roku, Google, etc stuff at risk”

Updates to Specific Ransomware Families and Types

Paul Ducklin for Sophos: “WannaCrypt” ransomware scam demands payment in advance! – “The good news is that these particular crooks don’t actually have any malware to back up their threat.”

Updates to Tech support scams resource page

Sophos: Elderly victims conned out of millions by tech support scammer

Updates to Anti-Malware Testing

Updated anti-malware testing resources page

Updates to Mac Virus

David Harley

June 16th updates

Updates to Anti-Social Media 

Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.

Updates to GDPR page

  1. The Register: EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs –
    “Civil liberties committee votes: US has until Sept to comply”
    (In case you thought all those GDPR notifications had fixed everything.
  2. Help Net, citing Avecto: With the GDPR, companies face new era of compliance and transparency – “Just 56 percent of North American professionals and two-thirds of respondents from UK and Germany were aware that the GDPR impacts any company with European customers, employees and partners.”

Updates to Meltdown/Spectre and other chip-related resources

1.

Lawrence Abrams for Bleeping Computer: New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs – ‘According to Intel this new vulnerability affects all Intel Intel Core-based microprocessors and is a bug in the actual CPU, so it does not matter what operating system the user is running. It could be Windows, Linux, BSD, or any other operating running an an Intel Core-based CPU and using “Lazy FPU context switching”.’

2.

The Register: Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune – “Malware on Cores, Xeons may lift computations, mitigations in place or coming … In short, the security hole could be used to extract or guess at secret encryption keys within other programs, in certain circumstances, according to people familiar with the engineering mishap.”

3.

The Register: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix – “Good thing too because Intel’s planned chip changes may break Google’s Retpoline”

“In a paper distributed this week through the ArXiv preprint server, “SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation,” computer scientists from University of California, Riverside, College of William and Mary and Binghamton University describe a way to isolate the artifacts produced by speculative execution so that they can’t be used to glean privileged data.”

Updates to Specific Ransomware Families and Types

Everbe: Pierluigi Paganini – Experts released a free decryptor for Everbe Ransomware

Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

Updates to Chain Mail Check

Updates to Mac Virus

  1.  ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

2.

The Register: Apple will throw forensics cops off the iPhone Lightning port every hour

“Initially, Restricted Mode required a passcode after one week. But Apple confirmed yesterday that a plugged-in iPhone will require a passcode every hour for the data transfers to continue. … Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work.”

3.

Josh Pitts, for Okta, goes into extensive detail about a “vulnerability [that] exists in the difference between how the Mach-O loader loads signed code vs how improperly used Code Signing APIs check signed code and is exploited via a malformed Universal/Fat Binary.” I can be Apple, and so can you – A Public Disclosure of Issues Around Third Party Code Signing Checks

For Bleeping Computer, Lawrence Abrams summarizes: Mac Security Tool Bugs Allow Malware to Appear as Apple Software.

John Leyden for The Register: Hello, ‘Apple’ here, and this dodgy third-party code is A-OK with us – “Subtle attack thwarts macOS code-signing process”

4.

Lukas Stefanko for ESET: Android users: Beware these popularity-faking tricks on Google Play
– “Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers … …since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.”

5.

Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.

6.

Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

David Harley

Cryptomining – it’s off to scam we go

1.

ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

2.

Catalin Cimpanu for Bleeping Computer: Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million – Online crooks promoting fake “giveaways” have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.”

3.

Graham Cluley: Bitcoin price takes a dive after another cryptocurrency exchange hack
– “Billions of dollars worth of wealth were wiped out this weekend after a South Korean cryptocurrency exchange was hacked … The exchange in question is called Coinrail…”

4.

Lisa Vaas for Sophos: SHOCK! HORROR! SURPRISE! Bitcoin priceplosion may have been market manipulation – “Last year’s meteoric rise in the value of Bitcoin and other cryptocurrencies might well have been artificially inflated, according to a paper released on Wednesday by University of Texas finance professor John Griffin and graduate student Amin Shams.” Maybe not an outright scam, but a bit shady, if true.

David Harley

June 1st AVIEN resources updates

Updates to (Anti)Social Media

Tomáš Foltýn for ESET: More curious, less cautious: Protecting kids online – “How we can help protect a generation for which digital is the way of the world?”

Updates to Cryptocurrency/Crypto-mining News and Resources

Trend Micro: Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

Updates to GDPR page

For Tech Beacon, Richi Jennings curates some blog-y thoughts on GDPR and what comes next from the EU: Think GDPR was a disaster? EU’s ePrivacy Regulation is worse

Milena Dimitrova for Security Boulevard: GDPR Is Affecting the Way WHOIS Works, Security Researchers Worry – as indeed it is, and indeed they should…

Graham Cluley: An advert against online privacy “NO, YOU CAN TAKE ANYTHING… JUST DON’T TAKE MY APPS!” – “The advertising industry … has its knickers in a twist so tightly about European privacy regulations that it made videos like this to try to sway public opinion”

For Help Net, Arcserve’s Oussama El-Hilali discusses The emergence and impact of the Data Protection Officer. Not a bad article, but extraordinarily US-centric in its assertion that “… one of the lesser known mandates of the regulation is the creation of a completely new role: The Data Protection Officer (DPO).” That role, if not necessarily that job title, has long been known in Europe and the UK as a direct result of the Data Protection Directive 95/46/EC, which it supersedes and the UK’s Data Protection Act(s).

Sophos:  European Commission “doesn’t plan to comply with GDPR” – well, sort of

Updates to Meltdown/Spectre and other chip-related resources

The Register: Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode) – “Apps, 32 or 64-bit, will continue to run just fine as design biz looks to ditch baggage … Linux and Android, Windows, and other operating systems built for this latest Cortex-A family member are being positioned, or are already positioned, to work within this 64-bit-only zone.”

Also from The Register: Spectre-protectors: If there’s something strange in your CPU, who you gonna call? “Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more … Enhanced Spectre-protectors will soon come to the Chrome browser … and upgrades for Windows, Mac and Linux have started to flow.”

Updates to Internet of (not necessarily necessary) Things

Dearbytes: Smartwatches disclosing children’s location

The Register: OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats – “Infamous IoT menace lives on in its hellspawn”. Summarizes Netscout’s research – OMG – Mirai Minions are Wicked – “In this blog post we’ll delve into four Mirai variants; Satori, JenX, OMG and Wicked, in which the authors have built upon Mirai and added their own flair.”

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Backup Cryptomix Ransomware Variant Actively Infecting Users

Updates to Mac Virus

John Gruber for Daring Fireball: 10 Strikes and You’re Out – the iOS Feature You’re Probably Not Using But Should. The feature he’s referring to is the passcode option “Erase all data on this iPhone after 10 failed passcode attempts”. I don’t have an iPhone, so haven’t really looked into the feature, but it certainly seems that it’s a more useful, less daunting option than you might think.

Paul Ducklin for Sophos: Apple’s iOS 11.4 security update arrives in an iCloud of silence – “We updated to iOS 11.4, because that’s our habit – but Apple still isn’t saying what was fixed yet. How we wish Apple wouldn’t do that!”

Updates to Chain Mail Check

Tomáš Foltýn for ESET: World Cup scams: how to avoid an own goal – “Whether travelling to enjoy the matches in person, or watching from home, fans should be on the lookout for foul play” (I always enjoy Tomáš’s wordplay.)

Snopes: Is Starbucks Installing ‘Shatter-Proof Windows’? – “An image circulating online falsely promised “free coffee for a year” to anyone who could damage the company’s new windows.” Put away that bazooka…

David Harley

26th May updates

Updates to Cryptocurrency/Crypto-mining News and Resources

(1) Malwarebytes put up an interesting analysis of a new Mac Cryptominer: New Mac cryptominer uses XMRig.

Cryptomining malware targeting Mac users isn’t something we hear a lot about, but in his article Thomas Reed points out that: “Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS, such as Pwnet, CpuMeaner, and CreativeUpdate.”

Commentary from Pierluigi Paganini: Many users reported in the past few weeks their Macs have been infected with a new Monero Miner

(2) Help Net Security reports on How security pros see the future of cryptocurrencies and cryptomining: “Data gathered by Lastline at RSA Conference 2018 reveals security professionals’ perspectives on the future of cryptocurrencies and cryptomining, response to ransomware attacks, and security impact of IoT devices.”

(3) Help Net: How a URL shortener allows malicious actors to hijack visitors’ CPU power – “URL shorteners are often used by malware peddlers and attackers to trick users into following a link they otherwise wouldn’t. But Coinhive’s URL shortener carries an added danger: your CPU power can be surreptitiously hijacked to mine Monero.”

(4) Interesting analysis, also from Help Net: Crypto Me0wing attacks: Kitty cashes in on Monero

(5) ZDnet: Verge blockchain comes under attack, again – It seems the same attack vector used to steal cryptocurrency reserves only just over a month ago is at fault.

Updates to Meltdown/Spectre and other chip-related resources

(1) The Register: Epyc fail? We can defeat AMD’s virtual machine encryption, say boffins – Evil hypervisors can lift plaintext info out of ciphered memory, it is claimed

(2) For ESET, Aryeh Goretsky’s Meltdown and Spectre CPU Vulnerabilities: What You Need to Know has been updated.

(3) The Register: Within Arm’s reach: Chip brains that’ll make your ‘smart’ TV a bit smarter – “Get ready for a future where everything from phones to CCTV recognizes faces, things”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

(1) Help Net Security reports on How security pros see the future of cryptocurrencies and cryptomining: “Data gathered by Lastline at RSA Conference 2018 reveals security professionals’ perspectives on the future of cryptocurrencies and cryptomining, response to ransomware attacks, and security impact of IoT devices.”

(2) Bleeping Computer: Z-Shave Attack Could Impact Over 100 Million IoT Devices –

“The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack … the attack —codenamed Z-Shave— relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.”

(3) Eurekalert: Bitcoin estimated to use half a percent of the world’s electric energy by end of 2018

Updates to Mac Virus

(1) Malwarebytes put up an interesting analysis of a new Mac Cryptominer: New Mac cryptominer uses XMRig.

Cryptomining malware targeting Mac users isn’t something we hear a lot about, but in his article Thomas Reed points out that: “Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS, such as Pwnet, CpuMeaner, and CreativeUpdate.”

Commentary from Pierluigi Paganini: Many users reported in the past few weeks their Macs have been infected with a new Monero Miner

(2) The Register: Apple will start coughing up government app takedown demand stats – “But applications the iGiant removes on its own won’t be included”

(3) Sophos: Google in court over ‘clandestine tracking’ of 4.4m iPhone users, plus TeenSafe phone monitoring app leaks teens’ iCloud logins in plaintext

(4) Appknox: Appknox M-Commerce Security Report Finds High Level Vulnerabilities in 84% Apps. Commentary from Help Net: High-level vulnerabilities discovered in 84% of Android shopping apps

David Harley

New GDPR page

You might think that the day after the General Data Protection Regulation goes into effect in EU member states is a bit late in the day, but it seems there’s so much last minute panic and uncertainty around I thought I might at least put up some relevant links while the dust settles. These links are posted to the new page here.

Here’s a sensible article by Mirko Zorz for Help Net Security – GDPR: Today is the day – echoing a point I’ve been making to anyone who insisted on getting my opinion. “The other big misconception is that GDPR is forcing companies to think about something new. Legislation in the EU and UK to protect data has been around years before GDPR. What’s new in GDPR is the potential size of the fine and the fact that it can affect non-EU companies. Getting companies to think seriously about how they protect data has been an ongoing effort for many years.” The point I’ve been trying to make (though not previously in any sort of article) is that if you’ve been compliant with the Data Protection Directive  that GDPR supersedes and harmonized legislation like the UK’s Data Protection Act (updated for 2018 in order to conform with GDPR), then GDPR shouldn’t be such a big deal. Yes, many organizations have needed to tweak their policies and practices, but the broad focus of the legislation, in the words of the Data Protection Act, is still along these broad lines:

The GDPR, the applied GDPR and this Act protect individuals with regard to the processing of personal data, in particular by—

(a)requiring personal data to be processed lawfully and fairly, on the basis of the data subject’s consent or another specified basis,

(b)conferring rights on the data subject to obtain information about the processing of personal data and to require inaccurate personal data to be rectified, and

(c)conferring functions on the Commissioner, giving the holder of that office responsibility for monitoring and enforcing their provisions.

Even organizations outside the European Union but engaged in transactions with member states should not be strangers to the need to address these issues, which have been addressed with regard to external states for decades by the EU directives and legislation. Remember Safe Harbour? Of course, not all organizations have shown equal enthusiasm and prompt action. Microsoft, for instance, has announced that:

…we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.

(This is also a neat summary from Microsoft: In case you missed it: 10 of your questions from our GDPR webinars.)

Help Net also notes that “Apple has set up a Data and Privacy portal where users can make a request to download all the data Apple has on them, correct their personal information, deactivate or delete their account.”

Sounds good to me, in principle at least. No doubt we’ll have lots of fun seeing what happens in practice.

Facebook has been more equivocal, while claiming to be singing from the same hymnsheet. While ICANN has been noticeably wrong-footed in its belated attempts to tweak DNS and WHOIS in order to achieve conformance. And there is no need for me to even try to name and shame all the services that are currently suspended while the providers try to sort themselves out.

Meanwhile, ESET offers to tell us Why GDPR affects companies around the world (video) and also offers a free guide and compliance check here. And here’s more advice from Jon Fielding of Apricorn for Help Net: It’s time to embrace GDPR

Gizmodo: Facebook and Google Accused of Violating GDPR on First Day of the New European Privacy Law – “So what are Facebook and Google allegedly doing to violate the GDPR? Privacy advocates in Europe say that instead of adhering to the letter of the law, companies aren’t really giving consumers a choice; you can either agree to let Facebook and Google collect enormous amounts of data on you, or you can delete their services. There is no middle ground.” No surprise there, then…

And, from the Guardian:

Most GDPR emails unnecessary and some illegal, say experts “Many firms have the required consent already; others don’t have consent to send a request”

David Harley

27th April resources updates

Updates to Anti-Social Media 

Also from Sophos: Know what Instagram knows – here’s how you download your data

The Register: Facebook: Crisis? What crisis? Look at our revenue, it’s fantastic “But analysts say ditch your stock as opex set to blow up”

And again from Sophos: Yahoo fined $35m for staying quiet about mega breach

Updates to Cryptocurrency/Crypto-mining News and Resources

The Register: Power spike leads Chinese police to 600-machine mining rig – “Six Bitcoiners cuffed for electricity heist”

Updates to Meltdown/Spectre and other chip-related resources

Kaspersky Threat Post: MICROSOFT ISSUES MORE SPECTRE UPDATES FOR INTEL CPUS – “Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware (microcode) updates for Intel CPUs that include the Broadwell and Haswell chipsets.”

ZDnet: A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Commentary on Exploiting CVE-2018-1038 – Total Meltdown

Updates to Internet of (not necessarily necessary) Things

Graham Cluley: The NSA wants its algorithms to be a global IoT standard. But they’re simply not trusted – “Why were the algorithms – known as Simon and Speck, and – rejected? It seems because … [they] might contain encryption backdoors that would be abused by US authorities.” I’ve always tended to mistrust standards espoused by professional politicians, who are rarely as knowledgeable on security issues as they would have us believe. Film and TV makers are often deeply mistrustful of government agencies – conspiracy theories make good drama. And in recent years, that mistrust has been reinforced by real news. It’s no wonder if people fear that the Internet of Things will tip into 1984 telescreens. But perhaps they should be at least as distrustful of the private sector. 

The Register: Princeton research team hunting down IoT security blunders – “IoT Inspector is currently at the data-gathering stage, with the aim of launching an open source tool for users to get some idea of what their devices are doing.”

Bleeping Computer: Ski Lift in Austria Left Control Panel Open on the Internet – “Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift’s operational settings.”

Updates to Tech support scams resource page

Erik Wahlstrom for Microsoft talks about tech support scams, the volume of complaints Microsoft receives, and the partnerships it has built in an effort to reduce their impact. Worth reading. Teaming up in the war on tech support scams. Some commentary and basic advice from Graham Cluley: Reports of tech support scams rocket, earning handsome returns for fraudsters.

Updates to: Ransomware Resources

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Updates to Specific Ransomware Families and Types

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Bleeping Computer: New C# Ransomware Compiles itself at Runtime. Announced by the MalwareHunterTeam.

Updates to Chain Mail Check

Me… Microsoft on support scams – plus, assessing gullibility

David Harley

25th April AVIEN Resource Updates

Updates to Anti-Social Media 

The Register: Happy having Amazon tiptoe into your house? Why not the car, then? In-trunk delivery – what could go wrong? – “New Bezos scheme opens up vehicles as drop-off points” What could go wrong?

Sophos: Ex-Reddit mogul apologizes for making the world ‘a worse place’ “New York Magazine recently interviewed McComas for a project called “The Internet Apologizes.”That project has involved interviews with more than a dozen prominent technology figures about “what has gone wrong with the contemporary internet.” “

Updates to Cryptocurrency/Crypto-mining News and Resources

Graham Cluley for ESET: Ethereum cryptocurrency wallets raided after Amazon’s internet domain service hijacked

Help Net Security: Exfiltrating private keys from air-gapped cold wallets

Fortinet: Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner

Bill Harris for Recode: Bitcoin is the greatest scam in history “It’s a colossal pump-and-dump scheme, the likes of which the world has never seen.” Harsh!

Updates to Meltdown/Spectre and other chip-related resources

Kyle Orland for Ars Technica: The “unpatchable” exploit that makes every current Nintendo Switch hackable [Updated] “Newly published Tegra bootROM exploit could be a big headache for Nintendo and others.” Commentary from The Verge: Nintendo’s Switch can be hacked to run custom apps and games.

Updates to Internet of (not necessarily necessary) Things

Help Net: Effective intrusion detection for the Internet of Things – summarizes the research paper D¨IOT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices

Healthcare IT News: Abbott releases firmware patch to fix cybersecurity flaws in 350,000 medical devices

Help Net: Cybersecurity task force addresses medical device safety. Also: Help Net – FDA plans to improve medical device cybersecurity

Updates to Tech support scams resource page

 Christopher Burgess for Security Boulevard: When Scammers Fill the Tech Support Void Burgess says: “I still haven’t figured out why those companies that provide tech support tend to hide the connectivity to these saviors of their brand in the weeds of the website, but they do, and we search—and sometimes we strike gold.” (I have some thoughts to add on this.)

Updates to: Ransomware Resources

Reuters: Ukrainian energy ministry website hit by ransomware attack

Graham Cluley: The firms that piggyback on ransomware attacks for profit “DON’T WANT TO PAY THE RANSOM? PAY US, AND WE’LL PAY IT FOR YOU! … It seems there are firms out there who are charging ransomware victims a hefty premium for the safe return of your data – when all that’s actually happening is they are paying the ransom on your behalf.”

Ross Ryan for the Prince Edward Island Guardian: P.E.I. government website hit by ransomware attack

Updates to Specific Ransomware Families and Types

Europol: WORLD’S BIGGEST MARKETPLACE SELLING INTERNET PARALYSING DDOS ATTACKS TAKEN DOWN

Updates to Mac Virus

Evil maids and Apple debugs

David Harley

Social media memes and secret questions

Back in 2012, Virus Bulletin published an article of mine called Living the Meme about how meme-ish things shared on social media might be an invitation to give away information that could be useful to an attacker.

If I can quote myself (of course I can!)

Secret answers to security questions posed by banking sites and the like as a supplement to passwords, or for people who forget their passwords, are pretty stereotyped. Names of relatives, names of pets, first school, childhood address and so on are highly characteristic, so some security commentators suggest inventing answers to such questions rather than using real data. That’s a logical alternative to inventing your own challenge/response – which is rarely an option – and I’m all in favour of it, as long as it doesn’t contravene some legal or quasi-legal restriction.

In a recent article Brian Krebs makes a similar point, but cites a number of up-to-date examples where ‘seemingly innocuous little quizzes, games and surveys’ ask for information similar to that used for online accounts as ‘secret questions’: Don’t Give Away Historic Details About Yourself.

David Harley