Category Archives: Uncategorized

Covid-19 updates 15th April 2020

Sometimes these articles are posted quite early in the day: in such a case, additions will be made to the same article. Of course, the ‘authoritative’ sources are these update/resource pages, which are continuously updated:

David Harley

Covid-19 updates 14th April 2020

Sometimes these articles are posted quite early in the day: in such a case, additions will be made to the same article. Of course, the ‘authoritative’ sources are these update/resource pages, which are continuously updated:

Today’s updates:

David Harley

Covid-19 updates 12th April 2020

Already added to the appropriate pages.

1. Covid-19: general information/resources

2. Covid-19: Misinformation & Politics

3. Covid-19: scams & security issues

Rehearsals for Retirement

I didn’t entirely abandon the security industry: I’ve responded to the occasional request for an interview, including this one on Who owns social media? and I did quite a lot of work on the English translation of this Book by Eddy Willems (I might still be tempted by other authoring/reviewing/editing projects). And I’m still playing with the idea of a book on anti-malware product testing.

Meanwhile, here’s an article I wrote in February for the AV-Comparatives blog. Spotlight on security: The Curse of the False Positive but forgot to flag here. Well, product testing was part of my job description long before I joined the antivirus industry (as we still often called it at that time), so it’s not quite a case of crossing over to the Dark Side. As a matter of fact, I’ve always had a good relationship with the guys at AV-Comparatives. And I have one or two other articles in process elsewhere.

Anyway, I thought I’d mention that, finally, as I’m contemplating adding a new page to this blog, even though noone is likely to pay me to do it. Old habits die hard…

David Harley

*Yes, I stole that from a Phil Ochs album title… I spend much more time on music than I do on security nowadays.

November 18th 2018: AVIEN resource updates

Updates to Anti-Social Media 

The Register: Sorry, Mr Zuckerberg isn’t in London that day. Or that one. Nope. I’d give up if I were you – “Facebook boss delays, denies and deflects more invitations to international committee …. The UK’s digital committee has been trying to get Mark Zuckerberg to have a chat with them since the Cambridge Analytica scandal broke in April. Its latest tactic is an “international grand committee” made up of parliamentary committees from five different nations” ”


My attention was drawn via an article from the Homeland Security News Wire – Using social media to weaken impact of terrorist attacks – to a report spearheaded by Cardiff University’s Crime and Security Research Institute and commissioned by the Five Country Ministerial (FCM) Countering Extremism Working Group, and  called From Minutes to Months – A rapid evidence assessment of the impact of media and social media during and after terror events. According to the Executive Summary it centres on:

1. An overview of the relationships between terrorist violence and media, and
how these have been influenced by changes to the media ecosystem.
2. A brief outline of the key typical developments that take place in particular
time periods as one moves further away from the occurrence of the original
violence.
3. Recommendations for police, government and others involved in public
safety provision, in terms of what strategic communications postures they
can adopt to limit the impacts and harms of terror attacks.

Interesting stuff.


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”


Graham Cluley: On eve of US elections, Facebook blocked 115 accounts engaged in ‘coordinated inauthentic behavior’ – “In a statement posted on its website … Facebook explained that in the last year it has found and removed bad actors from the site on many occasions – based on its own internal investigations and information provided by law enforcement, and external experts.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Matthieu Faou for ESET: Supply-chain attack on cryptocurrency exchange gate.io – “Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange”


Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

Updates to GDPR page

Tomáš Foltýn for ESET: Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites – “The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes”


ThreatPost: GDPR’s First 150 Days Impact on the U.S. – “So, roughly 150 days after the passage of one of the most significant data privacy laws ever, how has it impacted U.S. companies’ privacy efforts? The reality is, not so much.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Well, here’s a  twist. For Sophos, Lisa Vaas cites an article in the Washington Post regarding a murder in New Hampshire in January 2017. The Post quotes documents that state:

The court finds there is probable cause to believe the server(s) and/or records maintained for or by Amazon.com contain recordings made by the Echo smart speaker from the period of Jan. 27 to Jan. 29, 2017… and that such information contains evidence of crimes committed against Ms. Sullivan, including the attack and possible removal of the body from the kitchen.

Lisa Vaas also tells us that this is at least the 2nd occasion on which “a court has demanded Alexa recordings so that a digital assistant can testify in a murder case.”


Lisa Vaas also drew my attention to an article from Pen Test Partners article  Tracking and snooping on a million kids, which looks at the MiSafes ‘Kids Watcher’ tracking watch, which sounds like a reasonable idea in terms of keeping an eye on your children’s safety. However, it appears that the implementation is far from perfect, in several respects. If you’ve bought or are considering buying one of these, you need to read the article.


The Register: This one weird trick turns your Google Home Hub into a doorstop – “Secret API leaves door open for remote commands from other gadgets sharing its Wi-Fi”


The Register: As if connected toys weren’t creepy enough, kids’ data could be used against them in future – “Watchdog tells manufacturers to reveal what they slurp on tots …. the UK’s Office of the Children’s Commissioner has said in a report warning of the long-term impact of amassing data on kids…. young folk will have sent out an average of 70,000 social media posts by the time they reach 18, while snap-happy parents will have uploaded 1,300 photos and videos of their offspring online before they become teenagers.”

The Register: Creepy or super creepy? That is the question Mozilla’s throwing at IoT Christmas pressies – “‘Tis the season to be tracked by your connected water bottle”


The Register: Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses – “”I challenge you to find an industry in the last 100 years that has improved security without being told [to do so] by the government.”


Graham Cluley for TripWire: Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw – “Analysts working at Qihoo 360’s Netlab team say that they first identified the new botnet in September 2018. They have dubbed it “BCMUPnP_Hunter” because of its exploitation of a security hole in the Broadcom UPnP SDK first discovered in 2013.””

Updates to Meltdown/Spectre and other chip-related resources

The Register: Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips – “CPU slingers insist existing defenses will stop attacks – but eggheads disagree [….] “‘Speculative execution’ is often falsely used as an umbrella term…” they explain in a paper distributed through ArXiv on Tuesday.”


Danny Bradbury for Sophos: PortSmash attack steals secrets from Intel chips on the side – “The proof of concept code, called PortSmash, comes from researchers at Finland’s Tampere University of Technology and the Technical University of Havana, Cuba. It uses a category of exploit called a side channel attack, in which one program spies on another as it runs.”

Updates to Specific Ransomware Families and Types

The Register: Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken – “”Considering the lowest ransom note is $600 and almost half of infected victims give in to ransomware, the developers might have made at least $300m in the past couple of months alone,” says BitDefender’s Liviu Arsene.”


ZDNet: New SamSam ransomware campaign aims at targets across the US
“Hackers behind powerful file-locking malware with high ransom demands continue to target organisations they find vulnerable to attacks.”


David Bisson for Tripwire: Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Updates to Tech support scams resource page

Jérôme Segura for Malwarebytes: Browlock flies under the radar with complete obfuscation – “Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users.  [….] Recently we’ve seen the “evil cursor” that prevents you from closing the fake alert, and the fake virus downloadthat insinuates your computer is already infected. This time, we look at how browser locker pages use encoding to bypass signature-based detection.”

Updates to Mac Virus

Apple and Android updates 17th November 2018

  • iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo
  • ESET: Google’s data charts path to avoiding malware on Android
  • Android security patches
  • Apple Watch patch
  • iOS 12.1 lockscreen bypass
  • Krebs on SIM-swapping

David Harley

26th October resource updates

Cryptocurrency updates

ZDNet: North Korea blamed for two cryptocurrency scams, five trading platform hacks
” A Group-IB report published last week pinned five of 14 cryptocurrency exchange hacks on Lazarus Group, a codename assigned by the cyber-security industry to North Korea’s military hacking units….In a report published today by threat intel firm Recorded Future, individuals associated with the North Korean regime have also been blamed for running cryptocurrency-related scam.” [sic]


Pierluigi Paganini: Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol – “The presentation titled “BOTCHAIN aka The Dark side of Blockchain” includes details about the first fully functional Botnet built upon the Bitcoin Protocol named “BOTCHAIN”.”

Updates to Anti-Social Media 

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”


The Register: Jeez, not now, Iran… Facebook catches Mid East nation running trolly US political ads – “Whack-a-Troll: Ad biz smashes latest manipulation plot to show it’s doing…something … Facebook, the antisocial advertising platform on which anyone can promote just about anything, on Friday said it found people promoting political discord in the US and UK, yet again.”

IoT update


Tomáš Foltýn for ESET: IoT: A roomful of conundrums
“How can you stay safe in a world where “smart” is the new default?”


The Register: We asked 100 people to name a backdoored router. You said ‘EE’s 4GEE HH70’. Our survey says… Top answer! – SSH hardcoded ‘admin’ login found, patch, er, patch coming?


Europol press release: If your toothbrush calls you, it might not be for dental hygiene: the importance of securing the internet of things

“Building on this work, ENISA continues to engage with stakeholders and will publish a new study in 2018 on Good Practices for Security of IoT with a focus on Industry 4.0 and smart manufacturing, while in 2019 relevant efforts concerning smart cars are expected.”

Updates to Specific Ransomware Families and Types

ESET: ESET releases new decryptor for Syrian victims of GandCrab ransomware – “ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators”

Updates to Anti-Malware Testing

SE Labs introduces penalty shootout

Updates to Chain Mail Check

Je te plumerai le BEC

Updates to Mac Virus

ZDnet: Apple blocks GrayKey police tech in iOS update – “Reports suggest the data-slurping tool has been rendered useless — but no-one knows how.”

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”

David Harley

Krebs/Sager interview on supply chain security

Further to the Bloomberg reports previously mentioned here, here’s a fascinating article from Brian Krebs, featuring an interview with Tony Sager. Not at all Apple-specific, but essential reading, so also linked from the MacVirus blog.

Supply Chain Security 101: An Expert’s View

“Sager said he hadn’t heard anything about Supermicro specifically, but we chatted at length about the challenges of policing the technology supply chain.”

David Harley

Another Bloomberg report, another supply-chain issue

In a story from 9th October, Bloomberg tells us of New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom.

“A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.”

The tampering described differs from that in Bloomberg’s previous report. This one describes an ‘implant’ in a server’s Ethernet connector. The communications company has not been named, but the report is based on information from Yossi Appleboum, described as “co-chief executive officer of Sepio Systems”, who suggests that this approach to snooping has been seen in other equipment supplied by China, while Bloomberg compares it to manipulations used by the NSA.

Commentary from The Verge: Tampered Chinese Ethernet port used to hack ‘major US telecom,’ says Bloomberg report.

Whatever the truth is of this story, it seems to go far beyond Apple. Nevertheless, also published on the Mac Virus blog. as it develops a story previously published there.

David Harley

6th October 2018 updates

Updates to Anti-Social Media 

Lisa Vaas for Sophos: Facebook finds “no evidence” attackers accessed third-party apps – “Facebook said … Nevertheless, it’s building a tool to allow developers to manually identify which of their apps’ users may have been affected, so they can log them out.”

Updates to: Ransomware Resources

Updates to Chain Mail Check

Extortion & Breach Compilation archive; BEC as a service

Updates to Mac Virus

Supply chain hacking: bull in a China shop? [updated]

Android SMS Worm, plus setting up a Mac for kids

David Harley