[Updates that haven’t been flagged in my other AVIEN articles today]
Updates to Specific Ransomware Families and Types
Catalin Cimpanu for Bleeping Computer: Vaccine Available for GandCrab Ransomware v4.1.2 Cimpanu reckons that “The GandCrab ransomware has slowly become the most widespread ransomware strain in use today.” At the moment Ahnlab’s vaccine app only works with version 4.1.2 of GandCrab, but Cimpanu suggests that it might be backported. The app can be downloaded from here or here.
John Leyden for The Register: Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records – “Tens of thousands of Canadian medical files, healthcare worker details snatched” Not ransomware, but still extortion.
Updates to Chain Mail Check
HelpNet Security: Microsoft tops list of brands impersonated by phishers. Summarizes an article by Vade Secure’s Phishers’ Favorites Top 25 List. Trailing quite a long way behind are PayPal, Facebook, Netflix etc. Vade reckon that Microsoft is such a favourite because it can be so profitable to get into a Microsoft Office 365 account.
Updates to Mac Virus
- Following up this story: USB restricted mode: now you don’t see it, now you do…
Elcomsoft’s claims hinged on the assertion that “…iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before…Most (if not all) USB accessories fit the purpose — for example, Lightning to USB 3 Camera Adapter from Apple.”
Andrew O’Hara, for AppleInsider, tells us that iOS 12 developer beta 4 requires device to be unlocked before connecting any USB accessories. “In the fourth developer beta of iOS 12, a passcode is required any time a computer or USB accessory is connected…Before the change, authorities or criminals would have an hour since last unlock to connect a cracking device, like the GreyKey box. Now, they don’t have that hour, making it that much more difficult to brute force a password attempt into a device.”
2. SecureList: Calisto Trojan for macOS – “The first member of the Proton malware family? … Conceptually, the Calisto backdoor resembles a member of the Backdoor.OSX.Proton family: … it masquerades as a well-known antivirus (a Backdoor.OSX.Proton was previously distributed under the guise of a Symantec antivirus product) … Like Backdoor.OSX.Proton, this Trojan is able to steal a great amount of personal data from the user system, including the contents of Keychain”