Tag Archives: Browser Security

June 29th AVIEN resource updates

Updates to Cryptocurrency/Crypto-mining News and Resources

FireEye: RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

The Register: – How polite: Fun-bucks coin miners graciously ease off CPU pounding “…according to Johannes Ullrich, head of research at SANS, who today pointed out that malicious mining apps are scaling down activity and employing built-in encryption to make them harder for antivirus packages to detect.”

Updates to Meltdown/Spectre and other chip-related resources

Catalin Cimpanu for Bleeping Computer: Some Spectre In-Browser Mitigations Can Be Defeated “According to research published by Aleph Security … researchers were able to put together proof-of-concept code that retrieves sensitive data from a browser’s protected memory … their PoC bypassed Spectre mitigations and retrieved data from browsers such as Edge, Chrome, and Safari.” (But not Firefox, apparently.)

See also these anti-social media page updates.

David Harley

Advertisements

Rootkits

I missed this when it was originally published, but it’s an interesting interview (if you can get around Joanna’s rather childish bias against the AV industry) about rootkit technology, and the escalating fight to secure operating systems. I totally agree on many points, including the idea of separating function as far as possible (having a separate VM only ever used for banking is a good idea). It’s a long article, and covers some basics too, but it’s worth persevering through the 9 pages.

http://www.tomshardware.com/reviews/joanna-rutkowska-rootkit,2356.html

Andrew Lee CISSP
AVIEN CEO

Phishing attacks strike popular webmail sites

Nothing really new, apart perhaps from the scale of the attacks. This one talks about Gmail, but there have also been recent attacks against Yahoo, AOL and Hotmail.

http://news.bbc.co.uk/2/hi/technology/8292928.stm

If nothing else, this reminds that we still have a very long way to go on educating the users to phishing. We also have a big problem with SSL – as David pointed out a couple of days ago, SSL is a privacy preserver, not a security measure – and it certainly won’t protect against phishing.

Andrew Lee