Tag Archives: cryptocurrency

May 30th updates

Updates to Anti-Social Media 

Sophos: Facebook battles tiny startup over privacy accusations John E. Dunn remarks:

“You can argue Six4Three’s allegations either way … they’re another example of the way the company perfectly understood the value of its user data and wanted to monetise it.”

“Alternatively, by restricting third parties, Facebook was simply reigning in risky access that privacy advocates believe should never have been allowed in the first place.”

Updates to Cryptocurrency/Crypto-mining News and Resources

ESET: UNICEF now using cryptocurrency mining for fundraising – “So far in 2018, the NGO has launched two charity campaigns with the aim of raising funds through cryptocurrency mining.”

Technode: Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems – “Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 […] EOS is a blockchain-based, decentralized system that enables the development, hosting, and execution of commercial-scale decentralized applications (dApps) on its platform.”

Updates to GDPR page

The Register: Businesses brace themselves for a kicking as GDPR blows in – “Securing company data just got even harder”

Updates to Internet of (not necessarily necessary) Things

The Register: Softbank’s ‘Pepper’ robot is a security joke – “Big-in-Japan ‘bot offers root access through hard-coded password and worse bugs too”

Sophos: California tests digital license plates. Is tracking cars next? –  Lisa Vaas comments: ‘Yes, now we can add license plates to the pile of “do we really need xyz IoT thing,” which already includes internet-enabled fridges, toasters, washing machines and coffee makers.’ And mentions quite a few of the issues that this initiative raises. What could go wrong?

Updates to MELTDOWN/SPECTRE AND OTHER CHIP-RELATED RESOURCES

Interesting paper: Post-Spectre Threat Model Re-Think

Updates to Mac Virus

(1) Bleeping Computer: Malware Found in the Firmware of 141 Low-Cost Android Devices – “Two years after being outed, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.” 

Dr Web report from 2016: Doctor Web discovers Trojans in firmware of well-known Android mobile devices – “Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.”

Avast report from 24th May 2018: Android devices ship with pre-installed malware – “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”

(2) Meanwhile, Sophos’ Matt Boddy has been looking at how to find out the answer to the question Are your Android apps sending unencrypted data? He says:

“My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.

I’ll tell you what I did, what I discovered and how you can do it too.”

Updates to Anti-Malware Testing

AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.

No information at present on exactly how the voting went, which I’d like to have seen in the interests of transparency.

David Harley

Advertisements

21st May 2018 update

Updates to Anti-Social Media 

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users  – “Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.” And some commentary from The Register: How could the Facebook data slurping scandal get worse? Glad you asked – “Three million “intimate” user profiles offered to researchers”

And commentary from Sophos: Facebook app left 3 million users’ data exposed for four years

Updates to Cryptocurrency/Crypto-mining News and Resources

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

ZDNet: Brutal cryptocurrency mining malware crashes your PC when discovered  – “…the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency.”

Help Net Security: 25% of companies affected by cloud cryptojacking

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page may indeed be necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Updates to Tech support scams resource page

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Bip Dharma Ransomware Variant Released

ArsTechnica: All of Mugshots.com’s alleged co-owners arrested on extortion charges

Updates to Mac Virus

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

Help Net Security: Google will force Android OEMs to push out security patches regularly

Kaspersky: WHO’S WHO IN THE ZOO. CYBERESPIONAGE OPERATION TARGETS ANDROID USERS IN THE MIDDLE EAST

Symantec: Malicious Apps Persistently Appearing on Google Play and Using Google Icons
– “Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported.”

Sophos: The next Android version’s killer feature? Security patches “…the next version of Google’s mobile OS will require device makers to agree to implement regular security patches for the first time in the operating system’s history.’

Updates to Anti-Malware Testing

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

Updates to Chain Mail Check

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

13th March 2018 resources updates

(1) New section on Trend Micro Resources in Meltdown/Spectre – Related Resources

Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”

(2) Cryptocurrency/Crypto-mining News and Resources

David Harley

12th March 2018 resources updates

Specific Ransomware Families and Types

Ransomware Resources

Cryptocurrency/Crypto-mining News and Resources

(1) Paul Ducklin for Sophos: Cryptomining versus cryptojacking – what’s the difference?

(2) Bleeping Computer tells us: Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours
ZDNet is even more enthusiastic: Windows security: Microsoft fights massive cryptocoin miner malware outbreak – “Microsoft has blocked a malware outbreak that could have earned big bucks for one criminal group.”
Other players in the security industry were more restrained (as per the entry for March 8th below), notably myself, Sean Sullivan and Luis Corrons, quoted in an article by Kevin Townsend: Microsoft Detects Massive Dofoil Attack. Kevin didn’t quote me in full, so here’s (most of) what I said:

I don’t read that article as actually saying that Defender detected that particular campaign and no-one else did/does (which isn’t the case: note that some of the hashes in the figures show a VirusTotal score), or claiming that Microsoft actually disrupted the campaign, or even that it was the first product to detect this particular iteration of Dofoil or the Coinminer it’s delivering. If there’s a suggestion that detection by other products was tested, I missed it.

If it gives the impression that this detection ‘proves’ that all such attacks will be detected by Defender, well, that’s what AV products (often) do, but the phrase ‘hostage to fortune’ springs to mind. But the way I read it, Windows Defender did a good job of detecting this particular campaign, and deserve credit for it. As does any company that offers prompt/proactive detection of a sophisticated campaign, and there are several that do.

Do the Defender team have an unfair advantage? Well, I guess they have direct access to the OS developers, but spotting behavioural anomalies is bread-and-butter lab work, and incorporating such detection into cloud protection and machine learning is standard stuff. And I’m sure most labs value good knowledge of OS processes.

David Harley

12th March 2018 resources updates

Specific Ransomware Families and Types

Ransomware Resources

Cryptocurrency/Crypto-mining News and Resources

(1) Paul Ducklin for Sophos: Cryptomining versus cryptojacking – what’s the difference?

(2) Bleeping Computer tells us: Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours
ZDNet is even more enthusiastic: Windows security: Microsoft fights massive cryptocoin miner malware outbreak – “Microsoft has blocked a malware outbreak that could have earned big bucks for one criminal group.”
Other players in the security industry were more restrained (as per the entry for March 8th below), notably myself, Sean Sullivan and Luis Corrons, quoted in an article by Kevin Townsend: Microsoft Detects Massive Dofoil Attack. Kevin didn’t quote me in full, so here’s (most of) what I said:

I don’t read that article as actually saying that Defender detected that particular campaign and no-one else did/does (which isn’t the case: note that some of the hashes in the figures show a VirusTotal score), or claiming that Microsoft actually disrupted the campaign, or even that it was the first product to detect this particular iteration of Dofoil or the Coinminer it’s delivering. If there’s a suggestion that detection by other products was tested, I missed it.

If it gives the impression that this detection ‘proves’ that all such attacks will be detected by Defender, well, that’s what AV products (often) do, but the phrase ‘hostage to fortune’ springs to mind. But the way I read it, Windows Defender did a good job of detecting this particular campaign, and deserve credit for it. As does any company that offers prompt/proactive detection of a sophisticated campaign, and there are several that do.

Do the Defender team have an unfair advantage? Well, I guess they have direct access to the OS developers, but spotting behavioural anomalies is bread-and-butter lab work, and incorporating such detection into cloud protection and machine learning is standard stuff. And I’m sure most labs value good knowledge of OS processes.

David Harley