Tag Archives: Sophos

The FBI and VPNFilter

Updates to Internet of (not necessarily necessary) Things

The Register: FBI to World+Dog: Please, try turning it off and turning it back on – “Feds trying to catalogue VPNFilter infections”

FBI alert: Foreign cyber actors target home and office routers and networked devices worldwide

Sophos commentary: FBI issues VPNFilter malware warning, says “REBOOT NOW” [PODCAST]

Comprehensive article (of course!) from Brian Krebs: FBI: Kindly Reboot Your Router Now, Please

Updates to GDPR page

Sophos: Ghostery’s goofy GDPR gaffe – someone’s in trouble come Monday!

 

David Harley

Advertisements

Thoughts on Sophos commentary on FB and YouTube

Here are a couple of Sophos articles that caught my eye, and which I felt compelled to comment on at more length.

  • For Sophos, Paul Ducklin picked up on Facebook’s page How can I tell if my info was shared with Cambridge Analytica? Useful, I suppose, if you can’t remember whether you might have clicked on Cambridge Analytica’s This is your digital life app. And of limited use if it tells you that one or more of your friends clicked on it and so may have shared your profile data. Limited in that it won’t tell you which of your friends did so. Well, I suppose you should be grateful that Facebook is preserving somebody’s privacy, even if it’s not yours.  And it may be useful in that it prompts you to check your privacy settings.
  • Another Sophos article by Lisa Vaas notes that YouTube illegally collects data from kids, group claims. The group of privacy advocates in question asserts that ‘a study … found that 96% of children aged 6-12 are aware of YouTube and … 83% of children that know the brand use it daily … The group is urging the FTC to investigate the matter as it is illegal to collect data from kids younger than 13 under the Children’s Online Privacy Protection Act (COPPA).’ YouTube’s fallback position would presumably be that it isn’t intentionally contravening COPPA because ‘YouTube is not for children’. Hence the creation of the separate YouTube Kids app.

David Harley

Resource updates: April 5th-7th 2018

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Only distantly related, but…

Updates to Specific Ransomware Families and Types

[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”

Updates to Mac Virus

 

David Harley

22nd March Resources Update

Cryptocurrency/Crypto-mining News and Resources

Anti-Social Media

Mac Virus

New information/resource page: [anti-]social media

[This article is itself the first entry on the new page Anti-Social Media.]

Like many others, I’ve been at least partially assimilated by the social media Cookie Monster. Once upon a time I opened accounts on sites like Facebook and Twitter, so as to find out about their implications for security. (Like many others in the security profession, I suspect.) They also quickly became integrated into my armoury as a means of exchanging and disseminating information, whether it’s a matter of hard data or work-oriented PR. And when friends, colleagues and fellow musicians (some people, of course, are members of two or all three of those sets!) found me on those platforms, it would have been churlish not to have accepted invitations to link up there. (Besides, you can’t tell as much about Facebook’s workings, for instance, if you don’t actually have any Facebook friends…)

However, I’ve always borne in mind the wider implications of membership of such platforms (sociological, psychological, and security-specific), and have often written on those topics. (I’ll probably look back at some of those posts and see if any of them are worth flagging here.) But with the excitement over the Cambridge Analytica, it’s self-proclaimed success at social engineering, and its alleged misuse of data harvested from social media, I can’t help but notice that people who’ve previously expressed no interest in privacy and security have started to voice concern. So I’m going to use this page to flag some news and resources of interest. Starting with a minor deluge of advice from various quarters:

David Harley

13th March 2018 resources updates

(1) New section on Trend Micro Resources in Meltdown/Spectre – Related Resources

Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”

(2) Cryptocurrency/Crypto-mining News and Resources

David Harley

Tech support scams: alive, kicking, and audio talking trash

Paul Ducklin for Sophos: Watch out – fake support scams are alive and well this Christmas

The first part of the article is a recap of old-school tech support scam cold-calling, but the rest describes what happened when someone clicked on ‘one of those “you’ll never believe what happened next” stories’. The resulting ‘alert’ included an automatic voice-over. While the voice-over (which you can hear on the page above) is full of laughable transcription errors and false information, it could certainly scare someone not particularly tech-literate into falling for the scam.

David Harley

Tech Support Scams and Google

And still it goes on…

Tech support scammers poisoning Google search results is hardly new – see My PC has 32,539 errors: how telephone support scams really work – but there’s an interesting example flagged by Malwarebytes in the article Ads in Google Search Results Redirect Users to Tech Support Scam by Catalin Cimpanu. Also some useful commentary by Lisa Vaas for Sophos: Google ads for tech support scams – would you spot one?

David Harley

Ransomware: InfoSec, Stats, and Paying Up

A couple of items of general interest regarding ransomware:

  • For Sophos, Bill Brenner’s article InfoSec 2017: a look at the family album of ransomware includes some threat statistics for the period October 2016 and April 2017, plus some ransomware-based talks and events  at InfoSec.
  • For Computer Weekly, Warwick Ashford writes about UK firms stockpiling bitcoins for ransomware attacks, referring to a survey commissioned by Citrix. The survey suggests that the number of companies not willing to pay up if attacked by ransomware has fallen from 25% to 22%, whereas large firms are prepared to pay nearly four times as much as they were a year ago. However, the number of companies with no contingency plans at all seems to have dropped dramatically.

I’ve commented a couple of times recently on the question of Ransomware: To pay or not to pay? and The economics of ransomware recovery.

David Harley