Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 11th, 2016)

We're giving away a ticket to Defcon. Enter here to win!
David’s Take

Despite an overall drop in malware rates, there are still lots of new exploits this week (including two that are Mac-specific)—thankfully, new tools are available to better screen malware. There is also a lot of information about the new EU privacy laws to replace its Safe harbor regs. Android encryption is hacked, and a great explanation of what you can do to become a CISO too.
We’d love to hear from you – any thoughts on the new EU regs?
-- David Strom, editor of Inside Security
New and noteworthy products
The big news last week was the acquisition of AVG by Avast for more than a billion dollars. The two anti-virus vendors, which have been around for a long time, and are often confused with each other, have decided to combine forces. Supposedly, the combined company will protect 400 million endpoints, with half mobile devices. -- VENTUREBEAT
Ever wish you could turn back time and see the state of your network before a breach happened? With this startup’s new tool, you can. It provides automated discovery, a learning engine that matches threat feeds, deep packet inspection, and a series of high-performance sensors deployed across your network. – SS8

What has been your experience using something similar?  
The Database Authentication Proxy is a powerful new feature that enables enterprise employees to securely log in to cloud-based data structures such as Amazon RDS, Google, and Azure while maintaining the organizational authentication policies defined in Microsoft Active Directory or LDAP. This eliminates the need for managing additional credentials and can make your clouds safer and more secure. There are other such proxies available from numerous vendors, but they're not necessarily able to connect to cloud databases.  -- HEXATIER
Threats and attacks
All Android 5.0 phones have had automatic encryption of all end user information, as part of the operating system. However, it’s easier to break Android's full-disk encryption feature than expected by using this brute force attack. Gal Beniamini, a security researcher posted a method to defeat this online with phones running Qualcomm chipsets.  A description of how he did it, (along with copious block diagrams such as this one above) and some of the data trust issues that it uncovers in Android phones, is worth reading. – BITS-PLEASE BLOG
This report goes into detail about a new strain of APT-like adware, called OSX.Pirrit. The name is an indication that it runs on Mac platforms. With components such as persistence, routing traffic through a hidden Web proxy and the ability to obtain root access, OSX.Pirrit contains characteristics usually associated with malware. TargetingEdge, the developers of the program, say they intended to use it as a way to sell ad banners on the target’s computers without the owner of these computers knowing what is going on. The report goes into detail about how this Mac-based threat actually works. – CYBEREASON LABS
Another Mac-based exploit called Eleanor-A that pretends to be a document converter called EasyDoc creates a hidden folder that remains on your drive even if you uninstall it. The folder contains LaunchAgents, which load in the background, including Netcat and Tor. Just a few lines of code tie this all together and allow hackers remote control over your Mac. – NAKED SECURITY

Do you recommend any Mac-based endpoint protection?

Researchers at TrapX Labs have discovered an insidious version of malware that looks like an outdated piece of code, so old that most scanners usually ignore it because it has been fixed long ago. Once on a target hospital network, it installs a remote Trojan and finds ways to add backdoors to Windows XP systems to collect patient information.  – TOMS IT PRO
New malware dubbed PunkeyPOS (from the sitcom Punkey Brewster, in case you were wondering) infects Windows-based POS’ (that seems like a combination rife for exploit) records keystrokes, captures customer credit card data, and sends it on its merry way to a C&C server. Trustwave found three versions of this malware earlier this year and has more details about its operations. Ironically, researchers were able to login to that server and see how it worked because no credentials needed. Even the crooks are getting lazy about their operations.  – PANDA SECURITY
Reports and evaluations
While much of the State of Devops Report concerns changes in the devops environment, there is a section specific to security that is encouraging. Devops teams are beginning to integrate security during software development, with the result that security objectives are now part of overall business objectives, and a massive reduction in remediation of security issues as a result. We can only hope that security reviews and security-specific testing are becoming the norm. -- TECHBEACON
Does this mirror your own experience?
Malware rates drop overall about half, when the first six months of 2016 are compared to last year. But if you live in Tampa, St. Louis, or Orlando you will still see relatively high infection rates. This is according to a new research report that looked at 20 million infections. This past June has seen the lowest overall infection rates since April 2013.  – ENGIMA SOFTWARE

Have you seen a drop in overall infections across your network?
Methods and tools

An academic paper describes CyberTwitter, an interesting way to use Twitter to generate security alerts. The program processes tweets (such as the one shown here) about cyber events and helps to present the information for security analysts. During a ten day period, they were able to deliver 15 actionable alerts from almost 150,000 tweets. -- UNIVERSITY OF MARYLAND
Ed Tittel writes about the education and training required, along with what are the needed certifications that can help you become qualified to become a full-fledged (and often very highly-paid) CISO. He should know, he has been tracking online classes for years from places such as the SANS Institute, ISACA, ISC-squared, Infosec Institute and EC-Council, and comparing the various training regimens offered. – TOMSITPRO

How many different CISO's have you had in your company in the past five years? 
This week the EU approves a new series of regulations called Privacy Shield to replace outdated Safe Harbor. Privacy Shield introduces substantial changes for data protection, including additional rights for EU individuals, stricter compliance requirements for US organizations, and further limitations on government access to personal data. The new rules were first proposed earlier this year. Ars has the best non-technical overview. – SOCIALLYAWARE BLOG
Want to check if you have been infected with some variation of ransomware? Check out this online repository that is maintained by a group of infosec researchers. You don’t have to upload any file contents, just its name or extension. –  VARONIS

Self Serving Dep't
When you are hiring a cloud-based management service provider, you might want to look at these two posts. The first one from Cloudyn is more basic, and covers looking at traditional and cloud-based technical expertise, service level agreements, help desk staff and how they bill you. The second link from Fortinet goes into more nitty-gritty, looking at whether they provide end-to-end security, what kind of security training the staff has received, and specific threat intelligence provided. -- CLOUDYN BLOG, FORTINET BLOG 
A study called Cyber Weapons Report looks at the top tools that attackers use to penetrate networks. It has found that the overwhelming majority use standard networking techniques. While malware is used to compromise networks, once inside IP scanners and Nmap, among other common networking tools, are used to locate vulnerable hosts.  – LIGHTCYBER
Please take our quick survey
As the Bring Your Own Device movement matures, enterprises realize that managing mobiles isn’t just a black or white issue. Many corporate IT managers are putting their own stamp on how they manage personally owned tablets and phones. Some companies who have taken draconian measures early on to not allow any device on their networks have relaxed this position, either by having implemented mobile device management tools or putting in place virtual LANs or other separation mechanisms. We'd like to have answers to these five quick questions about mobile security and BYOD issues. -- Click here for the survey
Just for fun
Thought you would've seen this fake publication long before now! 
Want to examine the code that ran the Apollo spacecraft guidance computers? Now, thanks to some diligent volunteers, you can on Github, provided you know how to read Assembler.  The code contains copious nerd humor and 60s-era POV, along with modern day space enhusiast insider comments too. Houston, we have a program! -- QUARTZ
How likely are you to recommend Inside Security to a friend or colleague?

More from Inside
Inside Security is just one of Inside's network of newsletters. Here are some others you might like:

Inside VR & AR: Diving deep into the virtual/augmented reality products, companies, communities, and news. (2x/week)

Inside Electric Vehicles: From Tesla to Faraday Future to the big car manufacturers, we're tracking everything in the EV industry. (2x/week)

Inside Daily Brief: A roundup of all the most interesting news, across verticals. (2x/day)

ReadThisThing: One link to a fascinating piece of journalism, daily.
Copyright © 2016 Inside, All rights reserved.

You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security