Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 14th, 2016)

David’s Take

A new twist on an ancient banking Trojan, fixing a Windows print spooler flaw, connected car exploits and bug bounties, a new version of network monitoring software WhatsUp Gold, and how the Dutch are taking an early lead in the IoT space.
We’d love to hear about your thoughts about BYOD -- Click here to take our short survey.
-- David Strom, editor of Inside Security
New and noteworthy products
WhatsUp Gold has a new 2017 version out now. This venerable network monitoring tool adds a map-focused interface that gives you end-to-end status updates, better discovery capabilities to find duplicate devices or multiple unintended interfaces, support for Microsoft Hyper-V, IPv6 support, and more. There is a 30-day free trial. – IPSWITCH
What’s been the oddest thing your network monitoring software has found lately?
New extensions to the Venafi Trust Protection Platform now require only a single line of code to enable their automated, secure TLS key and certificate lifecycle management features. The idea is to use their software so a developer doesn’t have to manually add these certificates into their apps. This works with leading automation, orchestration, and containerization platforms including Puppet, Chef, Docker, Terraform, Saltstack, and Ancible and supports on-premise and in the cloud installations. -- VENAFI
Threats and attacks
This is a new twist: take expired domains and use them to house ads to spammy services, called malvertising. These researchers explain the practice and locate one Chinese company that has more than a hundred thousand parked domains.  It is a sordid business worth understanding, particularly if you have backlinks on your site that may have expired and are now served up from these parked domains. -- SUCURI BLOG
Have you seen any malvertising across your network?
One of the many patches released by Microsoft this past week concerns a flaw in every Windows print spooler utility. The flaw allows for remote code execution and is explained in this Microsoft bulletin. An attacker can conduct a man-in-the-middle attack on a system or print server or set up a rogue print server on a target network for use in a watering hole attack. The piece linked here also reviews other fixes available this week. -- HACKER NEWS
Now we have to worry about malware infecting our GPUs.  Researchers have found remote code execution malware that looks for particular Intel graphics chip sets. Windows 7 and earlier OS’s are vulnerable, later versions are immune, at least for now. -- CISCO TALOS
Adobe has a new security update that will fix more than 50 vulnerabilities in Flash. The fixes cover multiple versions, including various browsers, ChromeOS and Linux along with Mac and Windows. Adobe has also delayed plans to stop distributing direct download links to its Flash Player program. They say the download links will be decommissioned “soon.”  -- ADOBE
Do you have any suggestions for keeping up with Flash patches?
An online marketplace that sold access to hacked servers is back in business. Called xDedic, it was taken down last month after researchers from Kaspersky Labs identified its criminal use. Some evidence suggests that the site had sold access to as many as 170,000 servers over the two years in operation.  – ITWORLD
Just because some malware is well known doesn’t mean it still can’t be active.  The Bebloh banking Trojan has been around for seven years and recently taken up residence in Japan. It takes many forms, including as an email attachment with spam containing fake flight information or in its current incarnation Japanese-specific payment instructions. Researchers have found the originators of this malware are monitoring 17 different Japanese banks, including rural banks and smaller credit unions. -- TRENDMICRO BLOG

Reports and evaluations
The state of Internet security report according to Akamai for the first quarter of the year is available. These reports are useful to spot megatrends, given the size of their network and the large net content providers who use it. DDOS is getting more popular and the attack volumes are getting much more sophisticated. They observed >100 Gbps attacks using increasingly simple attack vectors. Most of the DDOS attacks (at least observed on Akamai’s network) are coming from China, the US and Turkey. They have seen an increase of 25% in web app attacks from the last quarter, with the biggest increase in SQL injections.  -- AKAMAI
A survey of last year’s Black Hat conference attendees has found that the priorities set by the business are not the priorities considered most important by security professionals. Nearly 75 percent of security professionals say they do not have enough staff to defend their organizations against current threats, which are most likely to be either social engineering attacks such as phishing or sophisticated attacks targeted directly at their organizations. -- BLACK HAT
Also from the conference, an hour-long webinar next Thursday July 21 presents the research results of various mobile ransomware analyzers, showing how this malware can lock devices without any user requests and other behaviors.
Methods and tools
Looks like the Netherlands has beaten South Korea to become the first nationwide IoT network. Dutch telecom provider KPN announced it had turned on its own system this past week, fitting hundreds of transmission towers with long range radios to handle communications among more than a million devices, such as airport baggage handling, rail switching gear, and devices at the Rotterdam port. – KPN 
Self Serving Dep't
While self-serving (IBM researchers found the exploit initially), this is still a fascinating explanation of how Xiaomi, the third largest cell phone maker fixed a pernicious remote execution man-in-the-middle bug, and why you should update phones to the latest firmware to close this loophole.  – IBM SECURITY INTELLIGENCE
Bug Bounties
Fiat Chrysler joins other carmakers in offering bug bounties, trying to find flaws in their connected vehicles. They will offer bounties from $150 to $1500, depending on the severity of the issue, including remote execution, Adobe Air vulnerabilities, or problems with digital certificates. But you can’t disclose the issues publicly to claim your bounty. Meanwhile researchers have found two zero days in BMW’s online apps. -- ZDNET
Just for fun
This café clearly knows its customers. – DEV HUMOR

It was bound to happen sooner or later. We are glad to see someone taking their SSH security seriously.
Did you know Snowden was captured in Russia playing Pokemon Go? Neither did we.

How likely are you to recommend Inside Security to a friend or colleague?

More from Inside
Inside Security is just one of Inside's network of newsletters. Here are some others you might like:

Inside VR & AR: Diving deep into the virtual/augmented reality products, companies, communities, and news. (2x/week)

Inside Electric Vehicles: From Tesla to Faraday Future to the big car manufacturers, we're tracking everything in the EV industry. (2x/week)

Inside Daily Brief: A roundup of all the most interesting news, across verticals. (2x/day)

ReadThisThing: One link to a fascinating piece of journalism, daily.
Copyright © 2016 Inside, All rights reserved.

You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security