Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 28th, 2016)

David’s Take

I found lots of insightful analyses of various ransomware techniques this week, along with news about updates to Sonicwall and Sophos UTM appliances. If you haven’t yet upgraded to Windows 10, you might want to check out the security features. Today is the last day you can download it gratis. Plus, we link to a great review of the future of financial hacks from The Economist.
We’d love to hear from you on any of these topics.

-- David Strom, editor of Inside Security
New and noteworthy products
Microsoft will start rolling out next week the latest update to Windows 10, called build 14393 or Anniversary Update, and it contains several security features: endpoint security including Information Protection and Defender ATP (both of which will require a Windows 10 Enterprise E3 or E5 subscription respectively), extensions to its Edge browser (such as ad blockers, support for LastPass and web notifications), additions to the Hello biometric authentication that support FIDO. You can still upgrade from Windows 7 or 8.1 for free if you do so before tomorrow. Tom’s ITPro has a great collection of Win10 video tutorials here. -- ARSTECHNICA
Have you gotten rid of all of your XP machines yet?
If you are looking for a way for security teams to gain a better view of what your staff is doing with various Slack bots and apps, along with information on possible compromised accounts, check out Collaboration and Chat Security, which has an update that expands its protective features to Google Apps, Office 365 and Slack. Pricing starts at $2/seat. -- GREATHORN
If you already use Sophos for endpoint security or for their excellent UTM appliances, you might want to check out their new Wireless management utility, their first cloud-based solution that provides traffic usage details, multi-site management and a visual network planner across their entire WiFi access point line.  Pricing starts at $50 per year per managed access point. -- SOPHOS
Do you use any wireless access point management solution currently?
Sonicwall UTM devices have a new firmware (version 6.2.6) that adds ATP features. This version blocks suspicious files and scans them with three different cloud-based services. For its TZ, NSA and SuperMassive 9000 series, it also includes better content filters. Pricing starts at $78 per year. -- DELL SONICWALL
Threats and attacks

Security researchers have found common indicators among Ranscam, Anonpop and Jigsaw ransomware variants that point to the same originator. The post is interesting and very comprehensive in how they trace domain ownership, hacker and Reddit forum posts (such as above), compromise and obfuscation methods, and bitcoin payout records. – TALOS CISCO BLOG
A new keylogger attack on many of the lower-cost wireless keyboard brands has been found. Most troubling, it can work as far as 250 feet away from the keyboards. While other vulnerabilities have been around for years, this could be the first time keyboard makers are selling devices that don’t use any encryption whatsoever. Keyboards from Logitech, Dell, and Lenovo are not susceptible to this attack. -- BASTILLE
More ransomware news: a collaboration among Intel/McAfee Security, Europol, Kaspersky Lab, and Dutch police have taken down the Shade botnet and captured encryption keys to unlock victims’ systems. The unlock tool can be downloaded here. – MCAFEE BLOG

And here is more on how TorrentLocker, yet another ransomware variant, works at hiding its functions, replacing Internet Explorer, and disabling Windows security features.  – FORTINET BLOG
Yes, a smart light bulb can be too smart. The latest bulbs from Osram have security flaws, and the company isn’t moving quickly to patch all of them, include some Zigbee-based flaws. The Lightify IoT system can be compromised and used to gain access to home networks through script injection and other browser-based attacks. -- ZDNET
Have you seen any Zigbee-based threats across your network?

Researchers have found a phishing campaign that copies Amazon websites. What is noteworthy is the effort that the criminals have taken to hide themselves, including using a legit (at least for now) domain name, detecting the browser version and producing unique URLs (see the screencap above) through various mechanisms.  – FIREEYE BLOG
President Obama on Tuesday established a new directive on cyberattack coordination intended to clear up how the federal government manages cyber incidents. It also aims to effectively inform the public about what should be done if they are hacked. According to the directive, cyberattacks are classified from level 0 to level 5, with level 3 or higher considered “significant.” Additionally, the FBI has been charged with taking the lead on any cyberincident in which the actor is a criminal or nation state. The announcement comes shortly after the FBI confirmed it was looking into a hack of the Democratic National Committee. (A great summary of the DNC events can be found at DefenseOne here.) Another attack this past week was discovered when a DDOS flood shut down various Library of Congress websites for days. – ITWORLD
Reports and evaluations

Here is an excellent analysis of what could be in store for the financial world in terms of cyberthreats. The authors start with two recent financial hacks, called Carbanak (the Kiev-based ATM jackpotting withdrawals) and at the Bangladesh Central Bank.  Then they posit what future sophisticated attacks could be like. Sadly, cyber-attacks seem to be developing faster than defenses against them.
Here is a report on how the federal government is using the IoT (here is one example from an older the Washington Post article), and where the problems lie, particularly as many technologies are new, untested, and insecure. Still, by becoming an early IoT adopter, the federal government can promote broader IoT usage and create best practices that private industry can use. – CENTER FOR DATA INNOVATION
Methods and tools

You probably have heard enough about compromised political email servers this past week. But here is a new twist: there is still something to learn about the use of DMARC and email spam prevention, through this reporting on what features the Trump and Clinton organization’s email servers have enabled. Spoiler: it isn’t what you might have guessed.  – BRIAN KREBS
Have you used any of the tools? 
This post has some interesting lessons on how to secure DNS resources, and how the criminal world very quickly can discover unrestricted DNS resolvers and take control over them for bad actions such as DDOS and DNS amplification attacks.  The authors will have additional posts that document their use of a combination of tools, including F5 Big IP and iRules. They are also giving a talk next week at the Bsides Vegas conference on DNS hardening. – TRIPWIRE BLOG 
Sometimes we learn more from failures than successes. In this post is the backstory of the attempt to build Spotify’s App Store several years ago. Eventually the store was shut down, due to poor planning, overspending and not focusing early on cause and effects. The authors reference Stephen Bungay’s Art of Action as supporting evidence too. This should be recommended reading for all Devops teams. – THE NEW STACK
Self Serving Dep't

One security vendor is betting a million bucks that you won’t get infected with ransomware if you use their services. It is a nice gesture, and remains to be seen if they can deliver on their guarantee. -- SENTINELONE
This post is from a different division than the one that runs Black Hat, even though both have the same corporate parent. Nevertheless, here are some good recommendations on where to start with your conference schedule if you are attending the show next week. – DARK READING
All of us have been interrupted (usually over the dinner hour) from phone solicitors. Here is a somewhat self-serving guide (the author works at a firm that tracks robocall exploits) to what to do and what not to do, including popular scams claiming to be from Google and Microsoft.  – PINDROP LABS
Researchers look into what are called “luring attacks” (meaning that victims are lured to phony websites through fake online dating sites such as shown above). They document the role that Tor exit nodes play and how URLs are obscured to avoid detection. Web app firewalls (that is the self-serving part of the post) are one way to prevent this. – IMPERVA BLOG
Just for fun
Yes, the venerable website TechCrunch was itself a victim of a site takeover from the group OurMine, including other prominent tech leaders such as Zuck, Google exec Sundar Pichai and Jack Dorsey. – THE GUARDIAN
What if programming languages were car brands? A great series of images that is spot-on. Perl is likened to the Love Bug above, because it "used to serve the same purpose as Python, but now only bearded ex-hippies use it." -- CRASHWORKS

How likely are you to recommend Inside Security to a friend or colleague?

More from Inside
Inside Security is just one of Inside's network of newsletters. Here are some others you might like:

Inside VR & AR: Diving deep into the virtual/augmented reality products, companies, communities, and news. (2x/week)

Inside Electric Vehicles: From Tesla to Faraday Future to the big car manufacturers, we're tracking everything in the EV industry. (2x/week)

Inside Daily Brief: A roundup of all the most interesting news, across verticals. (2x/day)

ReadThisThing: One link to a fascinating piece of journalism, daily.
Copyright © 2016 Inside, All rights reserved.

You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security