Inside Security - August 21st, 2016

Inside Security (Aug 22nd, 2016)

Subscribe to Inside Security


Are you getting value out of Inside Security so far? We're launching a new website soon, and need some testimonials. If you have 2 minutes to let us know what you think, we'd really appreciate it. (and, we might feature you on our website!)

Leave a testimonial for Inside Security
David’s Take

This week we dive deeper into how anti-VM detection works, review the latest reports showing a facial recognition exploit, some new ransomware called Nemucod, what the DoD is doing with its snooping guidelines, and of course the latest breach at Eddie Bauer retail stores. 

-- David Strom, editor of Inside Security
New products

An updated version 4 of data leak protection security service is now available. The new features of Securio include the ability to scan dark web data repositories and to detect if any documents have been altered and calculate the cost of potential breaches. The tool works with both data at rest and in motion. It comes in both cloud and on-premises versions; the cloud subscription is $8 per user per month. -- GLOBAL VELOCITY
 
Methods and tools
 
Did you know that malware can detect whether it is running on a “real” system or on a VM? These researchers demonstrate the various detection methods that are commonly used to figure out the difference. Malware authors write code to detect virtual machine configuration files, executables, specific registry entries or other indicators to fight sandboxes and VM-based environments. –CYBERBIT BLOG
 
Threats and attacks
 
The big news this week is a breach at all North American Eddie Bauer retail stores (but not online) with point of sale malware infection. During the first half of the year, credit card information was harvested from its registers and included cardholder name and account number, security code and expiration date.  Brian Krebs notified the retailer several weeks ago about the potential attack. Numerous other restaurants, hotels and other retailers who have had their systems hacked. – NETWORK WORLD
 

A security researcher has found a remote code execution vulnerability in the software-based Android Mediaserver app. This vulnerability could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. There is a hardware-based app that isn’t affected. – FORTINET BLOG
 

There are so many new ransomware attacks these days it is hard to keep up. Here is one called Nemucod that has an interesting twist: the targeted user receives an email with an infected attachment containing an executable Javascript file. When the file expands, it delivers both ransomware as well as ad-clickers.  -- WELIVESECURITY
 

Researchers have found a sample of a new variant of the Youndoo Browser Hijacker that can use DLL Hijacking to compromise a browser's homepage. It is a simple hack, once you drop a malicious version of the wtsapi32.dll file in the same folder as the Firefox and Chrome browser executables. None of the current VirusTotal virus scanners as yet detect this compromised file. – BLEEPING COMPUTER
 

Security and computer vision specialists from the University of North Carolina show how a system can exploit facial recognition systems using a combination of public photos posted to your social networks combined with mobile virtual reality technology and digital 3-D facial modeling. – NATIONAL CYBERSECURITY
 

Many enterprises connect to the internet through a proxy server as a standard practice. But security researcher Jerry Decime recently discovered a man-in-the-middle attack that exploits proxy use, and this post explains the specific circumstances on how it was accomplished. Proxy attacks were a preferred hacking method many years ago when Adrian Lamo became famous. This new method shows that you still have to be aware of all pieces of your network infrastructure.  -- SECURITY INTELLIGENCE
 
Self-serving dep’t
 
A privacy update to the 1982 Defense Department rules for conducting surveillance on Americans contains a loophole that lets the NSA continue eavesdropping on a wide swath of online conversations, critics say. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet. As for context, recall back in the 1980s, an international long-distance three-minute call could cost $12. – DEFENSE ONE
 

In a new study from Duo Security based on its free phishing assessment tool, nearly one-third of users clicked the link in a phishing email sent by Duo’s internal team. A phishing campaign that took just five minutes to execute could lead an attacker to corporate data within 25 minutes. Of the end users who have used the tool in the past, 62% were using out-of-date browsers and 68% used out-of-date operating systems. -- DARK READING
 
Reports and evaluations
 
A group of researchers from Brigham Young University has been tracking users’ neural activity while they are on a computer. That sounds creepy enough, but they have discovered that security warnings are best heeded if they don’t pop-up right in the middle of a task or action that requires the users’ immediate attention. – HELPNET SECURITY
 

Reactions to Google’s latest transparency report shows they are pushing back on subpoena requests, having responded to only about 80 percent of U.S. data requests in the last half of 2015. Requests to be removed from its search results have nearly tripled in just two years. There are also summaries of its implementation of HTTPS services and a list of who supports encrypted email in transit across its networks. (Spoiler alert: nearly everyone these days.) – ITSECURITY GURU
 
Just for fun
 
One of my favorite episodes from the British TV series The IT Crowd has to do with when the clueless tech support department manager Jen is given a box and told it contains the entire Internet (pictured). Turns out that real life is imitating art. The bandwidth and latency in Cuba is so poor that for a couple of bucks you can get a terabyte external hard drive delivered to your home weekly with updated Internet content -- CLOUDLFLARE
 

The face of Richard Ayoade, who plays one of the hapless tech support guys in the above TV series, is used to identify the 50 Nerds of Grey Twitter account. It always has something interesting to say about the ways that computers torture their users.
Inside Security is supported by Varonis, a leading provider of software solutions that protect data from insider threats and cyberattacks. Learn more about Varonis.
Copyright © 2016 Inside, All rights reserved.


You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security