Inside | Real news, curated by real humans
Inside Security

Inside Security (Nov 25th, 2016)

David’s Take

Happy Black Friday everyone, now it is time to beware of all those seemingly innocent holiday promotions that are disguised as phishing scams. Not to fear, here is one warning from ITWorld that can help improve your own detection rate. I usually highlight a single threat or breach that happened during the week, but given that we are entering the holiday season, here are three threats that seemed noteworthy. And here is some holiday cheer to make you smile as you brave the shopping malls, either online or in person.

-- David Strom, editor of Inside Security
Threats of the week
 
If you're being charged by British online delivery service Deliveroo for food you did not order, do not ignore these charges.  A new investigation by BBC One Watchdog team has discovered customer accounts are being compromised by attackers. The scam is believed to involve stolen passwords traded online from previous hacking breaches with other companies, and poor app security by Deliveroo.  -- ZDNET
 

A Russian security research outfit, Group IB, has found that ATMs in more than a dozen European countries have been jackpotted recently, a term that means the machines have been compromised to deliver cash to thieves. No specific banking institutions were named, but ATM vendors Diebold Nixdorf and NCR both said they had provided banks with information on how to thwart these attacks. Group IB has named the organization behind the thefts Cobalt. – THE HACKER NEWS
 

Michigan State University has confirmed that on Nov. 13 an unauthorized party gained access to a university server containing certain sensitive student and staff data. Less than 500 records were stolen. The information exposed includes the names, social security numbers and university identification numbers of past and present students and employees, but not passwords. As a precaution, the identities of all 400,000 people listed in this database have been contacted and asked to change their passwords. They will also obtain free credit monitoring too. -- WELIVESECURITY
 
New products
 
Identity Service is a new, turnkey identity-as-a-service solution, to address identity and access management needs for both on-premises and cloud-based applications. Pricing starts at $1.89 per identity per month if bought in volume. Free trials, extensive online documentation and video tutorials are available at the link here. -- CA
 

A protected layer 3 network switch called Kraftway is powered by a new purpose-built OS and designed for networks with extreme requirements for data security. It is the first ever security appliance from this noted anti-malware vendor and it has been 14 years in the making. Though it’s clear the switch is not Linux-based, few other details from the company are available. -- KASPERSKY LABS
 
 
Tools

An annoying slideshow covers eight security books every IT pro should have on their cubicle’s shelf, including Bruce Schneier’s Applied Cryptography, Adam Shostack’s Threat Modeling: Designing for Security, Richard Bejtlich’s The Practice of Network Security Monitoring and others.  -- DARK READING

A new academic research paper, “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” shows how malware can turn computers into perpetual eavesdropping devices, even without a microphone. It is based on research from Ben Gurion University in Israel. Called SPEAKE(a)R, malware changes the function of an audio port with software controls. Here is a demonstration video of the technique. It is made possible because the audio chipsets in modern motherboards and sound cards support this reprogramming, called jack retasking or jack remapping. While not yet discovered in the wild, anti-malware and intrusion detection systems would need to be developed to monitor and detect unauthorized operations and block them.
 

Don’t trust the information from the CWIS Antivirus Scanner, a Wordpress plug-in that supposedly tells you if you are vulnerable. According to a competitor, it delivers false information in the hopes that you will download unneeded software. “Of the 18 vulnerabilities we added in the last month, the CWIS Antivirus Scanner included none of them,” according to this post. – PLUGIN VULNERABILITIES BLOG
 

Nathan Scott, a malware analyst for Malwarebytes, was able to crack the encryption system used by the Telecrypt ransomware, discovered two weeks ago by researchers from Kaspersky Lab. The malware was very focused on Russian users. You can get the Telecrypt ransomware decryptor from this Box link. --- BLEEPING COMPUTER
Self promotions dep’t
 
Salesforce Shield is their homegrown encryption product and has been available for more than a year now. Sadly, it falls short in terms of delivering a solid security solution. One feature, called bring your own encryption keys, doesn’t work. Salesforce can decrypt your data at will. This means that a blind subpoena by the government could result in data turnover without your knowledge. Data can also be decrypted and exfiltrated easily too. Naturally, Bitglass has a tool that can protect against these threats. – BITGLASS BLOG

A blog post about containers and security here is useful, albeit a bit self-serving. Docker help launch the current container market. A vulnerability in a shared OS kernel can potentially provide a way into a container for a bad actor. Active scans can miss these exploits. The vendor has a tool to thwart this issue. -- TENABLE BLOG
 
Report
 

The DDoS attack on Brian Krebs is analyzed in detail by his service provider, Akamai, in a recent report. The attack on Sept. 20 was launched by just 24,000 systems infected with Mirai. During the four years Krebs was running on their network, there were a dozen mega attacks peaking at over 100 Gbps of botnet traffic. – AKAMAI (reg. req.)
 
Just for Fun
 

The nearly ancient reference work A Million Random Digits had been a standard go-to text in the early computer era when developers needed to obtain random numbers for programming purposes. It has a great collection of comments by supposed “reviewers” here on Amazon that is worth reading for the insider jokes.
 


Avid readers of this newsletter know my fondness for the British sitcom The IT Crowd. Turns out there are some very serious and poignant lessons to be learned from the trio of Moss, Roy and Jenn. Yes, "Hello, IT, did you try turning it off and on again?" is really excellent advice. – TOMS ITPRO
 


Yes, you still need to learn how to solve them.  – GRUMPY TEACHER ON TWITTER
 
 
How likely are you to recommend Inside Security to a friend or colleague?

          

MORE FROM INSIDE

 

Did we get anything wrong or miss a story? We realize that many of our readers are smarter and more informed than we are – so please hit reply and let us know when we miss something!

 

Check out this week’s newsletter of the week: Clover Letter: A daily email newsletter for girls

 

Did you know we're crowdfunding the cost of an investigative journalist for the Inside Daily Brief? Check out our Patreon campaign to see the perks at various levels.

 

And, many thanks to the following patrons for being above the $75/month level, which includes a link in every issue of the IDB:

 

Love That PetWeedmapsThis Week in StartupsRetail Tech Podcast – ReadThisThing



Support us on Patreon

Copyright © 2016 Inside, All rights reserved.


You're receiving this email because you are subscribed to Inside Security. If you don't want to receive it anymore, go ahead and unsubscribe – or just hit reply and tell us how to make it better.

Subscribe to Inside Security