Inside | Real news, curated by real humans
Inside Security

Inside Security (Nov 17th, 2017)

David’s Take

Yet more Adobe and Microsoft patches this week, click on the two links to stay up to date. Microsoft’s 11 patches fix more than four-dozen security holes in various Windows versions and Office products, while Adobe has updated Flash Player, Photoshop and Shockwave.

My colleague and friend Scott Fulton has begun a very interesting series of discussions for ZDnet about how the next hyperscale data centers will be found at the foot of numerous cell tower sites. Scott is always enlightening to read, the first part of his series can be found here.  

If you aren't yet a Premium subscriber, you missed yesterday's analysis about how you need to pay attention to spam and the many forms phishing takes. Go to our Premium page and sign up, subscription plans start at $10/month with multiple newsletters and corporate plans available. Premium subscribers get an additional Thursday newsletter, usually with a single analysis topic.

A programming note: Due to the holidays, next week we will publish newsletters on Monday and Tuesday only.  

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top story: Emotet banking Trojan on the rise

The Emotet banking Trojan has been around since 2014, as this story recounts its various improvements over the years. It continues to evolve (with this analysis from Trend Micro about its latest variant), and has even been spotted acting like a distribution method for other banking malware. Lately, it is back in the news, both for new obfuscation techniques and an odd set of circumstances involving McAfee’s detection network.

If you want to rid yourself of the malware, all you have to do is create a series of filenames on your endpoint to make it look like a VM sandbox, as HelpNet Security describes here. The oddity is that McAfee has blocked access to it, although it appears to have been distributing it unintentionally, according to ZDnet.

  • Email gray
  • Permalink gray

Attacks and vulnerabilities

A remote admin tool called Fallchill and another Trojan called Volgmer both developed by the hacking group Hidden Cobra in the North Korean government have been found on numerous networks. The FBI and Homeland Security have issued alerts and have published detection rules and potentially infected IP addresses.  – US CERT

  • Email gray
  • Permalink gray

Phone maker One Plus leaves a backdoor on almost all of its handsets, according to this post. The backdoor allows anyone root access to the phone. Check to see if EngineerMode is one of the running apps on your phone.  – THE HACKER NEWS

  • Email gray
  • Permalink gray

Criminals racked up a $64,000 bill on DXC Technologies' tab after a techie accidentally uploaded the outsourcing firm's private AWS key to a public GitHub listing in September. Over four days, they created more than 200 AWS VMs using the key. Chalk it up to inadequate security training of their dev team. Ironically, the company is an IT consulting  services vendor. – THE REGISTER

  • Email gray
  • Permalink gray

A new botnet that leverages Star Wars content and uses the share-a-link forms found on many websites has appeared. Users are urged to install rate-limiting mechanisms on these forms to thwart spammers. -- INCAPSULA

  • Email gray
  • Permalink gray

A consumer group is urging major retailers to withdraw a number of Internet-connected toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets that enable hackers to communicate directly with the children using them. – THE GUARDIAN

  • Email gray
  • Permalink gray

Tools and methods

Adding a digital cert to a piece of malware can fool many AV scanners, according to new research. This post reviews the purpose of certs for code signing and why some vendors’ algorithms can be tricked. – ENDGAME BLOG

Using secure chat software such as WhatsApp isn’t enough if you are ultra-paranoid, because you also need to understand the app’s use of metadata and other telltale residues that the chat leaves behind. If you are looking for an air-tight secure messaging app, read this evaluation and accompanying guides. – THE CITIZEN LAB

  • Email gray
  • Permalink gray

Reports

Inside the Mind of a Hacker 2.0 is the title of the latest analysis of the participants in the Bug Crowd bounty program, which has exploded to more than 65,000 members. Their favorite reason for finding bugs? The challenge of the task. Two-thirds of them are between 18 and 29 years old, and most reinvest their bounty earnings in more security tools. – BUGCROWD REPORT

  • Email gray
  • Permalink gray

Risk Based Security released its Q3 Vulnerability Report. The first nine months of 2017 showed a 38 percent increase from the same period in 2016, and web-related vulnerabilities accounted for half of the total. Out of that web total, XSS –related issues were a third.

  • Email gray
  • Permalink gray

Freedom on the Net 2017 is the latest report from a research group that tracks 65 countries and their Internet access policies from year to year. It hasn’t been a good one for Internet freedom, to be sure. Governments around the world have dramatically increased their efforts to manipulate information on social media over the past year. Nearly half of the monitored countries experienced declines in net freedom and the researchers have seen a rise in fabricated news sites, misinformation campaigns and journalist harassment. Countries such as Ukraine, Egypt and Turkey experienced the biggest declines in net freedom. The research found that half of all Internet access shutdowns were focused on censoring mobile devices, making it easier for authoritarian regimes to crackdown on political opposition. -- FREEDOMHOUSE REPORT

  • Email gray
  • Permalink gray

Another international study shows that small businesses in Thailand were the most prone to cyber attacks, including compromises to multifactor authentication and other encryption-related compromises. This based on a survey of companies from various Asian markets. – ESET SURVEY

  • Email gray
  • Permalink gray

Continuing in the international vein, Comodo’s labs have detected malware incidents in every nation on the planet, even on the tiny island of Kiribati. The rate is increasing rapidly from the last quarter. Trojans remain the most common infection type and Ukraine was the most common victim. -- COMODO BLOG

  • Email gray
  • Permalink gray

Just for fun

Recognize that landscape? For years it was the default screen saver on Windows XP. Now the story can be told of how Microsoft licensed the image from the photographer, and how he transported the negative to Redmond. This shows when you absolutely positively have to get something across country, you take it yourself.  – ATLASOBSCURA

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

TWICE WEEKLY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

TWICE WEEKLY

SUBSCRIBED!

Share via

Digging into the Trump Presidency, issue by issue

Inside Trump

Digging into the Trump Presidency, issue by issue

TWICE WEEKLY
Digging into the Trump Presidency, issue by issue

Inside Trump

TWICE WEEKLY

SUBSCRIBED!

Share via

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

TWICE WEEKLY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

TWICE WEEKLY

SUBSCRIBED!

Share via