Inside
Inside Security

Inside Security (Dec 5th, 2017)

David’s Take

Don’t be like LinkedIn and let your SSL certs expire. Two reasons: first, this means your website is down for most potential visitors. Second, if they can get through and you don’t implement always-on SSL connections, users can get the normal HTTP site and have a cookie on their computer that could compromise their data down the road. Any third party that is entrusted to manage your certs (as LinkedIn is using) should know better.

A new use for punycode domains has been discovered, this time in connection with a malware-advertising scheme that I mention below. Previously, this was a popular method to create phishing destination sites that appeared to use the same Latin characters in their domain names.  

McAfee’s annual predictions have some interesting insights and are today’s annual report of the day. The machine learning arms race, the opportunities for serverless attackers, and the ways that home automation vendors will misuse your personal data are all mentioned as top predictions.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: Andromeda botnet takedown

At the end of November, a combined global law enforcement sting operation dismantled one of the longest-running malware botnets that goes by the name Andromeda or Gamarue. The botnet was associated with at least 80 different malware families (including Dridex and GamaPOS Trojans) and was detected on over a million different PCs spread all across the globe (as shown in this map). It has been in operation since 2011. Andromeda was used in the Avalanche case, which was taken down last year but still infects numerous computers today. Microsoft sinkholed more than 1,500 domains and captured more than 2 million IP addresses originating from more than 200 countries. A suspect in Belarus was arrested. Europol has issued this press release.

  • Email gray
  • Permalink gray

Attacks
The Seamless campaign is one of the most prolific malvertising chains pushing the RIG exploit kit and almost exclusively delivering the Ramnit Trojan. Identification of Seamless is typically easy, due to its attack patterns. Lately, researchers have seen a new wrinkle using punycode Cyrillic characters, similar to phishing campaigns. – MALWAREBYTES BLOG

  • Email gray
  • Permalink gray

A new type of malware is faking the Windows blue screen of death and then tries to swindle victims into paying for tech support tools. Called Troubleshooter, it pops up a dialog box that recommends users pay $25 towards “solving” the issue. Users can also fix things by rebooting into Safe Mode and removing the malware file. – INFOSECURITY MAG

  • Email gray
  • Permalink gray

An unauthenticated Java deserialization remote execution bug is analyzed in this post, that works with infected Java files on HPE’s Intelligent Management Center software. – ZERO DAY INITIATIVE BLOG

  • Email gray
  • Permalink gray

If you had trouble last week logging into LinkedIn, it wasn’t you. They let their SSL certificate expire. This is a pretty rookie mistake and it kept millions from accessing the website. During the outage, LinkedIn's customer service team said on Twitter that the problem was caused by a human DNS configuration error. LinkedIn does not provide SSL connections by default, BTW.  SC MAGAZINE UK

  • Email gray
  • Permalink gray

Here is how one Ohio hospital mitigated a ransomware attack. They were in the middle of a trial run of Extra Hop's security tools and discovered one of their nurses had fallen for a phishing email. Working through a MSSP, they were able to isolate the infection and remove it from their network. They found 47 copies of the malware on their network that hadn't yet detonated. The story is an interesting one, because it shows even with a significant pile of security gear (firewalls, AV software, URL filters and sandboxes, they still needed the additional protection of other tools to find and fix the incursion. Now their IT department sends out regular email reminds to beware of phishing attacks. -- HEALTH SECURITY 

  • Email gray
  • Permalink gray

The Docket

Last week, Konrad Voits (shown here) from Ann Arbor, Michigan, pleaded guilty to breaking into the computer systems of Washtenaw County in an attempt to extract an inmate from the prison system. The 27-year-old hacker’s plan hinged upon the creation of a website called ewashtenavv.org that mimicked the look of the genuine website for Washentaw County, ewashtenaw.org. – TRIPWIRE

  • Email gray
  • Permalink gray

Just for fun

How to get a job at Apple. Little Bobby Tables would be proud. -- DEVHUMOR

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Small x2 screen shot 2016 08 18 at 10.43.17 am

Inside Daily Brief

A concise presentation of the world's most important, interesting news

DAILY
Small x2 newspaper

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 08 15 at 8.50.07 am

Inside VR & AR

The present and future of virtual/augmented reality news and technology

DAILY
Small x2 giphy 2

Inside VR & AR

DAILY

SUBSCRIBED!

Share via

Small x2 screen shot 2017 02 01 at 2.23.49 pm

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

TWICE WEEKLY
Small x2 tumblr mfpcr391jj1rqigtoo1 400

Inside Real Estate

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 09 13 at 5.04.07 pm

Inside Amazon

The best source of in-depth news and analysis about Amazon

TWICE WEEKLY
Small x2 giphy 28

Inside Amazon

TWICE WEEKLY

SUBSCRIBED!

Share via