Inside | Real news, curated by real humans
Inside Security

Inside Security (Dec 5th, 2017)

David’s Take

Don’t be like LinkedIn and let your SSL certs expire. Two reasons: first, this means your website is down for most potential visitors. Second, if they can get through and you don’t implement always-on SSL connections, users can get the normal HTTP site and have a cookie on their computer that could compromise their data down the road. Any third party that is entrusted to manage your certs (as LinkedIn is using) should know better.

A new use for punycode domains has been discovered, this time in connection with a malware-advertising scheme that I mention below. Previously, this was a popular method to create phishing destination sites that appeared to use the same Latin characters in their domain names.  

McAfee’s annual predictions have some interesting insights and are today’s annual report of the day. The machine learning arms race, the opportunities for serverless attackers, and the ways that home automation vendors will misuse your personal data are all mentioned as top predictions.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: Andromeda botnet takedown

At the end of November, a combined global law enforcement sting operation dismantled one of the longest-running malware botnets that goes by the name Andromeda or Gamarue. The botnet was associated with at least 80 different malware families (including Dridex and GamaPOS Trojans) and was detected on over a million different PCs spread all across the globe (as shown in this map). It has been in operation since 2011. Andromeda was used in the Avalanche case, which was taken down last year but still infects numerous computers today. Microsoft sinkholed more than 1,500 domains and captured more than 2 million IP addresses originating from more than 200 countries. A suspect in Belarus was arrested. Europol has issued this press release.

  • Email gray
  • Permalink gray

Attacks
The Seamless campaign is one of the most prolific malvertising chains pushing the RIG exploit kit and almost exclusively delivering the Ramnit Trojan. Identification of Seamless is typically easy, due to its attack patterns. Lately, researchers have seen a new wrinkle using punycode Cyrillic characters, similar to phishing campaigns. – MALWAREBYTES BLOG

  • Email gray
  • Permalink gray

A new type of malware is faking the Windows blue screen of death and then tries to swindle victims into paying for tech support tools. Called Troubleshooter, it pops up a dialog box that recommends users pay $25 towards “solving” the issue. Users can also fix things by rebooting into Safe Mode and removing the malware file. – INFOSECURITY MAG

  • Email gray
  • Permalink gray

An unauthenticated Java deserialization remote execution bug is analyzed in this post, that works with infected Java files on HPE’s Intelligent Management Center software. – ZERO DAY INITIATIVE BLOG

  • Email gray
  • Permalink gray

If you had trouble last week logging into LinkedIn, it wasn’t you. They let their SSL certificate expire. This is a pretty rookie mistake and it kept millions from accessing the website. During the outage, LinkedIn's customer service team said on Twitter that the problem was caused by a human DNS configuration error. LinkedIn does not provide SSL connections by default, BTW.  – SC MAGAZINE UK

  • Email gray
  • Permalink gray

Here is how one Ohio hospital mitigated a ransomware attack. They were in the middle of a trial run of Extra Hop's security tools and discovered one of their nurses had fallen for a phishing email. Working through a MSSP, they were able to isolate the infection and remove it from their network. They found 47 copies of the malware on their network that hadn't yet detonated. The story is an interesting one, because it shows even with a significant pile of security gear (firewalls, AV software, URL filters and sandboxes, they still needed the additional protection of other tools to find and fix the incursion. Now their IT department sends out regular email reminds to beware of phishing attacks. -- HEALTH SECURITY 

  • Email gray
  • Permalink gray

The Docket

Last week, Konrad Voits (shown here) from Ann Arbor, Michigan, pleaded guilty to breaking into the computer systems of Washtenaw County in an attempt to extract an inmate from the prison system. The 27-year-old hacker’s plan hinged upon the creation of a website called ewashtenavv.org that mimicked the look of the genuine website for Washentaw County, ewashtenaw.org. – TRIPWIRE

  • Email gray
  • Permalink gray

Just for fun

How to get a job at Apple. Little Bobby Tables would be proud. -- DEVHUMOR

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Invest in Ring4, the 2nd phone number startup that was voted best product on ProductHunt. 

 

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

Subscribe to Inside Security

MORE NEWSLETTERS

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

The present and future of virtual/augmented reality news and technology

Inside VR & AR

The present and future of virtual/augmented reality news and technology

DAILY
The present and future of virtual/augmented reality news and technology

Inside VR & AR

DAILY

SUBSCRIBED!

Share via

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

DAILY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

DAILY

SUBSCRIBED!

Share via

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

TWICE WEEKLY
Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

TWICE WEEKLY

SUBSCRIBED!

Share via