Inside | Real news, curated by real humans
Inside Security

Inside Security (Mar 13th, 2018)

David’s Take

This newsletter is distributed thanks to our sponsors, Endgame and Nok Nok. Today I want to highlight this blog post on how Endgame’s MalwareScore engine works and some of how it was constructed, along with the announcement that it is now available for MacOS. The engine examines executable files for exploits, and required an entirely new data structure to handle the Mac file formats because of the changes in Mac CPU families down through the years. For malware hunters it makes for some fascinating reading. Given the rise of MacOS-based malware (the McAfee Threat report cited below shows a 240 percent increase during 2017), this is a timely effort.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story

If you ever wanted to read just one blog post about the numerous ways that an IoT device can leave you open for hacking, check out the latest reports about the Hanwha Techwin “smart” webcam (shown here branded by Samsung). It has so many security holes that it is hard to keep them all straight as you review the article. The flaws range from insecure HTTP to weak credentials to buffer overflows, and more than two thousand of them are in use with open IP addresses, mostly in Europe and South Korea. The main architectural design flaw is based on the IM protocol Jabber. “An attacker could register an arbitrary account on the Jabber server and gain access to” everything on the camera’s server. -- THREATPOST

  • Email gray
  • Permalink gray

Attacks

Here is a description of a complex VMware exploitation technique using uninitialized buffers and variables. It uses a variety of exploits, including a heap overflow in Edge browsers, a type confusion in the Windows kernel and a buffer escape trick. – ZERO DAY INITIATIVE

  • Email gray
  • Permalink gray

Samba servers from v4 onwards should be patched immediately, thanks to two new vulnerabilities discovered by the engineers maintaining the versatile code base. The software is used to allow non-Windows PCs to share files and printers with Windows computers and is in wide use. – SAMBA

  • Email gray
  • Permalink gray

Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide. It is called Slingshot  and was reported on by Kaspersky Lab in this paper. It has been active since at least 2012 and remained operational through last month.

  • Email gray
  • Permalink gray

The Italian malware group Hacking Team has a new tool that has been discovered in more than a dozen countries. It can extract files from a target, intercept emails and IMs, and remotely activate a laptop’s camera and microphone. -- WELIVESECURITY

  • Email gray
  • Permalink gray

With the rise of PowerShell exploits, defenders could use another tool to help expose network vulnerabilities. Enter SharpShooter, which is a weaponized payload generation framework with anti-sandbox analysis, staged and stageless payload execution and support for evading ingress monitoring. You can create payloads in a wide variety of Windows internal formats that can be used to retrieve and execute arbitrary C# code. – MDSEC BLOG

  • Email gray
  • Permalink gray

At its peak last fall, the Android OAuth stealing botnet Gooligan had hijacked more than a million credentials to be used for various fraudulent activities. This is the story of how it was discovered and how the botnet was taken down. There are three separate blog posts: one on the botnet’s origins, one on its inner workings, and how it made money and was eventually neutralized.– SECURITY BLVD.

  • Email gray
  • Permalink gray

Picking the right version of Office 365

If you are trying to decide which bundle of features of Microsoft Office 365 is right for you, you might want to read at least the first part of this post (before the vendor self-promotion kicks in) to understand the subtle differences between E3 and E5 options. – VARONIS BLOG

  • Email gray
  • Permalink gray

Bounty

Even though the hacking attempt against Binance on March 7th was not successful, it was clear it was a large-scale, organized effort. Binance is offering a $250,000 bounty (in equivalent BNB currency) to information leading to an arrest, and will also set aside $10M in reserves for future bounty awards.  – BINANCE @ MEDIUM  

  • Email gray
  • Permalink gray

Reports

This post goes into very interesting details about the latest DDoS amplification attacks, using visuals to show how the attacks spread across the Internet. The authors explain IP spoofing concepts, how IP address ranges are consumed by various networks, and other things that you probably forget you once learned in your Intro to TCP/IP classes.  – CLOUDFLARE BLOG

  • Email gray
  • Permalink gray

A new report based on interviewing Australian CISOs say`s that instead of focusing on the number of people who still click on malicious links, there’s great value in encouraging people to report suspicious emails and track those who report these incidents. “Many company directors aren’t adequately informed and place too much faith in the security measures implemented by their organization.”  There is a lot more to be gleaned from the interviews. -- MICROSOFT  (reg. req.)

  • Email gray
  • Permalink gray

The McAfee Labs Threat Report for 4Q17 is now available (reg. req.) and it shows a new high of malware samples collected, a ten percent increase over the last quarter’s. Interestingly, the actual security incidents declined in the quarter. Malware exploiting various PowerShell issues more than tripled from the last quarter, and it is “increasingly becoming a go-to toolbox for cybercriminals.” – MCAFEE LABS

  • Email gray
  • Permalink gray

Just for fun

Light bright!  -- 50 NERDS of GREY @ TWITTER

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

Explaining the business and consumer sides of social media networks

Inside Social

Explaining the business and consumer sides of social media networks

DAILY
Explaining the business and consumer sides of social media networks

Inside Social

DAILY

SUBSCRIBED!

Share via

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

DAILY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

DAILY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

DAILY
A thoughtful roundup of news and links for developers

Inside Dev

DAILY

SUBSCRIBED!

Share via

The best source of in-depth news and analysis about Amazon

Inside Amazon

The best source of in-depth news and analysis about Amazon

DAILY
The best source of in-depth news and analysis about Amazon

Inside Amazon

DAILY

SUBSCRIBED!

Share via