Inside | Real news, curated by real humans
Inside Security

Inside Security (Apr 13th, 2018)

David’s take

The Zuck congressional testimony this week brought much mirth to be sure (see my link at the end of this newsletter), but also begs the question: why didn’t congressional staffers better prepare their bosses for the media circus? I have both testified before Congress and worked for a Congressional agency (which has since been eliminated), so I have some knowledge of the process. Sadly, the Senators should have been better prepared. Making technology policy certainly isn’t any harder than, say, making other kinds of policies. Or is it?

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: It’s that time of the month

This week, Adobe updated its Flash Player to resolve a half dozen critical security holes. The latest version, if you really need to run it, is 29.0.0.140. Microsoft issued updates to correct at least 65 security vulnerabilities in Windows and associated software, including a fix to a nasty bug in its Malware Protection Engine. Yes, it is that time of the month. Both vendors urge you should apply these updates. -- AVANTI

  • Email gray
  • Permalink gray

Researchers have identified what they are calling an Early Bird code injection technique. It is used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. Code injection is commonly used by malware to evade detection by injecting a malicious code into a legitimate process: in this case, SVCHOST.  -- CYBERBIT

  • Email gray
  • Permalink gray

Researchers recently noticed a new campaign exploiting a vulnerability in Microsoft IIS v 6.0 servers in order to mine Electroneum crypto-currency. This is a new twist on an attack last year that used the exploit to mine Monero. It executes a reverse shell on the web server. Most of the attacks were coming from the US and China, with the malware-hosting server located in Beijing within China's Unicom's network. – F5 BLOG

  • Email gray
  • Permalink gray

Researchers from Israel's Ben Gurion University of the Negev—who often focus on finding clever ways to exfiltrate data from isolated or air-gapped computers—have now shown how fluctuations in the current flow that is propagated through normal electric power lines could be used to covertly steal highly sensitive data. Dubbed PowerHammer, the latest technique involves controlling the CPU utilization of an air-gapped computer using a specially designed malware and creating fluctuations in the current flow in morse-code-like pattern to transfer data hints in binary form. But don’t get too excited: attackers can only move data from the computer at a speed of 10 to 1,000 bits-per-second.  -– BGU @ ACADEMIC PRE-PRINT

  • Email gray
  • Permalink gray

Compromised websites are being used to trick users into thinking they have outdated web browser or Flash Player software, thanks to a crafty malware campaign dubbed FakeUpdates. The malicious code triggers redirect URLs that point to a fake browser update page for Google Chrome, Mozilla Firefox, and Internet Explorer, as well as a fake Flash Player update. Its core nastiness is a piece of JavaScript which is heavily obfuscated to make static analysis very difficult and also to hide some crucial fingerprinting that is designed to evade virtual machines and sandboxes. -- MALWAREBYTES

  • Email gray
  • Permalink gray

A unique form of advanced persistent adware has been discovered, and tools to remove it are detailed in this report. It uses hex-encoded JavaScript with thousands of bytes of junk hexadecimal characters to obscure the true intent of the file and exploits built-in Windows tools, such as tasking.exe or wscript.exe, to deliver the malware, which then decrypts its payload in memory. -- BOOZ ALLEN BLOG

  • Email gray
  • Permalink gray

Webinar:  While not new, cyber-espionage groups are using hacked routers more and more during their attacks, according to researchers in this webinar. Attacks have gone steadily up in the past year, and the tactic has become quite widespread in 2018. For example, the Inception Framework APT, another nation-state-backed cyber-espionage operation, hacked home routers and built a network of proxies it could hide behind using an attack known as UPnProxy. – KASPERSKY @ BRIGHTTALK(reg. req.)

  • Email gray
  • Permalink gray

Tools: A hardware-rooted chain of trust verifies the integrity of every relevant component in the cloud platform, giving you security automation that flexibly integrates into the DevOps pipeline.  Here is how you think about the issues in building such a chain of trust and make it scalable and secure. – THE NEW STACK

  • Email gray
  • Permalink gray

The Docket: A Connecticut man has pleaded guilty to hacking into the iCloud accounts of Hollywood stars and others so he could steal personal information, including private photographs and videos. Federal prosecutors say 26-year-old George Garofano made public back in 2014 private photos of Jennifer Lawrence, Kirsten Dunst, Kate Upton and others. He sent emails that appeared to be from Apple encouraging his victims to disclose usernames and passwords. – DOJ FILING

Carl Ferrer, the co-founder of Backpage, the notorious and now-shuttered site that once hosted a vast quantity of prostitution-related ads, has pleaded guilty to conspiracy and money laundering charges. The federal plea agreement was unsealed in federal court in Arizona yesterday after authorities arrested others working for the site. Ferrer admitted that during the 14 years of the site’s existence, the great majority of Backpage's allegedly hundreds of millions of dollars in revenue came from placing illegal ads for prostitution. Ferrer will aid in shutting down Backpage throughout the world and help in ongoing prosecutions of his co-conspirators, and will make all Backpage data available to authorities.

  • Email gray
  • Permalink gray

Just for fun

 Mr. Zuck goes to Washington, and creates numerous memes. The caption reads: "Mr. Zuckerberg, I have just one question about Facebook: Where do I find my Hotmail?" -- WIRED

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

Fascinating, curious and amazing journalism, all in one link.

DAILY
Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

DAILY

SUBSCRIBED!

Share via

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

DAILY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

DAILY

SUBSCRIBED!

Share via

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

DAILY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

DAILY

SUBSCRIBED!

Share via