Inside | Real news, curated by real humans
Inside Security

Inside Security (May 15th, 2018)

Today’s moral is short and sweet: don’t run outdated software, because someone will target your servers from across the world and attempt to run malware on them. The stories on GranCrab and Rail Europe are cases in point.

I want to take a moment and thank one of our sponsors by pointing out some recent content you might be interested in. Endgame, which sells endpoint protection tools, has created EMBER, a dataset of more than a million portable executable hashes that were scanned by VirusTotal during 2017. It includes metadata, but not the PE files themselves, so researchers can test their machine learning techniques against a stable benchmark. They have a lot more useful stuff on their blog, check them out.

An almost-weekly 30-minute podcast that is now at more than 100 episodes is worth listening to. Run by Daniel Miessler, you need to subscribe to his email list to get the show notes. The latest episode from early April quickly runs through the news about Facebook’s lack of privacy, cloud misconfigurations, the dangers of cut and pasting invisible text, and the Panera breach.

--David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Yesterday a major storm was created with the release of a new report about email encryption issues. The amount of bad reporting was immense, with most reporters missing the fact that there was nothing wrong with the PGP or S/MIME protocols themselves, only poor implementations – some of which have been around for more than a decade. Called Efail, it starts with this research paper and website. The researchers did a poor job coordinating disclosure too. Basically, if you use HTML email to read your email – which if you are concerned about privacy you shouldn’t be doing in the first place – certain email clients combined with plug-ins for PGP or S/MIME will expose encrypted data to a hacker, if the hacker has access to your email stream. That is a big if. The EFF weighed in with some very confusing (and in some cases alarmist) suggestions, which is unusual since they are level-headed most of the time on technical issues. The best report is from Steve Ragan at CSOonline, who documents the disclosures and fixes in this post. Don’t stop using email encryption if you are one of the few that actually use it (see the Tweeted and very pithy comments from Lesley Carhart below). Do update your email client to the latest version, or use Protonmail or some other software that is rock solid. And do turn off HTML rendering in your email client too.

  • Email gray
  • Permalink gray

Last month, cryptomining malware was again in the top malware spot, according to these researchers. Now criminals are targeting unpatched Windows Servers and Web Logic installations and using them to run the mining malware. Both servers have large proportions of unpatched systems across the world, even though the patches have been available for months. – CHECKPOINT BLOG

  • Email gray
  • Permalink gray

My colleague and dear friend Ed Tittel has examined all the 270-plus Windows commands published last week by Microsoft. He was looked at commands that work in the plain DOS CMD window as well as PowerShell, or that don’t work in Windows 10. This is the first part of his experiments.—IT KNOWLEDGE EXCHANGE

  • Email gray
  • Permalink gray

A newly discovered evasive DDoS amplification attack method is in the wild, according to researchers. The attack leverages Universal Plug and Play, which is commonly used by many IoT devices for network configuration tasks. The post shows the history of UPnP exploits of all kinds, and describes this new attack method that uses non-standard IP ports to collect amplifications. – IMPERVA BLOG

  • Email gray
  • Permalink gray

Rail Europe has revealed a breach of credit cards and debit cards. Hackers put credit card-skimming malware on its website between late-November 2017 and mid-February 2018. The company, which sells rail passes to Americans, has rebuilt its systems and notified consumers via this letter. Users of the site should change any shared passwords and qualify for free credit monitoring. -- ZDNET

  • Email gray
  • Permalink gray

David Rotaro is a California teen who phished his East Bay area school’s student information system to change his and others’ grades. He was arrested on 14 felony counts. Police obtained a search warrant that eventually led them to Rotaro’s home, where they found evidence of the email attacks. He is awaiting a court date. -- ENGADGET

  • Email gray
  • Permalink gray

An analysis of the GandCrab ransomware is available here. The post shows how hard it is to stop malware from infesting websites, especially those running outdated software versions and who have admin pages that are publicly exposed to the Internet (such as the site shown here). It starts off with a phished and phony malware-ridden order inquiry document.  --  TALOS BLOG

  • Email gray
  • Permalink gray

An analysis of the top 100 law firms worldwide by revenue revealed 62 percent of them fail to meet the minimum level of email authentication to protect staff and clients against phishing attacks. These firms weren’t running DMARC, and even among those implementing this protocol only had three percent using reject policies. The worse news: law firms are among the best at adopting DMARC among various industries, -- 250OK BLOG

  • Email gray
  • Permalink gray

Thieves siphoned hundreds of millions of pesos out of Mexican banks by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money. As many as five of Mexico’s largest banks may have been targeted. Given its scale, there is some suggestion of cyberfraud. -- REUTERS

  • Email gray
  • Permalink gray

You should read this report that examines the specifics of an insider threat. There are three typical actors (a purposeful insider, a normal employee who makes a simple mistake, and an imposter using stolen credentials). Some of the warning signs are downloading substantial data, multiple requests for resources that are outside someone’s job function, and emailing sensitive data externally. – VARONIS BLOG

  • Email gray
  • Permalink gray

More commentary on the PGP fail from Lesley Carhart. --  HACKS4PANCAKES @TWITTER

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Gain cybersecurity expertise from Harvard's VPAL in 8 weeks. Learn More.

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

Subscribe to Inside Security

MORE NEWSLETTERS

Explaining the business and consumer sides of social media networks

Inside Social

Explaining the business and consumer sides of social media networks

DAILY
Explaining the business and consumer sides of social media networks

Inside Social

DAILY

SUBSCRIBED!

Share via

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

The present and future of virtual/augmented reality news and technology

Inside VR & AR

The present and future of virtual/augmented reality news and technology

DAILY
The present and future of virtual/augmented reality news and technology

Inside VR & AR

DAILY

SUBSCRIBED!

Share via

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

WEEKLY
News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

WEEKLY

SUBSCRIBED!

Share via