Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 30th, 2018)

One of the things that shouldn't surprise me but does is the level of effort that malware authors take to continually improve their code, making it more virulent and potent. There are several examples in today's newsletter, including a new version of Spectre that can operate across networks, a new Trojan that improves its ability to hide from detection, improvements to the Hide 'N Seek botnet and a new adware delivery tool that is making its way across European websites. Yes, you always have to be on the alert. 

-- David Strom, editor of Inside Security, St. Louis MO, @dstrom

  • Email gray
  • Permalink gray

1. Academic researchers have discovered a more virulent form of the Spectre attack. This one can be launched across network connections, rather than direct physical contact as was previously found. It is a cacheless version which relies on AVX state and instructions to create a covert channel. You can read a pre-print of their paper here. It is being called NetSpectre, and could allow attackers to extract data from CPU memory. The team worked with Intel back this spring and patches have already been available to fix the issue. Lots more background in the link here. -- ARS

  • Email gray
  • Permalink gray

2.  A new remote access trojan is now available for sale on the dark web. Called Parasite HTTP, it comes with a variety of tools to evade detection and analysis such as sandbox detection, anti-debugging, anti-emulation and a built-in sleep timer. While it has only been seen in a small malware campaign that targets internal corporation email distribution lists, it has the huge potential to do some major damage. The sandbox detector is notable in how it can crash the malware later, making it harder for researchers to track its sneakiness.-- PROOFPOINT

  • Email gray
  • Permalink gray

3. A French security researcher has stumbled upon a new adware delivery scheme. It involves clone websites that use legitimate-looking domain names to trick victims into downloading famous apps, but which are actually laced with adware. The malware mimics French and Spanish versions of Keepass, 7Zip, Audacity and numerous others. – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

4. Here is research about the P2P-centric Hide ‘N Seek botnet. It now also includes exploits to target home automation systems and devices. As you can see from the above timeline, it has been continuously improved since its first discovery. What makes this botnet interesting is that its authors are careful to test new features to make sure they actually work as intended. – FORTINET BLOG

  • Email gray
  • Permalink gray

5. If you get caught up in infosec jargon, this book might be useful for your internal clients. Called The Language of Cybersecurity, it covers 52 different terms that every businessperson should know. Each term (such as zero days, social engineering and sandboxing) is defined and has an accompanying essay that explains its context and why it is important to understand the term. The book covers vulnerabilities, defenses, and compliance terms. You can purchase the book now or subscribe to the site’s RSS feed and get a new term each week if you don’t mind waiting.

  • Email gray
  • Permalink gray

6. Researchers have found a new hacking group called Leafminer. Their target is mostly government organizations in the MidEast and they make use of a variety of tools, including watering holes (with details shown here), brute-force and dictionary password attacks to steal confidential data. – SYMANTEC BLOG

  • Email gray
  • Permalink gray

7. Here is a free auditing tool that can discover unsecured Windows service accounts, Active Directory domain and local administrator accounts. Called Discovery Tool, it comes from Bomgar, which also has paid security solutions in this market. You can see a selected sample report below. -- BOMGAR  (reg. req.)

  • Email gray
  • Permalink gray

8. You have probably heard that the WPA protocol is going through a major update. This post provides a few things you should know about this v3, including better security for public wireless networks, and backward compatibility with earlier WPA versions. It will be available later this year. – SECURITY BOULEVARD

  • Email gray
  • Permalink gray

9.  Last year this firm introduced a project to make pentesting more approachable. This is the second such report called Under the Hoodie.  It shows that they are able to gain access to networks two-thirds of the time using a variety of techniques, almost always via some kind of server misconfiguration. The report highlights a few of their engagements to show you how they penetrated a client's network and what data they found. -- RAPID 7 (pdf)

  • Email gray
  • Permalink gray

10. There were three notable acquisitions last week:

  • Email gray
  • Permalink gray

Swift on Security reminds us to be careful about those “quick” fixes that can have rolling implications more than a decade later.SWIFTONSECURITY @ TWITTER

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

WEEKLY
Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

WEEKLY

SUBSCRIBED!

Share via

Digging into the Trump Presidency, issue by issue

Inside Trump

Digging into the Trump Presidency, issue by issue

DAILY
Digging into the Trump Presidency, issue by issue

Inside Trump

DAILY

SUBSCRIBED!

Share via

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

DAILY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

DAILY

SUBSCRIBED!

Share via

Explaining the business and consumer sides of social media networks

Inside Social

Explaining the business and consumer sides of social media networks

DAILY
Explaining the business and consumer sides of social media networks

Inside Social

DAILY

SUBSCRIBED!

Share via