Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 18th, 2019)

Two important lab tests of products are out this week. The first is the next-gen firewall tests from NSSLabs. They put 12 products under scrutiny and both WatchGuard and Palo Alto scored highest. (reg. req.) The second report is from AV-Comparatives (reg. req.) that compares the efficacy of 17 anti-malware products against a battery of various tests. The top scorers there were K7 and ESET. 

“Our privacy rights should not be reduced to scraps that tech titans throw at us (wrapped in a PR campaign) whenever users start to complain.” So writes Ben Wolford from Protonmail about the disingenuous “privacy pivot” by Google in this screed. Well worth reading.

Our Throwback Thursday item is about the passing of Fernando Corbato, who will be remembered for key roles in various computing developments, including the introduction of a login password. But I found this tweet that reminded me about how simple life was back in the day when key Internet protocols were being developed, and all it took was a simple email to reserve an IP port. This week in history is remembered for port 22 for SSH

-- David Strom

  • Email gray
  • Permalink gray

1. Private data from almost every adult Bulgarian -- some 5M people -- was stolen and samples were then sent to reporters. It originated from national tax records and contains financial records, much of it years old. Government officials confirmed the data was legit and police have identified a suspected hacker.-- ZDNET

  • Email gray
  • Permalink gray

2. Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website last month. They accessed PII including phone number, subscriber ID, device type, account number, billing address and other account info. They released this breach notification.  Account passwords were reset. -- CNET

  • Email gray
  • Permalink gray

3. TrickBot has gotten more pernicious, and researchers have found it can now harvest emails from various places on your PC. The variant has been dubbed TrickBooster because it can also send phishing emails to other victims from your PC and hide them from your sent folders. They found a database of 250M stolen email IDs. -- DEEP INSTINCT

  • Email gray
  • Permalink gray

4. Throwback Thursday:  Fernando Corbato

Corbato, who recently died, oversaw a project in the early 1960s called the Compatible Time-Sharing System, which allowed multiple users in different locations to access a single computer simultaneously through telephone lines. CTSS led to the Multics project which in turn led to Unix and Linux. He was the first person to suggest passwords to protect logins, perhaps the earliest use of “password” for them. This photo is from those days of yore when computers occupied rooms and programs were loaded by magnetic reels of tape, shown in the background. -- NY TIMES

  • Email gray
  • Permalink gray

5. There have been two recent developments in adware fraud. The first is from new malware called Extenbro has upped the game to avoid adware blockers. It is a Trojan that infects DNS queries, so victims' PCs can’t load the blockers from security vendors. The malware also blocks IPv6 communications too. The second is a complex multi-stage malware framework that installs a malicious browser extension designed to perform fraudulent AdSense impressions and generate phony likes on YouTube videos.

  • Email gray
  • Permalink gray

6. Supply chain attacks using Linux open software packages could become an increasingly more popular vector for hackers. Researchers downloaded millions of lines of code and found instances of malware-infested package repositories among those listed in the Python Package Index (PyPI). -- REVERSING LABS

  • Email gray
  • Permalink gray

7. A bug in the Ad Inserter WordPress plugin allows authenticated attackers to remotely execute code. The plugin is found on 200,000 blog sites. The vendor has patched the issue and users should update to v. 2.4.22  -- WORDFENCE BLOG

  • Email gray
  • Permalink gray

8. Defenders who aren’t familiar with PowerShell might find this primer useful. It describes various commands and scripts that can be used for pentesting and exploring vulnerabilities in your Windows infrastructure. -- VARONIS BLOG

  • Email gray
  • Permalink gray

9. Researchers have found ransomware they call QNAPCrypt that is targeting Linux-based NAS file storage systems. The malware has very low detection rates because of its targets. They have written a YARA rule you can use to find it across your networks. -- INTEZER BLOG

  • Email gray
  • Permalink gray

10. Free web hosting services are increasingly being used to distribute phishing attacks. This is according to an analysis of phishing patterns. -- PHISH LABS

  • Email gray
  • Permalink gray

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site. Finally, we note our editing team: Kim Lyons (Pittsburgh-based journalist and managing editor at Inside), David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology), and Bobby Cherry (senior editor at Inside, who’s always on social media).

  • Email gray
  • Permalink gray

Subscribe to Inside Security