Weekly Infosec News Brief: 04-10 January

Microsoft to Drop Support for Internet Explorer Versions Older Than 11

Microsoft's Patch Tuesday this week will see the LAST updates for outdated versions of Internet Explorer. After this week, Microsoft will only provide support and updates for Internet Explorer 11, for all Windows versions on which it is available. Windows platforms for which IE 11 is not available are Windows Server 2012 (original release, not R2), for which IE 10 will remain supported, and Windows Vista SP2 and Windows Server 2008 SP2 (original release, not R2), for which IE 9 will remain supported.
https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/


 First Known Javascript-Based Ransomware Malware Discovered, Affects Multiple Platforms

Ransomware, which acts by encrypting locally-stored files in order to deny organizations access to their own data until they pay a ransom, is one of the most common threats to organizations' computer systems in recent years. A new ransomware was discovered last week which is written in Javascript; Emsisoft has named this new ransomware "Ransom32." Because it is implemented in the browser using Javascript, this ransomware is theoretically capable of running on virtually any platform that can run a Javascript-capable browser (including Windows, Mac, and Linux).
http://www.computerworld.com/article/3018972/security/ransom32-first-of-its-kind-javascript-based-ransomware-spotted-in-the-wild.html
http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware


Significant Malicious App Outbreak on Google's Android Play Store

To date, smartphone malware has primarily been found in sources other than the "official" Apple and Google app stores (for iPhone and Android, respectively). When malware has been found on the official app stores, low adoption and lack of positive reviews has been a common sign of suspect software. The "Brain Test" family of Android malware, however, has been found in multiple apps on the official Google "Play" app store, in apps with (in some cases) nearly a million downloads and significant numbers of positive reviews. The malware itself is responsible for downloading associated malicious apps and creating fake positive reviews in a mutually-reinforcing scheme to boost the ratings of the various related malicious apps. Another disturbing feature of this malware is that it attempts (in some cases successfully) to write itself to the /system folder on the device, which would cause the malware to remain present even after doing a standard "factory reset" of the device (a common method, usually considered rather drastic, of removing all malware from a device). In order to remove the software completely, it is necessary to obtain a clean ROM from the manufacturer and write this to the device.
https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/
http://blog.checkpoint.com/2016/01/08/turkish-clicker-check-point-finds-new-malware-on-google-play/
http://www.zdnet.com/article/more-google-play-apps-infected-with-brain-test-malware-lookout/


 Firefox Reverses (or Delays) Plan to Drop Support for SHA-1 Based SSL/TLS Certificates

The Mozilla Foundation had announced last fall their intention to stop supporting SHA-1 signed certificates for HTTPS sites in their Firefox browser; beginning January 1st, users would get an "untrusted connection" warning for sites using the older certificates. Last week, however, they issued an updated Firefox version that restores support for these old certificates. Their stated reason was that many corporate/organizational users were experiencing problems due to security devices (such as web proxies, firewalls, or network-based malware scanners) that perform "man-in-the-middle" monitoring of connections to secure websites. This is a valuable security function, in which the device presents its own trusted certificate in place of the site's actual certificate. But in older devices, the certificate presented by the device may be an older SHA-1 signed certificate. This is an excellent example of outdated security devices conflicting with newer security initiatives and priorities.
http://www.zdnet.com/article/firefox-ban-on-sha-1-dropped-after-some-are-locked-out-of-https-sites/
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/


FTC Levels Significant Fine Against Dental Practice Software Maker Over False Security Claims

Henry Schein Practice Solutions, Inc. has settled with the FTC for a $250k fine over charges that they falsified claims concerning the security of their software. Their software was advertised as encrypting the patient database in order to be HIPAA compliant; however, the software, "Dentrix G5," used a proprietary, non-standard, "obfuscation" algorithm that would not provide HIPAA compliance. It is imperative that organizations ask deeper questions of third-party software vendors to ascertain the dependability of their security claims. For business-critical applications, organizations are advised to consider obtaining an independent review.
https://www.ftc.gov/news-events/press-releases/2016/01/dental-practice-software-provider-settles-ftc-charges-it-misled
http://www.scmagazine.com/schein-to-pay-250k-to-ftc-for-misleading-encryption-claims/article/463824/


Multiple Serious Wordpress and Drupal Vulnerabilities Announced

Wordpress and Drupal are the two most popular open-source website development and management tools in use today. Serious vulnerabilities in both were announced last week. Wordpress released a new version, 4.4.1, to fix these, including a cross-site scripting vulnerability that could lead to a complete takeover of a website. The Drupal vulnerability is in the updating mechanism itself, so Drupal users are advised to download and apply all updates manually for the time being.
http://news.softpedia.com/news/wordpress-4-4-1-security-release-fixes-xss-bug-498548.shtml
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
http://www.csoonline.com/article/3020069/security/drupal-sites-at-risk-due-to-insecure-update-mechanism.html
http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html


Some Press Outlets Suggesting Dell Customer Support Data May Have Been Compromised

A pattern of tech support scam calls leveraging significant customer account data have led to suspicions that Dell's support database may have been compromised. A number of customers have reported receiving calls from fake Dell tech support representatives who knew their computers' support tag numbers, serial numbers, and support histories. Organizational IT representatives should exercise extra caution on any communication attempts purporting to originate from Dell.
http://arstechnica.com/security/2016/01/latest-tech-support-scam-stokes-concerns-dell-customer-data-was-breached/

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Critical Vulnerability Discovered in IIS 6.0 Web Services

Image
IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There are an
Read more