Weekly Infosec News Brief: 14-20 March

Major Media Websites Caught up inNew Malicious Advertising Attacks

Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers.
http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html


 Malicious Macros in Word Documents Used to Install Malware with No Files Needed

Everything old is new again. Malware that abused the macro functionality in word processors was a very 20th-century problem, but it never really went away. Last week, Symantec reported on a malware campaign that used Word macros to run Powershell commands which downloaded and executed a DLL file directly in memory. SANS Internet Storm Center also published a story on a similar malicious Powershell script that writes itself to the Windows Registry to ensure that it runs on startup every time without creating any malicious files on disk. Defeating macro-based malware is achievable, especially if your users do not make heavy use of that functionality. Look for an upcoming post here on the Anchor Technologies blog regarding the security of Microsoft Office's macro functionality.
https://isc.sans.edu/diary/Powershell+Malware+-+No+Hard+drive%2C+Just+hard+times/20823
http://www.computerworld.com/article/3043570/security/documents-with-malicious-macros-deliver-fileless-malware.html


 China-based Hacking Group Using Stolen Code-signing Keys

One of the strongest innovations in securing the newest generations of operating systems is signing of executable code. Most current operating systems, including Windows 7 and newer and Mac OS X (and iOS) check for cryptographic signatures on executable code, especially in core operating systems components and drivers. Software developers can obtain cryptographic code-signing keys with which they can sign their software to prove it really originated with them. Such code-signing keys have become a popular target of hackers, so that they can use them to sign their own malware and make it appear to be legitimate software from a trusted source. Last week it was revealed that a Chinese hacking group (nickname "suckfly") had stolen numerous code-signing keys from Korean companies and were using them to sign their malware. This is an expected development, and serves to further illustrate the ongoing, escalating cat-and-mouse game between hackers and security measures.
http://www.scmagazine.com/suckfly-in-the-ointment-chinese-apt-group-steals-code-signing-certificates/article/483480/
http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates


Vulnerability in iPhone iOS Operating System Exploited to Install Malware

Not only were these malicious apps present on the official App Store, but were surreptitiously installed on victims' iPhones by compromising the victims' PCs first. The attack used a sophisticated combination of techniques to work around Apple's restrictions on app installation. These victims were in China, and this type of attack is not presently a significant threat to most US organizations. However, this attack illustrates the fact that mobile devices are not invulnerable, and that organizations need to consider the implications of their mobile device policies and procedures.
http://www.computerworld.com/article/3045081/security/attackers-exploit-apple-drm-weakness-to-infect-non-jailbroken-ios-devices.html

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief - Oct 12-18

Image
New Flash Zero-Day Vulnerability Being Actively Exploited Last Tuesday, the same day that Adobe released their regular monthly patches, Trend Micro disclosed their discovery of a new zero-day vulnerability being exploited by the “Pawn Storm” hacking group. The observed activity is directed primarily against various nations’ foreign affairs ministries, but the vulnerability (CVE-2015-7645) is not publicly disclosed and may be subject to further exploitation. Adobe released a new out-of-cycle patch for the issue on Friday evening. http://www.cnet.com/news/another-security-flaw-affects-all-versions-of-adobe-flash/ http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/ https://helpx.adobe.com/security/products/flash-player/apsa15-05.html Microsoft Releases Six Patches for IE/Edge, Office, Windows Last Tuesday, Microsoft released six updates that fix about 33 security issues in their browsers, in Windows, and in Office.
Read more