The Friday Tech Takeaway - 25.08.17

Marcus Hutchins Update: The UK's GCHQ was aware that Marcus Hutchins, who famously stopped the WannaCry worm that was decimating the UK's National Health Service IT infrastructure, was under investigation by the FBI *before* he travelled to America. They apparently knew that he would be walking into a trap that was being set for him before he was subsequently arrested by US authorities for alleged cyber-offences. Reports indicates that the British government allowed Marcus to wander into this trap because it saved them the headache of what would have been a highly-charged extradition proceeding with their ally... the US. 

Chrome extension developers targeted: At the beginning of the month we had the news of the hijacking of the OCR add-on called Copyfish. Meaning that attackers managed to break into the systems of the Copyfish developers and compromise their code base so that the now "quasi-legitimate" extension would be downloaded by innocent Chrome users who could then be attacked. According to researchers at Proofpoint, Copyfish adds seven additional legitimate Chrome Extensions that attackers have taken over and used to manipulate internet traffic and web-based ads. 

Cloudflare uses Lavalamps to encrypt your data: A high resolution camera takes image frames every millisecond which are hashed to produce unpredictable, random -- non-algorithm-based -- numbers. $1 Laptops thanks to severe POS Vulnerability: A vulnerability in the SAP POS Xpress Server allows attackers to alter configuration files for SAP Point-of-Sale systems, alter prices, and collect payment card data and send it to one of their servers.

Firmware Update Bricks Samsung Smart TVs in the UK: A botched firmware update for Samsung smart TVs has left many owners unable to use their devices, two weeks after it happened. The issue affects UK owners of newer models of smart TVs. Users reported blank blue screens for Samsung smart TVs models such as UE50MU6100K, UE49MU7070, UE49MU7070TXXU, and MU6409. 

New EMPTY CryptoMix Ransomware Variant Released: MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as its extension and now uses empty, it is clear that the developers are running out of ideas for extensions. 

Easy to use Apps allow anyone to create Ransomware: Watch out for a massive increase in the number of ransomware campaigns during the next several months—thanks to new Android apps available for anyone to download that let them quickly and easily create Android ransomware with their own devices. Ropemaker attack allows transformation of email in after delivery: What about a technique that could allow an attacker to turn an apparently harmless email into a malicious one after it has already been delivered to the victim’s email inbox? The technique exists and was dubbed Ropemaker (Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), by Francisco Ribeiro, a security researcher at Mimecast.

Trend Micro Hosted Email Security (HES) - Email Interception: Two vulnerabilities have been discovered. The first allows any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud environment. The second vulnerability allows any HES authenticated customer to view or change other cloud user's rules via Direct Object Reference.

Apple iOS Exploit Takes Complete Control of Kernel: Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperium's zLabs has revealed. Donenfeld, who demonstrated the exploit at the Hack In the Box conference in Singapore, says all iOS devices running versions 10.3.1 released in April as well as earlier versions are currently vulnerable to the attack. 

GDPR Compliance Preparation: A High-Stakes Guessing Game: The countdown to the European Union's General Data Protection Regulation (GDPR) continues, and while companies spend millions on compliance, questions remain as to whether they are spending their precious euros wisely. Data management tech firm Veritas recently issued a report concluding that although 31% of companies surveyed believe they are already compliant with GDPR, only 2% really are operating under the terms of this omnibus data security and privacy regulation. 

Virus spreading via Facebook: If you come across any Facebook message with a video link sent by anyone, even your friend — don’t click on it. Security researchers at Kaspersky Labs have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software.

90% of Companies Attacked with Three-Year-Old Vulnerabilities: A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release. According to the Fortinet Q2 2017 Global Threat Landscape, 90% of organizations the company protects have experienced cyber-attacks during which intruders tried to exploit vulnerabilities that were three years or older. In addition, 60% of organizations were attacked with exploits ten years or older. 

25 August 2017

Share this page:

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here.