Security Roundup - 2016-03-30

Whitehat Security recently did a study of patching cadence across a number of websites. This includes a follow up survey on what drives remediation efforts, which I found interesting.

Duo has an article/paper on the various ways that Windows OEM laptops are compromising your privacy and safety, and what you can do about it.

Checkpoint has a brief article on how people get around Apple’s walled garden on iOS for malicious purposes. Apple has been making a number of improvements to secure their devices, but they have teased that they will be announcing some workarounds at Blackhat Singapore on Friday.

Rapid7 has an interesting article on the Topology of Malicious Activity in the IPv4 space. Of the 65,000 autonomous systems existing today, 200 are apparently responsible for 70% of all phishing activity.

Google has made a number of changes to gmail to highlight whether emails were delivered without TLS encryption. As a result, they have seen a 25% increase in TLS encrypted emails already. They have also further highlighted state sponsored attack warnings. Finally, t hey have teamed up with industry leaders to do a draft on Strict Transport Security, for emails that can ONLY be delivered over encrypted channels, a sharp contrast to regular ‘backwards compatible’ email recommendations.

Ransomware Roundup!

Apparently TeslaCrypt is now generating random encryption keys and sending them to remote servers, meaning that investigators can not obtain the key locally to unlock files. In related news, EC-Council, the company administering the Certified Ethical Hacker program has had a subdomain compromised and has been distributing TeslaCrypt as a result.

ThreatPost has some interesting information on two new strains of ransomware, SamSam and Maktub. These strains are following the trend of attacking hospital systems, and get into the system by looking for unpatched software.

Another new ransomware strain, Petya, has upped the game by encrypting Master Boot Records and then attempts to encrypt the Master File Table to make files inaccessible to users.

Yet another Ransomware variety, PowerWare, has upped the game in a different direction. It is leveraging macros (to be fair, a traditional form of delivery of malware) to avoid writing additional files to disk, and better blend in as actual user activity.

Written on March 30, 2016