Security Roundup - 2016-07-14

Troy Hunt recently released unverified breaches for HaveIBeenPwned, due to the recent Badoo breach, where the dataset lies somewhere between a hoax and “can’t be conclusively verified”. The article is another interesting read in the steps he takes to verify breaches.

Datadog has recently suffered a potential breach, but is learning from the other breaches lately by invalidating all user passwords proactively.

Wendy’s was suspected of a breach in some of their PoS systems starting in 2015, and new reports indicate it is very, very bad, with more than 1000 locations impacted. Wendy’s currently blames a third party service provider that manages the PoS terminals for a number of franchises.

Phishing is still a leading way to gain access to a company. Now, DUO Security has launched a free phishing assessment tool called DUO Insight. They’ve also published an article sharing some interesting observations, including that 17% of targetted users actually entered credentials, out of date browsers/software detected on end user computers, and a few ways to make a phishing attempt more likely to succeed.

Some enterprising researchers recently created some TOR hidden service honeypots and, after making a bunch of requests through the TOR, found that their hidden services eventually came under attack. Their conclusion: there are TOR nodes designed to spy and find hidden services. They are scheduled to present at DefCon this year. While the TOR developers are working to strengthen the system, MIT researchers have announced the development of a potential successor, building on the lessons learned from TOR.

As voice activated assistants become more pervasive, security researchers have demonstrated voice based attacks, where they are able to play a muddled video sample that humans can’t interpret but the voice assistant can. The video demonstrates opening up a website, which could introduce additional code to the device.

Microsoft’s patch Tuesday includes this interesting Print Spooler exploit where an attacker could write a service to masquerade as a printer and cause a machine to download ‘printer drivers’ which could be any sort of executable that the system would trust.

Law enforcement and insurance companies seem to be catching up to the fact that weak electronic vehicle security is leading to an increase in thefts.

As always, BleepingComputer has the best ransomware roundup. New families from the makers of Cerber. CryptXXX changes, in that no special extension being used to evade detection. CryptoFinancial, a variant that actually deletes your files!

Written on July 14, 2016