Security Roundup - 2016-10-05

October is National Cyber Security Awareness Month. I’m looking forward to a slew of new articles to read through.

For a big start, one security researcher did an Ask me Anything on reddit the other day.

The overall message is ‘Stop. Think. Connect’. Sophos details what they believe this means, but Bruce Schnier has a counterpoint on how we should stop trying to fix the user and rather focus on trying to fix underlying security problems.

Rapid7 plans to highlight security research as part of the National Cyber Security Awareness Month. They are also looking forward to the DMCA exceptions for security research to kick in at the end of the month, which will allow security researchers to bypass protection measures on legally acquired devices to test security.

Big batch of Internet of Things news:

The Internet of Things botnet (Mirai) that has been responsible for recent large DDoS attacks has had it’s source code released. There is some more detail on how this malware works, which is as simple as just exploiting default passwords and getting code run in memory. Research indicates that impacted IoT devices can get infected within minutes of being put on the internet. MalwareTech also has a great article on Mirai, where they mapped out a number of infected devices.

Further digging into IoT devices, Ars details how easy it is for a DVR to get compromised, while other security researchers analyze a popular wifi router and suggest it is so broken that users should throw it away.

Krebs continues the news with a breakdown of which companies are building these devices.

And Sophos suggests that we should be worried about the scope of these attacks, as the scale has increased drastically, and the effort required to put together a large botnet further decreases. The number of organizations that can weather such an attack only grows smaller.

The roundup of the roundup:

Malwarebytes shares some less known ways in which attackers may spoof file extensions on windows.

Facebook has rolled out end to end encryption for Messenger, but the feature is opt-in, rather than on by default.

Endgame security goes into various ways code might be obfuscated and how to reverse engineer. Additionally, they have detailed how they hunt for exploit kits, which they have automated and turned into an open source project.

Did you know that Mongo has a REST interface, which by default has no authentication? Netsparker filled me in on this, as well as detailing a CSRF attack to recon and exfiltrate data.

A number of security firms have analyzed some malware in the Google Play store that establishes a proxy to allow attackers a foothold in any network the phone is on. Researchers found ~400 of these apps in the Play store directly.

Bleeping Computer provides an update on ransomware. This week includes many new variants, a few decryptors, and criticism of open sourcing ransomware for ‘research’.

Written on October 5, 2016