Security Roundup - 2017-04-27

News of DoublePulsar has been making the rounds, with some claims of several 100K systems impacted. Now, it appears as if the exploit is remotely removable, allowing for perhaps a Robin Hood botnet to scrub the internet while the infected systems are upgraded.

Despite the things Google does to prevent malicious apps in the Play Store, things still get listed. CheckPoint has pointed out a new BotNet they dub FalseGuide, which currently involves 40 known apps and may have been installed on over half a million devices.

Leaked passwords appear to be behind a rash of Amazon 3rd Party reseller account takeovers. The attackers take over an amazon account, update payment information, and then try to get buyers to buy goods that will never be shipped.

Microsoft recently stopped supporting Windows 7 and 8 on older hardware architectures, despite offering long term support. One user in particular was annoyed by this and reverse engineered the latest patches to allow the updates to be applied anyway.

LastPass has been under a lot of security scrutiny lately. The latest was a flaw in their 2FA implementation which would have allowed a user to potentially bypass 2FA altogether. The security researcher who found the flaw has posted a full technical breakdown.

Running an IoT company? Concerned about Security? Hackaday has you covered, taking a year’s worth of information and writing up the things you need to know if you want to avoid IoT security failures.

Cloudflare reports the continued decline of old cipher suites with both AES-CBC and RSA on the decline in favor of the faster and more secure ECDSA.

Some AV based news this week. First, Trustwave Security points out a vulnerability they discovered and helped Avast fix. Second, the AV provider Webroot experienced a problem earlier this week that caused important Windows files needed for regular operation being quarantined.

Locky, the ransomware, and Necurs, the botnet that distributes it, have recently realized a resurgence. Now, it appears to use a document within a document in order to try to avoid detection and circumvent protection.

Written on April 27, 2017