Security Roundup - 2017-05-19
In the aftermath of WannaCry, there are a few important developments:
- Australian government suggests that ISPs should do more to protect customers and their devices.
- Other ransomware versions are trying to spread using the same exploit.
- A number of medical devices may also be impacted by WannaCry. Involved manufacturers are working on fixes, and remind customers to protect access to these devices.
- Microsoft’s March patch might have been prompted by the NSA disclosing to Microsoft ahead of the Shadowbrokers leak of the data.
If WannaCry wasn’t bad enough, another IoT device has vulnerabilities which could lead to a botnet with over 185K nodes, and Docusign has determined that a recent malware campaign that targeted their customers was due to a breach involving their customer list being stolen.
WikiLeaks has dumped more Vault7 information, the latest being two malware frameworks dubbed “AfterMidnight” and “Assassin”. AfterMidnight is a play on “Gremlins”, as it is intended to allow for the running of small applications to do malicious things to targets, and Assassin provides much of the same functionality.
Unfortunately, even more things leaked on the internet as a code breaking program was found exposed to the public internet. A project between NYU, IBM and the Department of Defense, “WindsorGreen” is an encryption cracking program intended to run on specialized hardware. Experts that have reviewed the documents suggest the computing power would eclipse most of the world’s supercomputers in the specific field of encryption. That being said, experts believe that modern key strengths such as RSA 4096 are still orders of magnitude stronger.
Two security groups have finished audits of the OpenVPN codebase. Both teams found a number of vulnerabilities, which the OpenVPN team has already fixed. Overall, they congratulated OpenVPN on their adherence to secure development practices while also offering a few suggestions on how to improve both the codebase and push forward best practices for security.
Checked that your router is up to date lately? I thankfully did several weeks ago, grabbing new firmware that protects my Asus RT router from a number of security vulnerabilities.
Both Edge and Chrome have flaws this week which allow credential leakage. Edge’s flaw allows the bypassing of the Same Origin Policy process, allowing a determined attacker to confuse the system and get credentials it otherwise should not have access to. The Chrome bug is also a Windows bug which could allow an attacker to obtain a user’s login hash.
Still using fingerprints to unlock your phone? Researchers have recently figured out how to make artificial fingerprint that will unlock phones 25-65% of the time, based on the fact that most fingerprint scanners only check a subset of your finger.
The President signed a Cybersecurity executive order this week. Highlights include: prompting government agencies to adopt the NIST framework and consolidate services for more effective management, increase protections around critical infrastructure. Various groups are expected to provide plans within certain intervals, making this a start.
400 new SLocker (Android Ransomware) variants were discovered this week bringing up the total number of known variants to 3000.
Talos Intel has observed a new Ransomware spam campaign they call ‘Jaff’. Taking notes from Dridex and Locky, it uses a PDF with an embedded word doc to install its malicious package. As always, they prepared a detailed technical breakdown
Want to know even MORE about Ransomware? Troy Hunt now offers a free course.