Security Roundup - 2018-02-01

Self Destructing USB Drives. We’ve covered malicious USB drives many times, including one that will actively break. Going a step further, one budding engineer decided to build a USB drive that would deliver a payload, and then also trigger 5V internally to do something like trigger a small explosive charge.

Malicious extensions not just for Chrome. Perhaps the first instance of a Firefox plugin installing a cryptominer has recently been discovered. The addon is pushed from malicious sites as a ‘Firefox update’, but installs the malicious extension from another site instead, ‘rewarding’ users with spam pop ups as well as running a cryptocurrency miner in the background.

Google cleans out malicious android apps. Google has done a retrospective on malicious Android apps in 2017. All in all, they took down over 700K malicious android apps, and while this was more than a 70% increase over 2016 they claim they halved the chance of someone actually installing malicious apps because they are catching these apps sooner in the process.

Fitness tracker reveals all too much. Fitness tracking company Strava recently released a global ‘heat map’ of user activity. A university student in Australia was the first to point out it showed things like government military bases. Lifehacker reports on how hard it is to make your data private on Strava, though Strava has now indicated they will work on improving privacy and data protection.

All is fair in love and ransomwar? Ransomware authors themselves have raised the alarm that at least one Tor proxy service is replacing bitcoin wallet addresses from ransoms with their own. Understandably making ransomware authors angry, as well as probably frustrating ransom payers who are not getting unlock codes.

Fingerprints are not passwords. And I guess Lenovo recognized this since their fingerprint scanner for some laptops had a hardcoded password to bypass it. Lenovo has submitted an update, so if you are using one of their products be sure to upgrade!

ATM Jackpotting makes its way to America. ‘Jackpotting’ is an ATM based attack using malware to eventually trigger the ATM to spit out all its money and apparently this has now been recorded as happening in America. Initial reports indicate the malware used is targeted towards a specific manufacturer, but analysts believe that it could be modifier to work against ATMs provided by multiple manufacturers. These attacks apparently began late last year, with suspects arrested, though the attack has been known as feasible since 2010 when it was demonstrated at Black Hat.

CrossRAT Deconstruction. CrossRAT is a RAT which can run on Windows, Linux and OSX. Patrick Wardle of Objective-See breaks down the technical details of this RAT, with perhaps a slight eye on OSX.

Gitlab beefs up security for users. Gitlab is following in the footsteps of Github by working towards integrating security monitoring of project dependencies. Gitlab has aquired startup Gemnasium to further expand this initiative, which will give them an impressive roster of languages they will be checking.

Written on February 1, 2018