Security Roundup - 2018-02-08

How To Stop Me From Harvesting Sensitive Information From Your Site. In January, we posted about a hypothetical plan to steal sensitive information via pervasive javascript plugins. The author has now followed up with what things you can do to mitigate the potential threat. It is partially a threat modeling exercise, with the key takeaway being “perhaps you shouldn’t use third party javascript in cases where you are collecting sensitive information”.

Cryptominers the new Malware?. More and more reports surface of malware authors installing cryptominers, rather than engaging in activities like ransomware. For last year we had Adylkuzz, a cryptominer that spread vua the EternalBlue vulnerability. Fast forward to this week where we have Smominru a mining malware that is reported to have made its authors millions in Monero, again leveraging EternalBlue. Not to mention DDG a mining botnet targeting database servers (presumably with the expectation of more resources to mine). What makes this much more attractive for attackers is simple - cryptocurrency requires no action on behalf of the user, is much more stealthy than encrypting stuff, and yet still has a payoff via Cryptocurrency.

Flash 0-day makes the rounds. Still using Flash? Be aware of a Flash 0-day currently being exploited. The twist is that the Flash content is being delivered via specially crafted Microsoft Office documents, rather than directly in the browser. The browser still comes into play once the content is executed, so the simplest defense is to disable flash everywhere, especially since many users have out of date versions installed.

Tech support scammers spam AV company. MalwareBytes experienced a bit of forum spam last week, and ended up tracking it back to a tech support scam. A dive into tech support scams ensues.

Abusing TLS extensions for fun and exfiltration. When is a TLS handshake not a handshake? When it is being used to exflitrate data proved some security researchers. By leveraging TLS extensions, a malicious user would potentially be able to pass information and avoid the types of perimiter checks that currently exist.

Don’t forget the small vulnerabilities! Why is it important to limit attack surface? Because even ‘small’ vulnerabilities could be chained to create bigger vulnerabilities, as Detectify blogs about a few examples.

Why I won’t whitelist your site. Use an ad-blocker? VP of Content Strategy for O’reilly Media Mike Loukides goes into why he used an ad-blocker and won’t whitelist sites. It all comes down to malware via ads and no one in the industry wanting to take responsibility for any damages.

Written on February 8, 2018