Wednesday, February 28, 2018
Sunday, February 11, 2018
I guess we will should get used to this message more often
More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant CoinHive code designed to exploit the computer power of visiting PCs and mine for cryptocurrency.
https://www.grahamcluley.com/government-websites-hijacked-cryptomining-plugin/
Time to use all our (and or office) computers for cryptomining (without authorization?) That's what a few admins decided to do ( maybe, they thought it was no different from watching netflix or youtube )
Better yet, what if you were those sysadmins, and you thought no one would mind all the unaccounted-for megawatt-hours on the next electricity bill? (Or at least hoped they wouldn’t notice?)
According to Russian news agency Interfax, the moonlighting activity of choice for a bunch of rogue workers at the All-Russian Research Institute of Experimental Physics, was cryptomining.
https://nakedsecurity.sophos.com/2018/02/10/have-federal-nuclear-supercomputer-go-cryptomining/
Thursday, February 8, 2018
Patch, Patch , Patch - Critical Security Update for Flash player from Adobe
Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123, which reportedly is infecting targets with the ROKRAT remote administrative tool
https://www.scmagazine.com/adobe-releases-desperately-needed-fix-for-flash-player-bug-exploited-by-zero-day-attackers/article/742453/
https://www.scmagazine.com/adobe-releases-desperately-needed-fix-for-flash-player-bug-exploited-by-zero-day-attackers/article/742453/
Pope Francis declared "Lord is an Onion". Not really , this was a result of Vatican news website being hacked
In the case of Vatican News, De Ceukelaire found a reflected vulnerability. Although the issue continues to exist, no permanent damage has been done. If you go to Vatican News and search for “pope” and “onion,” you won’t find anything.
Speaking to TNW over email, De Ceukelaire said he’d warned Vatican News about the issue on nine separate occasions. Unfortunately, the publication failed to resolve the issue
Because Vatican News failed to act, De Ceukelaire decided to disclose the issue through his Twitter account to his thousands of followers
https://thenextweb.com/security/2018/02/08/hacker-tricks-official-vatican-news-site-into-declaring-god-an-onion/
One more reason to stop using unsupported windows OS
Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000
But older versions of Windows that are no longer supported by Microsoft could face attacks that put the modified NSA exploits to use if the operating systems are not updated with patches Redmond pushed out in March 2017.
https://www.theinquirer.net/inquirer/news/3026129/leaked-nsa-hacking-tools-can-target-all-windows-versions-from-the-past-two-decades
Wednesday, February 7, 2018
Symantec issued certs may not be trusted by Google and Mozilla so get ready for Browser warnings
Affect certs that use Symantec as their root of trust even if they were issued by an intermediate organization. For example, certificates handed out by Thawte, GeoTrust, and RapidSSL that rely on Symantec will be hit by Google's crackdown
The change will come in build 66 of Chrome – due for public release on April 17
Mozilla's Firefox will also distrust Symantec-issued certs from version 60 onwards, due out in May this year.
https://www.theregister.co.uk/2018/02/07/beware_the_coming_chrome_certificate_apocalypse/
Thursday, February 1, 2018
Are you sure your Windows 10 has not reached End Of Support - Remember, it is not just an OS - it is "Windows as a Service"
Here is what Microsoft is saying
https://blogs.technet.microsoft.com/windowsitpro/2018/02/01/changes-to-office-and-windows-servicing-and-support/
Servicing extensions for Windows 10
Windows 10 is being adopted rapidly by organizations of all sizes, and as customers deploy the product they are implementing a modern servicing methodology we refer to as Windows as a service.
Many customers – including MARS, Independence Blue Cross, and Accenture – have made significant progress in moving to Windows as a Service, but some have requested an extension to the standard 18 months of support for Windows 10 releases. To help these customers, we are announcing an additional six months of servicing for the Enterprise and Education editions of Windows 10, versions 1607, 1703, and 1709. (Additional servicing for Windows 10, version 1511 was announced in November.) This extension will be offered via normal channels. The chart below outlines the impact of these extensions for each of the last four Windows 10 releases.
Release
|
Release date
|
End of support
|
End of additional servicing for Enterprise, Education
|
Windows 10, version 1511
|
November 10, 2015
|
October 10, 2017
|
April 10, 2018
|
Windows 10, version 1607
|
August 2, 2016
|
April 10, 2018
|
October 9, 2018
|
Windows 10, version 1703
|
April 5, 2017
|
October 9, 2018
|
April 9, 2019
|
Windows 10, version 1709
|
October 17, 2017
|
April 9, 2019
|
October 8, 2019
|
We will also offer additional paid servicing options for Windows 10 Enterprise and Education releases starting with Windows 10 version 1607. For more information, contact your Microsoft account team.
https://blogs.technet.microsoft.com/windowsitpro/2018/02/01/changes-to-office-and-windows-servicing-and-support/
Get ready for WannaMine? - just a funny term for the now for a a new hybrid worm that combines the ETERNALBLUE exploit and cryptomining (video link with QnA below)
A 13 minute video from Sophos (no login/registration needed) with QnA
https://nakedsecurity.sophos.com/2018/01/31/what-are-wannamine-attacks-and-how-do-i-avoid-them/
Q. Is WannaMine like WannaCry? Is it ransomware that scrambles my disk?
A. The name “WannaMine” is a portmanteau word that refers to a malware family that uses the network spreading capabilities of WannaCry to deliver cryptomining malware rather than ransomware.
Q. What is cryptomining malware? Is it as dangerous as ransomware?
A. Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum; the crooks keep any cryptocoin proceeds for themselves.
To make money with cryptomining, you need a lot of electricity to deliver a lot processing power on a lot of computers.
By illegally installing cryptominers inside your network, the crooks therefore steal your resources to do their work.
Q. Can cryptomining damage my computer?
A. We’ve seen stories of mobile phone batteries bulging due to overheating when the device was deliberately forced to do mining calculations for hours on end.
However, WannaMine doesn’t run on mobile phones – it attacks Windows computers.
Nevertheless, even if no permanent damage is done, you’ll probably find your laptop batteries draining much faster than usual, your fans running flat out, and your laptop being noticeably hotter than usual.
Also, if malware like WannaMine can penetrate your network, you are at serious risk of other malware at the same time, including ransomware.
We frequently see evidence of cryptomining left behind on computers that were zapped by ransomware, so don’t ignore WannaMine infections if they show up – where one crooks goes, others will surely follow.
Subscribe to:
Posts (Atom)