BF-SIRT Newsletter 2016-04

The top stories from this week consist of a story on how Cops hate encryption but the NSA loves it when you use PGP, and how a Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic.
You can also read a story about how Oracle will kill its Java Browser Plugin, and you’ll also find a story on how a 500Gbps DDoS attack flattens world record.

You will also find three articles written by Basefarm SIRT, where the first one talks about Recent weeks spam\malware trends; refunds or delay complaints, the second one about the Data Protection/Privacy Day that occurred one the 28th, as well as story on Chinese salesmen in your inbox.

Top 5 Security links
Cops hate encryption but the NSA loves it when you use PGP
Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic
Police destroy evidence with 10 failed passcode attempts on iPhone
Israeli Power Grid Authority Suffers Massive Cyber Attack
Apple Can Still Read Your End-to-End Encrypted iMessages

Top 5 Business Intelligence links
Oracle to kill Java Browser Plugin
500Gbps DDoS attack flattens world record
Samsung Get Sued for Failing to Update its Smartphones
Has your sleeping baby been indexed by this search engine?
Do not share the link that crashes iPhones and Mac browsers

Basefarm SIRT Posts
Recent weeks spam\malware trends; refunds or delay complaints
Happy Data Protection/Privacy Day!
Chinese salesmen in your inbox

Chinese salesmen in your inbox

The last days I have seen a few traditional unsolicited mails I wanted to post about.

The gist of the mails are that someone claiming to represent some formal-sounding venture in a (to you) remote location, like China, are kind enough to inform that some other entity is going to register your brand name and domain names in the region. And with swift action from your side they are willing to help you avoid that, of course, at a premium price.

These mails lack a few of the tell-tell signs we are all used to looking for by now. There are no “click here” links and no attachments. As far as I can tell there is no malware involved, no exploitation of digital software, only of meat-based software.

If you reply to the mail they will send back a form to fill out and sign, and if you don’t they will start calling and really push the urgency of the issue.

Someone might even say that it is not a scam, just a sneaky way to sell a product. These kinds of mails has been known from 2011 and probably beyond. Instead of saying too much about this particular unsolicited mail, I would rather want to share a few general key point you should learn, signs that will help you identify a much broader scope of scams.

First warning sign, someone you don’t know is approaching you about buying/updating/renewing something you did not intend to buy/update/renew in the first place. When and if you plan to start a business in China, you will plan for it in advance, and it will not take you much to learn who to buy domain names from. When you need a Java update, the Java software will let you know, not some image or ad in your browser.

Second warning sign, the issue at hand is something you (or at least they don’t expect you to) known little about. This gives them an obvious advantage, and is supposed to make you a bit more insecure.

Third warning sign is that something is very urgent. This great offer is only available to you right now, or within a relatively tiny time frame. Maybe the seller already has someone else interested, that the seller lets you know about, and then it might be gone forever.

The hope is that when you get a bit insecure by not really knowing much about the issue at hand, that you will putt a little trust in the wrong hands, and it’s not really that huge amount of money anyway. Better be safe than sorry, right? What if you are wrong and the seller is right?

Nah, save the money. Stay secure.

More technical details in this 2013 blogpost from European Domain Centre.

Happy Data Protection/Privacy Day!

Today, Thursday the 28th of January, is the day we celebrate the Data Protection/Privacy Day around the world.
This day commemorates the January 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

The aim for the day is to improve privacy and security awareness, and because of that we offer six tips that you can use in your every day life to increase your privacy and security.
1. Use two-factor authentication (2FA) whenever possible.
2. Install updates as soon as possible.
3. If possible, encrypt your devices.
4. Never use the same password twice.
5. Make sure all your devices have a password and timeout (screensaver) configured
6. Be aware of risks when using public wireless networks (in hotels and such), as these may leak information and credentials.

Recent weeks spam\malware trends; refunds or delay complaints

Greetings good people!

I wanted to share with you the latest trends of spam and\or malware I see coming in to Basefarm this last week. Thanks to everyone who is spamming me making this possible. 🙂

The latest trend is sending a mail with very little detail, complaining about a delay in shipping, lacking tracking information, anything really. And then attaching a .doc file with a simple name like “order-confirmation.doc” or “invoice.doc”.

We, as good people, want people to be happy with our service, so we get a little worried that there has been something we have missed and rush to open the .doc-file to see how we can correct this misunderstanding. The .doc file is loaded with a bunch of macros, and upon opening it downloads whatever malware recently paid the last bid to the spammer. Mostly I have seen botnet installs, and no more crypto-software so far, but this can be changed on the fly by the malware authors.

The purpose of the botnet-infection is the traditional proxying of malicious mail or web traffic, participating in DDOS or to the more modern mining of crypto currency. Also have in mind that it is not uncommon for them to exfiltrate any address books, stored passwords and passwords typed during the infection.

Unfortunately, having an up-to-date antivirus is not enough these days, so to keep yourself from enjoying a borrowed computer from Internal-IT while yours is getting reinstalled and you changing all the passwords you have in fear it might be captured, slow down and think about what files you are opening. Being more security aware is the best solution to this challenge.

As always, if you are not sure about something, talk to your closest internal-IT or SIRT person about your concerns. It is much easier to handle this while it is still in your inbox.

BF-SIRT Newsletter 2016-03

The top stories from this week consist of a story on how a new zero-day flaw hits millions of Linux servers and Android devices, and how FBI has named hacker allegedly responsible for The Fappening Leaks.
You can also read a story about how selfie-posting power grid workers are inadvertently exposing critical information, and on the same subject you’ll find a story on how it’s still far too common for people to use terrible passwords.

Top 5 Security links
New zero-day flaw hits millions of Linux servers, also affects most Android devices
FBI Has Named Hacker allegedly responsible for The Fappening Leaks
Critical iOS Flaw allowed Hackers to Steal Cookies from Devices
Creator of MegalodonHTTP DDoS Botnet Arrested
Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

Top 5 Business Intelligence links
You Wouldn’t Believe that Too Many People Still Use Terrible Passwords
Selfie-posting power grid workers are inadvertently exposing critical information
Now California state wants to ban sale of encrypted smartphones
European human rights court rules mass surveillance illegal
Survey shows many businesses aren’t encrypting private employee data

BF-SIRT Newsletter 2016-02

The top stories from this week consist of a story on how OpenSSH Patches Critical Flaw That Could Leak Private Crypto Keys, as well as how a 26-Year-Old Hacker Was Sentenced to Record 334 Years in Prison.
You can also read a story which gives a peak into Cybercriminal Call Centers, and about a 602 Gbps DDoS attack which may have been the largest in history.

Top 5 Security links
OpenSSH Patches Critical Flaw That Could Leak Private Crypto Keys
26-Year-Old Hacker Sentenced to Record 334 Years in Prison
Trend Micro AV gave any website command-line access to Windows PCs
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
US Intelligence Chief Hacked by the Teen Who Hacked CIA Director

Top 5 Business Intelligence links
A Look Inside Cybercriminal Call Centers
602 Gbps! This May Have Been the Largest DDoS Attack in History
Ransomware evolution: Another brick in the CryptoWall
Ransomware a Threat to Cloud Services, Too
End of Life of Internet Explorer 8, 9 and 10

Basefarm SIRT Posts
Patch Tuesday January 2016

Patch Tuesday January 2016

Yet another patch Tuesday has come upon us.
Microsoft released 9 updates, some of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address 17 vulnerabilities for their Adobe Flash and Adobe Acrobat/Reader products.

Microsoft
Adobe