Issue 34 - Week of Oct 12th

1.       Angler Exploit Kit Blasts Daily Mail Visitors Via Malvertising: There has been a lot of buzz about the powerful Angler Exploit Kit in recent days. This time it struck on popular British newspaper the Daily Mail which accounts for 156 million monthly visits. Malvertising works by inserting a malicious advert within a publisher’s website. When the page loads, the ad is displayed and performs its nefarious action without the user having to click on it. In the issue dated Aug 16th - we discussed about Yahoo being misused to launch Malvertising.

2.       Netgear Published Patched Firmware for Routers Under Attack: After a pair of very public disclosures in the last two weeks, Netgear published new firmware for vulnerabilities in its routers that have been publicly exploited. Researchers discovered as many as 10,000 routers had been taken over. The risk to business and home users is that an attacker in control of a router can redirect incoming and outgoing traffic by changing DNS configurations, or sit in a man-in-the-middle position and spy on supposedly protected traffic. This type of attack is called pharming attack.

3.       All Flash versions vulnerable to remote control attack until next week: Adobe has announced it is currently working on a new update for Flash to fix a critical vulnerability that is currently being exploited. All current versions of Flash are vulnerable to the exploit that could allow an attacker to take control of the affected machine. Earlier this year, Facebook's CISO had called for Flash to be killed off. Almost every week, a new flaw is found and patched by Adobe and in some cases Flash been the basis for advanced persistent threats targeting major industries.

4.       Wealth of personal data found on used electronics purchased online: Varying amounts and types of residual data have been found on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com. Based on an examination of 122 pieces of second-hand equipment, 48 percent of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices. Most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren't always effective at removing data permanently.

5.       After spike in Windows infections, Microsoft steps in to tackle TeslaCrypt ransomware: Microsoft has released a rescue tool for thousands of Windows machines that were infected in August by file-encrypting ransomware TeslaCrypt. Along with last week's 'Patch Tuesday' updates, Microsoft upgraded its malicious software removal tool to tackle TeslaCrypt. TeslaCrypt appeared on the radar in early 2015, gaining notoriety for targeting gamers. After an infection, TeslaCrypt searches for specific file types and then encrypts them with AES 256 encryption and demands payment in Bitcoin in exchange for a key to unlock the files.

6.       Google, Facebook and peers criticize CISA bill ahead of Senate consideration: A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against CISA - Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyber-threats with the government. Critics of the bill are concerned that the provisions of the bill could be used by companies to hand over customers’ personal data to government intelligence agencies such as the National Security Agency. Cyber-threat information-sharing may not have prevented several recent attacks on government agencies, according to experts.

7.       US says no to encryption law - for now: The US government has decided not to call for new legislation to force tech companies to decode the encrypted communications of their customers - for now at least. With more traditional methods of communication there is usually a way for the service provider to allow police - with a warrant - access to the data. But end-to-end encryption means the only place the message is unscrambled is on the smartphone itself. A FBI Director said the issue with encryption was a clash between the need for safety and security on the internet and public safety. "Those two values we hold dear are crashing into each other. I don't know what the answer is," he said.

8.       The government of Uganda used sophisticated surveillance technology: This was used to target opposition members, journalists, and activists, according to an investigation from a London-based watchdog. The government's weapon of choice was a highly invasive form of spyware called FinFisher, which is capable of remotely monitoring computers, smartphones, and other equipment in real-time, and has been sold on the open market to repressive governments.

9.       A shadowy Russian teenager has emerged as the new threat to Indian banks: He's said to hack ATMs using 'Tyupkin' - a virus that has the sinister power to force cash machines into maintenance mode and spew out currency notes. The modus operandi involves plugging in a USB drive or rebooting the ATM after taking off the side or back panel of an ATM. Once infected, a few simple keystrokes cause the cash to flow out. An ethical hacker showed that attackers can infiltrate banks, go behind the firewalls and move around from one ATM to another. He showed that the hackers can use Powershell, which none of the bank systems can detect. Powershell is a way to write malware that is not traced by the current systems and antivirus tools. It just looks like a plain text file, not like malware, but it has the full capabilities of malware.

10.   Recently researchers discovered a new Facebook post being shared that was offering an iPhone 6S for only £1. Targets of this scam will typically see a Facebook post that has been shared by their friends and other victims of the scam. Clicking on the post ends up redirecting to a fake news article on igadgete[.]com. The news article claims that a "trusted distribution partner" of Apple named "FunkyClock" is giving away iPhone 6S phones for £1 as part of a new promotion. Always be aware of an offer that seems too good to be true, because it almost certainly always is fake. If in doubt, Raytheon | Websense suggests the following: Never enter your card details into websites that you do not know or trust and If something doesn't feel right, stop what you're doing and seek help.