Fansmitter Hacks Air Gaps – Daily Security Byte EP. 281

Back-channel attacks, where attackers send information using unusual and hard to spot communication channels, are not new. However, I think they’re cool, if not a bit impractical. In this video, I cover the Fansmitter research from an Israeli University’s Cyber Security team. I don’t think this type of attack will affect you any time soon, but it’s still a fascinating idea. 

(Episode Runtime: 4:14

Direct YouTube Link: https://www.youtube.com/watch?v=i62FCE0ydWA

EPISODE REFERENCES:

• Computer fans used to break an air gap – Wired
• Researchers’ whitepaper on the Fansmitter attack – Wired

— Corey Nachreiner, CISSP (@SecAdept)

Cyber Criminals Get Sophisticated – Daily Security Byte EP. 254

Last week, Marc Laliberte talked about the total lack of network security that led to an $81 million dollar cyber bank heist. In today’s video, I share new information about the malware used in the heist, and how it affects the threat landscape. Watch to learn more below.

(Episode Runtime: 4:38)

Direct YouTube Link: https://www.youtube.com/watch?v=TFbETWfF5bg

EPISODE REFERENCES:

• BAE Security’s research on the BB hack malware – BAE Systems
• SWIFTs response to malware targeting their software – SWIFT
• How not to protect a national bank – WatchGuard Blog

— Corey Nachreiner, CISSP (@SecAdept)

Evasive Ponmocup Botnet – Daily Security Byte EP. 185

From an attacker’s perspective, the best botnet is the one you’ve never heard of, since the authorities won’t know what to take down. Using that measure, Ponmocup—a botnet recently detailed by the security group Fox-IT—is pretty successful, considering it has hung around over nine years and infected over 15 million victims. Watch today’s episode for more on this elusive new botnet.

(Episode Runtime: 5:36)

Direct YouTube Link: https://www.youtube.com/watch?v=AGGgYErnNVs

EPISODE REFERENCES:

• Research paper on an elusive nine year old botnet [PDF] – Fox IT
• A 15M victim strong botnet you’ve never heard of – The Register

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day Surfaces – Daily Security Byte EP.159

Adobe just released a new Flash update Tuesday, but researchers have already found sophisticated threat actors leveraging a new zero day Flash exploit in the wild. Trend Micro, one of our security partners, found the Pawn Storm attackers leveraging this new Flash exploit. Watch today’s video to learn when the next patch will come out, and what to do in the meantime.

UPDATE: Adobe actually sped up their schedule to release a fix. Go get it now.

(Episode Runtime: 1:27)

Direct YouTube Link: https://www.youtube.com/watch?v=_HFC6VFBdu0

EPISODE REFERENCES:

• Researchers find Pawn Storm using a new Flash flaw – Trend Micro
• Adobe’s security bulletin on the new Flash flaw – Adobe
• The fix for this 0day Flash issue – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

SYNful Knock Pwns IOS – Daily Security Byte EP.143

Sophisticated attackers have injected malicious firmware into at least 14 Cisco routers in four continents. Watch today’s quick video to learn more about this attack, and how you should validate your devices’ firmware.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=agcx4Xkv7Yw

EPISODE REFERENCES:

• SYNful knock: Pwned Cisco routers – FireEye
• Implanted routers hard to detect – Reuters
• Cisco IOS firmware verification page – Cisco
• Cisco’s post on how to protect yourself from threats like SYNful Knock – Cisco

— Corey Nachreiner, CISSP (@SecAdept)

Adult Ransomware and Hacked WhatsApp – WSWiR Episode 164

Do you have little time for security news, but wish you could keep abreast of the latest threats? In that case, our weekly summary video can help. Every Monday, we summarize last week’s infosec news for you, often in under ten minutes.

This week’s show includes Microsoft and Adobe patches, some adult-themed mobile ransomware, and a sneaky new malware command and control technique. Watch the episode below, and don’t forget to glance at the Reference section if you are interested in other news.

(Episode Runtime: 8:44)

Direct YouTube Link: https://www.youtube.com/watch?v=mnJivvR7nRw

EPISODE REFERENCES:

• Monday: N/A
  • Happy Labor Day!
• Tuesday: September Patch Day – Daily Security Byte EP.138
  • Microsoft September Patch Day summary post – Microsoft
  • Quick SANS summary of Microsoft Patch Day – SANS
  • Adobe’s Shockwave Advisory – Adobe
• Wednesday: WhatsApp Hacked – Daily Security Byte EP.139
  • Researcher finds critical flaw in WhatsApp web client – Checkpoint
  • Article describing the WhatsApp vulnerability (best headline) – The Register
• Thursday: Adult Mobile Ransomware – Daily Security Byte EP.140
  • Security group finds adult-themed mobile ransomware – Zscaler
  • Article describing the porn app ransomware – BBC
• Friday: Satellite C&C Channel – Daily Security Byte EP.141
  • Russian attackers use satellite internet to hide C&C – Wired
  • Kaspersky’s research on Satellite-based C&Cs – SecureList

EXTRAS:

• Apple pushes back against US gov. request for user data – NY Times
  • More news on Apple refusing DoJ order to decrypt data – TechDirt
• CopperheadOS: An open source “secure” android distro – Liliputing
• Grey hat researcher wants payment for FireEye 0day flaws – The Register
  • FireEye’s response to new flaws [PDF] – FireEye
  • Cluley’s comments on the FireEye 0day – Graham Cluley Blog
  • FireEye sues researcher to prevent disclosure – Ars Technica
• Using old email clients for security (don’t recommend) – Motherboard
• Researcher discloses critical vulnerability in Kaspersky AV – PC World
• James Clapper thinks the next state threat is data manipulation – The Guardian
• Group finds flaw that allows them to crack Ashley Madison passwords – CynosurePrime
  • Article on how the flaw allows faster bcrypt cracking – Ars Technica
• North Korea allegedly hacked popular South Korean word processor – Business Insider
• An “APT” group used a leaked criminal botnet – PC World
• Researcher hacks the sensors on self-driving cars – Techspot
• Major vulnerabilities in Seagate wireless hard drives – The Inquirer
• Health insurer loses 10M member records – Reuters
• Ashley Madison CTO is suing Krebs for claiming he hacked competitor – TechDirt
• John McAfee is running for president!?! WTH! – The Inquirer
  • His video campaign announcement – YouTube
  • More on why McAfee is running for president – Digital Trends
• Spear phishing is a big threat. Train your employees – Ars Technica
• Akamai reports an increase in DDoS from a particular gang – SC Magazine
• CoreBot includes banking crime modules – ZDNet
• GM took five years to fix an Onstar flaw – Business Insider
• Does GHCQ want simple passwords so they can crack them? – The Guardian
• Get your Google Nexus security updates for September – Android Police

— Corey Nachreiner, CISSP (@SecAdept)

Satellite C&C Channel – Daily Security Byte EP.141

Attackers have always tried to hide their command and control (C&C) servers using proxies and peer-to-peer (P2P) networks, but authorities still eventually track them down. However, an advanced hacking group has found a new way to keep their malicious control servers off the radar. Watch Friday’s video to learn about this hidden communication channel.

(Episode Runtime: 3:35)

Direct YouTube Link: https://www.youtube.com/watch?v=jZMS41ZmhCI

EPISODE REFERENCES:

• Russian attackers use satellite internet to hide C&C – Wired
• Kaspersky’s research on Satellite-based C&Cs – SecureList

— Corey Nachreiner, CISSP (@SecAdept)

Ransomware Costs $18M – Daily Security Byte EP.104

I’ve mentioned ransomware repeatedly in my videos, but today the FBI warned business how dangerous ransomware can be. Watch our video to learn how much ransomware has cost US companies this year, and how to protect yourself from it.

(Episode Runtime: 2:30)

Direct YouTube Link: https://www.youtube.com/watch?v=Z1WVM7_xLMQ

EPISODE REFERENCES:

• Cyber criminal make over $18M from ransomware – Ars Technica
• FBI’s official warning about ransomware – IC3.gov

— Corey Nachreiner, CISSP (@SecAdept)

Spam Spreads 0day Flash Exploit – Daily Security Byte EP.102

Adobe released an emergency patch today to fix a zero day Flash vulnerability, which a security company found attackers exploiting in the wild. Watch today’s short video to learn how these alleged Chinese attackers delivered this exploit, and what you can do to protect yourself from it.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=mSXb6N1k-ok

EPISODE REFERENCES:

• Adobe releases out-of-cycle Flash update for 0day – Adobe
• Alleged Chinese threat actors exploiting 0day Flash flaw – Forbes
• Researchers write-up on Operation Clandestine Wolf – FireEye Blog
• FireEye’s IoC for APT3 group – Github

— Corey Nachreiner, CISSP (@SecAdept)

APTs, Updates, and OPM – WSWiR Episode 156

Information Security is a hot topic right now; unfortunately not for all the right reasons. Nowadays, it’s not unusual to have a big data breach, new zero day malware, and a ton of security updates all in the same week. If you’re part of an IT organization that’s concerned with protecting your network, but that doesn’t have time to keep up with the deluge of InfoSec news, this weekly video is for you.

Last week’s episode covered a nasty new variant of point-of-sale (POS) malware, Microsoft and Adobe’s monthly security updates, and a significant network breach of a well-respected security company. If you want to learn about all these stories and more, watch the episode below. Also, take a peek at the Reference section if you are interested in other InfoSec items from the week.

(Episode Runtime: 13:25)

Direct YouTube Link: https://www.youtube.com/watch?v=52reUvOR6FE

Show Note: On some occasions, I will not be able to post the blog update associated with these videos immediately, even though the video is already online. If you’d like to know about the latest video as soon as it’s posted, subscribe to my YouTube channel. Also, if you want email updates for each blog post, don’t forget to subscribe to this blog in the top right corner.

EPISODE REFERENCES:

• Monday: MalumPOS Targets Oracle MICROS – Daily Security Byte EP.93
  • Memory scraping malware targets Oracle POS systems – Network World
  • Trend Micro’s blog post on MalumPOS – Trend Micro
  • In depth white paper on MalumPOS [PDF] – Trend Micro
• Tuesday: US Federal Sites Use HTTPS – Daily Security Byte EP.94
  • US Government makes HTTPS a federal standards – Silicon Republic
  • The HTTPS-Only standard – CIO.gov
• Wednesday: Microsoft Posts Critical Patches – Daily Security Byte EP.95
  • Microsoft’s June Patch Day Summary Bulletin – Microsoft
  • Nice blog write up will all you need for June Patch Day – Ghacks.net
• Thursday: Kaspersky Gets an APT – Daily Security Byte EP.96
  • Kaspersky’s network breached by nation state actors – Kaspersky blog
  • The mystery of Duqu 2.0 – Securelist
  • Duqu 2.0 FAQ [PDF] – Securelist
  • In-depth report on Duqu 2.0 [PDF] – Securelist
  • Duqu 2.0 Indicators of Compromise (IoC) – Securelist
  • Kaspersky’s Forbes editorial on Duqu 2.0 – Forbes
  • P5+1 hotels also affected by Duqu 2 – WSJ
  • Graham Cluley on the Kaspersky hack –  Graham Cluley blog
• Friday: OPM Breach Gets Worse – Daily Security Byte EP.97
  • OPM breach is worse than first realized – The Guardian
  • 14M records stolen during OPM breach – Seattle Times
  • Federal union president says no encryption on OPM SSNs – Tech Dirt
  • Cyber criminal claims credit for OPM breach and drops emails – Motherboard
  • Good article on how using PII for authentication is bad – Network World

EXTRAS:

• Research hacks hospital drug pumps – Wired
• Hackers target SMBs too – NY Times
• 80% of firms have been breached – Phys.org
• WordPress spread Linux bot is still out there – The Register
  • More detailed article on Mumblehard – Ars Technica
• Adware spreading through Skype – Betanews
• US Energy sector worried about power grid attacks – Scientific America
• Australian web provider hit by database attack – Reuters
• FreeParking hit by DDoS – The Register
• SEA defaces US Army web site – Raw Story
• DDoS attacks used in Bitcoin extortion – The Register
• Changing passwords is not enough after a breach, replace certs – Computer World
• AUSCert speaker talks about how SDN helps security – The Register
• Some good news. Cyber crime arrests in Europe – Reuters
• Tech industry asks US gov. not to weaken encryption – The Guardian
• FBI seizes computers related to celebrity photo hack – The Guardian
• Powerliks; the fileless trojan – ZDNet
• Ransomware and CTB Locker blow up – Business Insider
• NK threatens US with cyber attacks – Computer World
• Nearly all UK orgs have been breached –  Computer Weekly
• Wikipedia added to list of sites defaulting to HTTPS – Tech Crunch
• IE adds HTTPS Strict Transport Security – The Register

— Corey Nachreiner, CISSP (@SecAdept)