Security Briefing 2.14.17
iOS test messages with ‘preview’ – think Amazon shipment text messages – can actually house malware, as a bizarre case in Mexico notes. Advocates of Mexico’s ‘soda tax’ were receiving strange text messages. Things like funeral notifications, photo evidence of an affair, family members in horrific car accidents – all with the ‘preview’ in iOS messaging. Clicking that infected the device with spyware.
A recently discovered Microsoft Office loader uses malicious macros to drop multiple malware families, Palo Alto Networks security researchers warn. The loader was discovered in early December 2016 and has more than 650 unique samples of malware in it. This office loader comes in the form of email attachments, as always.
Researchers at the Georgia Institute of Technology have demonstrated the potential impact of ransomware on industrial control systems (ICS) by simulating an attack aimed at a water treatment plant. The attack simulation shows how an attacker with access to the PLCs can close valves, display false information to the operator, and increase the amount of chlorine added to the water.
The U.S. Border Patrol has forced a US citizen and NASA employee to unlock his NASA-owned company phone to re-enter the country. He left when Obama was in office and returned January 30th, when Trump was in office. The Jet Propulsion Lab at NASA wasn’t really thrilled about this, since the phone contained sensitive data. What a time to be alive.
Linux-based malware explicitly targeting the internet-of-things devices was on the rise in 2016 and has seen a spike in Q4 16/Q1 17 so far, according to Sophos. Large blocks of IP’s are being scanned and brute-forced via SSH at an alarming rate. Change the default passwords of your devices!
Here is a nice rundown of the group that ultimately helped the democrats lose the US election: Fancy Bear. So much for being covert.
Threat intelligence firm ThreatConnect announced this week the launch of a new suite of products designed to help organizations understand adversaries, automate their security operations, and accelerate threat mitigation. In addition, TC Complete, the company’s flagship product, is a security operations and analytics platform. It aims to enable companies to efficiently run their security operation center (SOC) by giving them the ability to orchestrate security processes, analyze data, respond to threats, and report progress from a single location.
Finally, Hewlett Packard Enterprise (HPE) announced on Tuesday the launch of a new threat investigation solution, ArcSight Investigate, and a new SecureData product for IoT and big data. ArcSight Investigate can be integrated with Hadoop and other ArcSight products, including Data Platform (ADP) and Enterprise Security Manager (ESM).