Security Briefing 4.18.2017
Cybercriminals managed to steal payment card data from nearly 40 Shoney’s restaurants after planting malware on their point-of-sale (PoS) systems. The malware is believed to have stolen data between September 29 and December 29, 2016. However, the company only received confirmation that the threat had been neutralized in February and March. Affected properties are investigated at this time.
Last week, Canada’s Mounties admitted for the first time that just like US police, they use stingrays. Stingrays are suitcase-sized cell site simulators. This means that they mimic a cell tower and trick nearby phones (as in everybody’s phones, not just crooks’). It tricks them into connecting and giving up their identifying information and location.
Spammers are spreading Java-based remote access Trojans, known as jRATs, targeting tax filers with attachments named “IRS Updates.jar” and “Important_PDF.jar”. If executed, they give attackers access to compromised endpoints. Zscaler, which is tracking the jRATs, believes some of the campaigns could be related to the Loki Trojan,. This trojan was part of the attacks on android phones last month.
Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday. They said that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. This was the March security rollup.
A Tennessee man last Friday pleaded guilty to illegally hacking into his former employer’s computer networks. This went on for nearly a two-year period. In addition he pleaded to pilfering proprietary business information worth roughly $425,000, according to an announcement Friday by the Department of Justice. The man also started a new engineering firm and accessed his old employer’s network to get budgets and engineering diagrams. Not nice!
Cerber, one of the most active malware families over the past year, has increased its share of the ransomware market to 87% in the first quarter of 2017, Malwarebytes Labs reports. Also, over the past several months, Cerber’s operators used a broad range of available distribution methods, ranging from exploit kits to the recently patched Apache Struts 2 vulnerability.
The author of a new piece of ransomware is selling their creation on underground forums as source code, Forcepoint security researchers have discovered. The ransomware is provided as a C++ source code. This is also paired with the necessary PHP web server scripts and a payment panel. According to Forcepoint, the malware emerged on several Tor-based sites some two weeks ago. The malware is about 0.35 Bitcoin (around $400) but negotiable.
Vulnerabilities found by researchers in Bosch’s Drivelog Connect product can be exploited by hackers to inject malicious messages into a vehicle’s CAN bus. The vendor has implemented some fixes and is working on adding more attack protections. Drivelog Connect provides info about a vehicle via a USB Bluetooth dongle. The flaw in the software allows the hackers to remotely turn off the car within range.
Finally, while expected for some time, Microsoft this week ended support for its Windows Vista operating systems. The change entered into effect on April 11. This is the very same day Microsoft began rolling out Windows 10 Creators Update to its users. RIP.
There are roughly 25 sensors in a modern smartphone that measure anything from ambient light, magnetization, acceleration, proximity, thermometers, and air humidity, to name a few. Newcastle University theorized that these sensors used to record device orientation could be used to figure out specific touch actions, namely PIN’s. Finally, They setup a test to train a neural network to guess PIN’s based on this data and by the 5th attempt the network was 100% correct.