Security Briefing – 1-16-2018
Despite the rash of ransomware, malware and other big vulnerabilities over the last few months, phishing is still a big deal. Last week, a phishing campaign that hijacked the Netflix brand made big news. Users were greeted with an email that their Netflix account was on hold and it went downhill from there, including asking users to re-confirm credit card payment and even take a selfie to confirm identity.
A majority vote in the US House of Representatives to renew Section 702 of the Foreign Intelligence Surveillance Act (FISA) for six years will, in their view, give them continued access to the indispensable tools they need to prevent major foreign terrorist attacks. This means 6 more years of warrantless searches if it all goes through.
An Ontario man made his first court appearance Monday to answer charges of running a website that collected personal and password data from some three billion accounts, and sold them for profit. The information was stolen during massive hacks of websites including LinkedIn and the Ashley Madison online dating service.
Assessments conducted last year by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that boundary protection remains the biggest problem in critical infrastructure organizations, but identification and authentication issues (shared passwords) have become increasingly common.
A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users’ computers and take control of them. So don’t use it; in fact, don’t torrent things at all!
Some of the patches that came out in the last few weeks for the CPU vulnerabilities have dramatically slowed systems, or halted them altogether. Intel, Google and Microsoft have been scrambling to fix this, in some circumstances removing patches, reuploading patches, and halting patches from hitting end-user systems.
Researchers identified 60 apps on Google Play infected with AdultSwine malware that in some cases displayed graphic adult-themed ads on apps intended for children. They have been removed from the Google Play store.
The CIA has concluded that Russia’s GRU military spy arm waged the NotPetya data-wiping cyberattack on Ukraine in June of last year, according to a report late last week in The Washington Post. This was long postulated, but they confirmed it.
A new piece of malware designed to target industrial control systems (ICS) has been used in an attack aimed at a critical infrastructure organization, FireEye reported on Thursday. The malware, which FireEye has dubbed “Triton,” is designed to target Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers. Customers have been advised not to leave the front panel key position in “Program” mode when the controller is not being configured.