Security Briefing – 3-13-2018
Mid-day Tuesday, Microsoft’s Windows Defender blocked more than 80,000 instances of several new variants of the Dofoil(aka Smoke Loader) downloader. The signatureless machine learning capabilities of Defender detected anomalous behavior, and within minutes had protected Windows 10, 8.1 and 7 users from the outbreak. Microsoft describes how the Dofoil downloader works, and how it was detected. Noticeably, it does not explain how the computers were compromised in the first place.
Researchers uncovered another piece of the puzzlein the compromise of the popular Windows utility CCleaner last fall that further points to a targeted cyber espionage campaign: a backdoor that had been deployed in a previous software supply chain attack last year. Security firm Avast – which acquired CCleaner vendor Piriform on July 18 of last year – recently found that the attackers appear to have had a third stage of their attack planned that used the ShadowPad backdoor for capturing keystrokes and stealing information from infected networks.
New Trojan! Researchers at Proofpoint most recently detected the FlawedAmmyy Remote Access Trojan as the payload in email campaigns from early March 2018. The FlawedAmmyy malware was built on top of leaked source code for version 3 of Ammyy Admin, a legitimate form of remote desktop software used among millions of consumers and businesses to handle remote control and diagnosis on Windows machines.
Somebody screwed up at Oculus last Wednesday, when an expired security certificate (SSL) caused all Rift virtual reality headsets to keel over. This effectively killed all connectivity to the Oculus Runtime Services, which meant no one could do anything for the better part of the day. They fixed it, though! Renew your certs!
US President Donald Trump blocked Monday an unsolicited bid by Singapore-based Broadcom to take over smartphone chipmaker Qualcomm, citing national security concerns.
Experts from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel combined previous research on communications through ultrasonic waves with a technique that can be used to turn a device’s speakers into a microphone in an effort to create a covert data exfiltration channel.
In a new report this week, security vendor McAfee says it observed a 267% increase in fileless malware samples leveraging PowerShell just in the fourth quarter of 2017, compared to the same period a year ago. The total number of PowerShell malware samples that McAfee observed in 2017 was a massive 432% higher than the number observed in 2016.
Last week Science reported that claims that are demonstrably false – as in, tweets related to news that had been investigated by six independent fact-checking organizations, including PolitiFact, Snopes and FactCheck.org – are 70% more likely to be retweeted. Bogus claims about politics spread further than any other category of news included in their analysis.