The Alien Eye in the Sky - Friday 22nd July

July 22, 2016 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

A roundup of the week’s news, commentary, and observations.

Pokemon Go has been all over the news this week, with initial reports of the app obtaining excessive permission, to reports of people being injured, or mugged by luring unsuspecting users.

But this isn’t a new problem, simply a repackaging. Mobile apps are notorious for requesting excessive permissions – something that users should scrutinize whenever installing a new app. However, in this case, it appears as if it was a failing on behalf of Google in allowing an app to not only request admin privileges, but do so without displaying a prompt to users. It’s an issue that apparently Google is seeking to fix as soon as possible. However, it does beg the question whether or not other not-so-popular apps have been able to sneak under the radar in the past. Does your company have a way of managing this risk?

Summer of Pwnage Is a hacker community event that has been examining Wordpress vulnerabilities. With only a few days left, it has found over 60 Wordpress vulnerabilities, which goes to show that community-powered efforts do work – but more importantly raises the question whether or not Wordpress itself is adequately secure.

Ranscam, recently uncovered by the Cisco Talos team, is a new unsophisticated ransomware that simply deletes users files and demands a ransom to get access to them again. It also performs other destructive actions like deleting the core Windows executable responsible for System Restores, deleting several registry key associated with booting into Safe Mode, and more.

Indicators of compromise for Ranscam in Open Threat Exchange can be downloaded:

Arguably one of the biggest case rulings this last week was when a court ruled Microsoft does not need to respond to US warrants for overseas data. Had this ruling gone against Microsoft, the impact would have been felt throughout US-based cloud-computing companies. While this is probably not the last we’ll hear on the matter – one cannot downplay the significance of this case.

Keydnap is Mac OS-specific malware that establishes a permanent backdoor to a C&C server and attempts to exfiltrate the Keychain file. The good news is if Gatekeeper is running in an unmodified state, it should be able to detect the downloaded malicious file as an unsigned Mach-O executable, block its execution and display a warning.

As Macs continue to proliferate through the consumer and enterprise, we can expect to see a continued rise in Mac-specific malware.

Turkey had a failed coup attempt. The Grugq writes a great article on the role of cyber in coups and why it was so influential this time.

Europe’s Advocate General gave the opinion that where personal data is saved, it should only be used for investigating ‘serious’ crime.

The key principle being applied here is one to safeguard the privacy of individuals.

However, the definition of serious crime is one that will likely be debated and interpreted differently depending on circumstances. Whatever the definition is, there should be an element of accountability and transparency built into the process to ensure powers are not being abused. Similar to how companies like Google or Microsoft present their transparency report annually that discloses how many requests for data came from law enforcement across the globe.

Security for the internet of cars remains a talking point. If you’re interested in understanding electronic control units (ECUs) in connected automobiles and how they can be hacked, then this guest blog post by Alissa Knight is an excellent overview to the topic.

User awareness is an ongoing exercise, particularly as phishing continues to remain a favoured tactic by those looking to infect systems. Our guest blogger Ryan Harnedy has channelled his inner Stephen R. Covey and published the seven habits of highly un-phishable users.

Patchwork is a targeted attack that was first observed in December 2015 and has infected approximately 2,500 machines since then. Patchwork targets military and political personnel, specifically those working on issues relating to Southeast Asia and the South China Sea.

Indicators of compromise for Patchwork in Open Threat Exchange can be downloaded:

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

TAGS:

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial