Exynos Vulnerability on Samsung Devices
I recently purchased a Samsung Galaxy Note II and have been thoroughly enjoying it. The number of diverse applications is pretty amazing.
Unfortunately, a few days ago, a colleague passed an article along detailing an exploit associated with my brand of phone. The exploit is connected to the Exynos processor and the capability to obtain access to all physical memory.
Potential LogMeIn, DocuSign Email Leaks
On Friday, December 14, Brian Krebs posted an entry titled, “LogMeIn, DocuSign Investigate Breach Claims” to his blog, Krebs on Security.
Without completely repeating what he said, it appears several users of LogMeIn remote access software, as well as users of DocuSign electronic signatures, have reported an increase in malicious spam emails to the email addresses associated with the aforementioned products.
Attackers Specifically Targeting Mac OS Point of Sale (POS) Systems
As a Payment Card Industry Forensic Investigator (PFI), 403 Labs is constantly examining the latest attacks targeting POS systems. Of recent note is the discovery that criminal organizations are shifting their focus to target POS systems running on the Apple Macintosh platform.
In the past 60 days, our active trending has seen a significant upswing in attacks on non-Windows POS systems. One of the attacks we’ve seen targeting the Mac platform has left it just as exposed as its Windows-based counterpart. Before I start a “Windows versus Mac” religious uproar, though, let me put some facts on the table.
Malware: The Good, the Bad and the Ugly
This presentation by Pete Arzamendi, CISSP, QSA, PA-QSA, GREM, a consultant at 403 Labs, was given at the Milwaukee InfraGard meeting held at Milwaukee Area Technical College (MATC) on August 16, 2012. In it, Pete discusses different types of malware, as well as malware and memory analysis, including an overview of analysis tools and examples pulled from his past experiences.
Those interested in malware can also read Pete’s recent review of “Practical Malware Analysis” or check out other malware-related posts from the 403 Labs team.
Things to Consider When Using Wi-Fi
As a frequent business traveler and coffee shop web surfer, I am becoming more and more cognizant of what I am connecting to when it comes to Wi-Fi networks. Not only am I aware of what types of networks I am connecting to, but also where I am connecting (e.g. coffee shops, hotels, airports, etc.). Granted, my awareness is heightened due in part to the fact that I work in the Information Security field with some exceptionally brilliant minds who know the ins and outs of public and private Wi-Fi networks.
Recently, an article was published by Information Week that delved into some strategies for blocking hotel Wi-Fi malware. The post was inspired by a recent FBI advisory that made a point to mention that malware authors are targeting travelers abroad via pop-up in-browser windows.
At first glance you may say to yourself that you rarely travel abroad, therefore, you have nothing to worry about. Even if that is the case, you should always keep your guard up. Although the recent advisory was pointed at travelers abroad, the security essentials that the article points to can, and should, be applied to anyone.
Practical Malware Analysis – Another Hit From No Starch Press
Malware analysis is an obsession for me. So when I heard that No Starch Press was coming out with a new book called Practical Malware Analysis (also available at Amazon), I had to pick it up. Having read several No Starch Press books, I was confident that the content of the book was going to be good. Once again, No Starch Press did not let me down.
The writers, Michael Sikorski and Andrew Honig, did an excellent job of starting off with the basics. They include a “Chapter 0,” called Malware Analysis Primer, before diving into the more in-depth concepts. From there, the book consists of six major parts, with each comprised of three to four chapters. The huge bonuses of this book in my eyes are the hands-on labs at the end of each chapter. These labs help solidify the concepts that appear within the chapter.
For those who may be considering checking out the book, I thought I would include a brief description of each section here:
Happy BYOD Day!
It’s that time of year again. It’s time for your employees to unwrap their shiny, new smartphones and tablets.
As the holidays wind down and everyone gets back to work, they’ll likely want to plug their brand new toys into their workstation. It’s Bring Your Own Device Day (thanks to Network World for the acronym)! Documents will get synced, passwords will be keyed, corporate email will be on yet another device, and apps (and music, and movies, and possibly malware) will be downloaded. There also may be some existing devices that get discarded, resold, or handed down to little Billy so he can have his very own vintage smartphone.
This is a great time for a refresher on your security awareness training and for a new distribution of your security policies regarding personal equipment. Don’t forget to advise employees about data destruction so that little Billy isn’t carrying confidential data on the school bus.
New Trends in Spam/Phishing Tug Right at Your Purse Strings
Everybody (we hope) knows not to click on links, or download attachments from unsolicited emails. No matter how cheap the Cialis/Viagra is, or how much those Russian brides-in-waiting want to talk to you, DO NOT CLICK THAT LINK. Before getting into the new round of communications being sent, let’s start with a brief review of the last few years.
Beyond obvious spam attacks, recent years have seen the rise of much more clever phishing attacks.
A phishing email will often pose as a company or institution that you would trust. It seems this institution is having a problem and needs your assistance in resolving it. Ironically, these problems are often something along the lines of, “We’ve detected potentially fraudulent activity and need you to change your password (or verify your identity), please click here.” In order to resolve this “issue,” they’ll inevitably need something from you, like your account number, or a username and password.
Mobile Payment Applications Square off Against Android Threats
The PCI Council continues to have internal discussions regarding mobile payment applications. As Android malware increases exponentially, a wary eye is cast toward mobile payment applications, such as Square, that have not been subject to PA-DSS payment application security requirements.
The latest version of Square integrates wirelessly with existing cash drawers and receipt printers. The cash drawer opens [emphasis added] when the merchant taps “tender,” and receipts are printed with the merchant’s address and transaction itemization. (Square used to only offer text and e-mail receipts.)
With new features such as cash drawer activation, it’s worth watching the mobile threat landscape evolve in the coming months.
The USB Stick Attack Evolves, Grows a Tail
You and your fellow employees know (hopefully) that you shouldn’t take USB sticks from strangers. What if that USB stick was disguised as a USB mouse? A USB mouse, or any USB device, can be modified to house a storage device containing malware. If you connect the hacked device, your system is compromised.
If you’re responsible for security, risk, or compliance in your organization, here are some items for your consideration:
- Update your employee security awareness training material to include the evolved attack. Many users are aware of the malicious USB stick, but may not be aware of the threat from other seemingly harmless peripherals.
- Disable auto-run (or disable the ports completely) throughout the organization, including company-issue or employee-owned systems that connect to the company network. Hopefully this has been part of your standard hardening guidelines since Windows 95, but just a friendly reminder in case the guidelines have drifted a bit.
- If you’re using a “crash cart” at your datacenter, consider getting a dedicated console in your cage(s). That mouse sitting on the crash cart may have a surprise payload waiting for you someday. If you found a USB stick on the floor of the datacenter, you wouldn’t connect it to your servers, would you?