Resurgence of Cryptolocker ransomware, plus other security headlines

Scam Of The Week: New Massive Wave of CryptoLocker Ransomware Infections

We all thought that evil genius Evgeniy Bogachev had retired at the Black Sea with his tens of millions of ill-gotten gains after he became the FBI’s #1 Most Wanted cybercriminal. Well, perhaps he ran out of money.

CryptoLocker ransomware is back big time. Researchers have spotted a sudden resurgence this year, specifically identifying clusters of attacks in Europe and the U.S.

For people new to the ransomware racket, Russian cybercrime gangs tend to test and debug their campaigns in Europe, and then attack America in full force. CryptoLocker ransomware is today’s ransomware’s still very potent granddaddy, and pioneered this highly successful criminal business model in September 2013, hundreds of copycats followed.

Microsoft’s Malware Protection Center blog stated: “Ransomware proved to be a truly global threat in 2016, having been observed in more than 200 territories. In the US alone, ransomware was encountered in more than 460,000 computers or 15% of global encounters. Italy and Russia follow with 252,000 and 192,000 ransomware encounters, respectively. Korea, Spain, Germany, Australia, and France all registered more than 100,000 encounters.

Read full article: https://blog.knowbe4.com/new-dark-web-scheme-lets-wannabe-cybercriminals-get-in-on-ransomware-for-free



Security Headlines

TechNewsWorld – WikiLeaks Dumps CIA Hacking Docs Online

WikiLeaks on Tuesday dumped thousands of classified documents onto the Internet, exposing hacking programs used by the U.S. Central Intelligence Agency.

The torrent of data is just the first in a series of dumps WikLeaks is calling “Vault 7.” This first installment includes 8,761 documents and files stolen from an isolated high-security network within the CIA’s Center for Cyber Intelligence in Langley, Virginia.

This first batch of data, according to WikiLeaks, introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal, and dozens of zero-day weaponized exploits against a wide range of U.S. and European company products — among them, Apple’s iPhone, Google’s Android operating system, Microsoft’s Windows OS, and Samsung’s smart TVs, which are turned into covert microphones.

https://www.technewsworld.com/story/84353.html


Darkreading – Attacks Under Way Against Easily Exploitable Apache Struts Flaw

Security experts today urged enterprises using Apache Struts2 for Web applications to upgrade to either versions 2.3.32 or 2.5.10.1 as soon as possible after researchers from Cisco Talos disclosed an easily exploitable bug in all other versions of the open-source framework.

Exploits for the flaw are already available in the wild and attackers are using them to actively look for and target vulnerable Web servers. Most of the attacks appear to be taking advantage of a proof-of-concept exploit that was released publicly.

The remotely executable flaw exists in something called the Jakarta Multipart parser in Struts. It allows attackers to inject malicious commands into certain HTTP requests, which are then executed by the Web server. What makes the vulnerability especially dangerous is that it allows attackers unauthenticated remote access to insert malicious commands and payloads of their choice into HTTP requests.

https://www.darkreading.com/attacks-breaches/attacks-under-way-against-easily-exploitable-apache-struts-flaw/d/d-id/1328362


Threatpost – Hundreds of Thousands of Vulnerable IP Cameras Easy Target for Botnet

A researcher claims that hundreds of thousands of shoddily made IP cameras suffer from vulnerabilities that could make them an easy target for attackers looking to spy, brute force them, or steal their credentials.

The issues are largely tied to an embedded web server that’s used in each camera. While Kim cautions the web server software, GoAhead, isn’t vulnerable, the OEM vendor who implemented it in each camera is likely responsible for introducing vulnerable code.

https://threatpost.com/hundreds-of-thousands-of-vulnerable-ip-cameras-easy-target-for-botnet-researcher-says/124192/


Threatpost – Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation

Mozilla fixed 28 vulnerabilities, including some that could result in a crash and the bypass of ASLR and DEP, when it released Firefox 52 on Tuesday.

Seven of the vulnerabilities are considered critical, according to an advisory posted by the Mozilla Foundation.

While Mozilla has been gradually deprecating the SHA-1 algorithm over the past few months, the deprecation policy is enabled by default in Firefox 52.

The cryptographic hash function has long been viewed as insecure but researchers from Google and Centrum Wiskunde and Informatica (CWI) delivered what may end up being the final nail in the coffin for SHA-1, with the first practical collision attack, last month.

Going forward users who encounter SHA-1 certificates that chain up to a root cert in Mozilla’s CA program will be displayed an “Untrusted Connection” error. For the time being users can override those warnings.

https://threatpost.com/firefox-52-expands-non-secure-http-warnings-enables-sha-1-deprecation/124155/



Security Bulletins from the FBI and DHS

FBI – Your Company is at High Risk for W-2 Email Scams During Tax Season

Hunting season just began — the season in which cybercriminals are hunting for W-2 information from your company. They do this by sending emails spoofing high-level executives, such as the company President or CEO, to lower level clerical personnel requesting that W-2s for employees be provided by return email. The email is coming from — and then returned to — the criminal, not the executive, along with the W-2s. The company now has a serious data breach on its hands. Worse, your company’s employees’ information has been exposed and they now have this problem to worry about.

https://www.secureworldexpo.com/industry-news/your-company-is-at-high-risk-for-w-2-email-scams-during-tax-season


DHS – Android device’s Pattern Lock security can be cracked within five attempts

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts – and more complicated patterns are the easiest to crack, security experts reveal.

Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners.

In order to access a device’s functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked.

By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

https://www.homelandsecuritynewswire.com/dr20170131-android-device-s-pattern-lock-security-can-be-cracked-within-five-attempts



Vendor Information

Google – Chrome 57 Patches 35 Vulnerabilities

Google announced on Thursday that the stable channel of its Chrome web browser has been updated to version 57 on Windows, Mac and Linux.

The latest version brings several new features, including the availability of CSS Grid Layout, and various functionality improvements. Chrome 57 also patches 35 vulnerabilities, more than half of which were reported by external researchers who earned a total of $38,000 for their work.

The most serious of the flaws, based on the bounty amount, is a memory corruption bug (CVE-2017-5030) in the V8 JavaScript engine.

https://www.securityweek.com/chrome-57-patches-35-vulnerabilities


 

Related Posts

Search