Security News Straight from Security Experts
How a Russian spammer registered ɢoogle.com
A friend recently brought to my attention that the Google Analytics report for his website was showing that 18% of his visitors had the below message showing up under the language field. Typically, this field shows language abbreviations depicting the native language of the visitor to the site such as: “en”, “es”, “fr”.
“Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!”
Looking beyond the political aspect of this message, there are two issues here. The second being the most unsettling:
- First of all, it is not uncommon for spammers to target Google Analytics with messages that incite the website owner to follow the link. This specific spammer has been active with this campaign for several months now. Google...
ImageGate allows Ransomware Infection
With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.
The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >
Three ways to protect yourself
If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.
Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details.
For the purposes of this blog, I am... read more >
I am extremely excited to let you know that NTT Group has unified the NTT security businesses to form NTT Security Corporation, a specialized security company to deliver Managed Security Services (MSS) and security expertise through the NTT operating companies worldwide. NTT Security will combine Solutionary with NTT Coms Security and the managed security services platforms of both Dimension Data and NTT Communications, all of which will be integrated with the security platform of NTT Group’s R&D arm, NTT Innovation Institute. As a result of the merger, the Solutionary company name will change after August 1 to NTT Security (US) Inc. This name change will allow us to present ourselves as a fully-fledged subsidiary of the NTT Group.
The rationale for this merger is quite simple: together we have an improved ability to deliver what our clients and the security industry have long been asking for – an integrated approach to cutting-edge security solutions... read more >
Additional 24 months allowed for compliance
In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.
The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >
FireEye acted quickly to close a serious vulnerability in some appliances
On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.
Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.
Affected... read more >
A rise in cyber extortion causes OCC and FFIEC to issue an alert
Two weeks ago today, on November 3, the Office of the Comptroller of the Currency (OCC) passed on a warning issued by the Federal Financial Institutions Examinations Council (FFIEC). The warning was essentially issued to the financial community, but applies to pretty much any business. The notice warns of cyber attacks, which include extortion, and points out that the FFIEC has seen in increase in both the frequency and quality of those attacks.
Without context, warning about “extortion” is pretty broad. The OCC notice is related to an FFIEC press release issued on November 3 of this year.
Ultimately, this extortion refers to holding some part of the target organization for ransom. These extortion attempts have typically come in the following scenarios:
- The attacker demands payment to have the attacker stop from proceeding with a denial of service (DoS) attack on the...