Security News Straight from Security Experts
Atom Bombing Returns
In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.” I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.
Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >
How a Russian spammer registered ɢoogle.com
A friend recently brought to my attention that the Google Analytics report for his website was showing that 18% of his visitors had the below message showing up under the language field. Typically, this field shows language abbreviations depicting the native language of the visitor to the site such as: “en”, “es”, “fr”.
“Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!”
Looking beyond the political aspect of this message, there are two issues here. The second being the most unsettling:
- First of all, it is not uncommon for spammers to target Google Analytics with messages that incite the website owner to follow the link. This specific spammer has been active with this campaign for several months now. Google...
ImageGate allows Ransomware Infection
With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.
The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >
Three ways to protect yourself
If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.
Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details.
For the purposes of this blog, I am... read more >
I am extremely excited to let you know that NTT Group has unified the NTT security businesses to form NTT Security Corporation, a specialized security company to deliver Managed Security Services (MSS) and security expertise through the NTT operating companies worldwide. NTT Security will combine Solutionary with NTT Coms Security and the managed security services platforms of both Dimension Data and NTT Communications, all of which will be integrated with the security platform of NTT Group’s R&D arm, NTT Innovation Institute. As a result of the merger, the Solutionary company name will change after August 1 to NTT Security (US) Inc. This name change will allow us to present ourselves as a fully-fledged subsidiary of the NTT Group.
The rationale for this merger is quite simple: together we have an improved ability to deliver what our clients and the security industry have long been asking for – an integrated approach to cutting-edge security solutions... read more >
Additional 24 months allowed for compliance
In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.
The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >
FireEye acted quickly to close a serious vulnerability in some appliances
On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.
Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.
Affected... read more >