Week in review: Dell computers shipped with root CA cert and private key, analytics services tracking users via Chrome extensions

Here’s an overview of some of last week’s most interesting news and articles:


Four ways an attacker can infiltrate an organization by diverting security solutions
Even if we theoretically had the perfect security product that blocks direct infiltration into the company, threat actors who want to get in will find a way. Call it infiltration by design.

Video training course: Penetration testing and ethical hacking
At the conclusion of this training course, you’ll be able to create a strategy to prevent attackers from entering your system.

Vonteera adware blocks AVs, can install uninstallable Chrome extensions
The Vonteera adware family has been around for quite some time, but it is now slowly starting to cross the line between unwanted, potentially malicious software to outright malware.

Users find backdoors to do their job
Balabit unveiled the results of its pan-European survey into the current state of IT security. The survey looked at how organisations balance IT security and business flexibility; whether they choose to be more secure by implementing additional controls that might hinder productivity or prefer to have flexible business operations. It also looked at how a promising business opportunity changes the game.

Five big technology predictions into 2016
Audrey William, Head of ICT Research for Australia & New Zealand at Frost & Sullivan, talks about upcoming technology changes.

New law allows French police to seize and search electronic devices without a warrant
In the wake of the Paris attacks, the French Senate passed on Friday a bill that extends the state of emergency declared after the attacks to three months.

Analytics services are tracking users via Chrome extensions
It’s quite possible that, despite your belief that the Google Chrome is the safest browser there is and your use of extensions that prevent tracking, your online movements are still being tracked. The culprits? Popular Chrome extensions like HooverZoom, Free Smileys & Emoticons, Flash Player+, SuperBlock Adblocker and many more.

The current wave of data protection regulations and how it will affect the infosec industry
What we have seen with cloud service providers (CSPs) is that the more data you store, the larger the risk and more attractive target you become. Of course, there is a central difference between CSPs and ISPs, which is that the protection, storage and safety of this data is a core business function of CSPs and as such they already maintain high standards. For ISPs this is not the case, and they will have to build or expand their infrastructure to manage this information, which requires careful consideration of how to fund this system, and encourage best practice to protect this data once it is gathered.

Zero detection GlassRAT operated undetected for years
What makes this RAT special is the fact that has been in use for the last three years and, until very recently, was not detected by AV software.

Five ransomware safety tips for online retailers
Craig Young, security researcher for Tripwire, identified five crucial steps online retailers can take to protect themselves from ransomware.

Dell shipped computers with root CA cert, private crypto key included
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the danger of Man-in-the-Middle and signed malware attacks. A day after this discovery, another root CA cert with key was found on Dell’s machines.

MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection
Hacker and security researcher Samy Kamkar, who’s noted for being the author of the first Web 2.0 worm, creating zombie cookies, and USBdriveby, has now come out with a new project.

Production freeze: Prevent, detect, correct
As we enter the Christmas shopping season, many retail organisations go into a “production freeze” where they halt updates and configuration changes in their payment and order fulfillment systems to limit the risk of interruption and slowdowns to mission critical systems. This creates a particularly interesting situation: there will be very little in the way of updates to those systems over the next 90 days. Any steps to prevent an incident – that would make an organisation a harder (or more expensive) target for criminals – are now on hold until after the holiday rush. So how can organisations prepare for the days ahead?

ModPOS: The most sophisticated POS malware to date
Elements of ModPOS date back as far as early 2012. It targeted US retailers in late 2013 and throughout 2014, and is expected to continue to do so in the future. According to iSight Partners, the malware is responsible for the theft of information tied to millions of payment cards so far.

Credential manager system used by Cisco, IBM, F5 has been breached
Pearson VUE, a provider of computer-based assessment testing for regulatory and certification boards, has announced that its Credential Manager system (PMC) has been compromised by an unauthorized third party with the help of malware.

GPS faker software broadcasts spam across thousands of fake profiles
Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your social network. This kind of spam also has a long lifespan since social media content stays online 24/7 and is rarely removed, if ever.

More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, Carnegie Mellon University’s CERT/CC warns.

Linux crypto ransomware continues to wreak havoc, but there’s some good news
Dr. Web, the security company that first warned the public about the malware existence and behavior, has been forced to announce that their free offer for helping their customers decrypt the files encrypted by this specific malware will be limited to those who, at the moment of infection, were already running one of the company’s security solutions.




Share this