Hackers Can Use Cortana to Open Websites on Windows 10 Even if Your PC is Locked*:
- A pair of independent researchers uncovered a particularly worrisome security vulnerability in Microsoft’s Windows 10.
- The simple “hack” involves activating Cortana via voice command to open websites on a PC that’s been locked.
- The vulnerability doesn’t allow a bad actor to unlock your computer, but with physical access to your system they could direct it to just about any website they wanted.
- They could even, potentially, hijack your processor for cryptocurrency mining or install malware.
- The scenario becomes even more concerning if the attacker has enough access/time to plug a USB drive/stick into the target PC.
- This combination of vulnerabilities could potentially allow a hacker to proliferate an attack against any computers connected to the same network.
- By default, your system probably has “use Cortana even when my device is locked” enabled, but you can disable this function in settings.
*Source: The Next Web, March 03, 2018
Researcher Finds 50,000 Sites Infected with Cryptocurrency Mining Malware*:
- The cryptocurrency mining malware epidemic is getting out of hand: nearly 50,000 sites have been surreptitiously infected with crypto-jacking scripts according to a security researcher.
- Relying on source-code search engine PublicWWW to scan the web for pages running crypto-jacking malware, he was able to identify at least 48,953 affected websites.
- Coinhive continues to be the most widespread crypto-jacking script out there, accounting for close to 40,000 infected websites.
- The remaining 19 percent are spread between various Coinhive alternatives, like Crypto-Loot, CoinImp, Minr, and deepMiner.
- In February, security researchers discovered that a slew of legitimate websites – including government and public service agency portals – were quietly running crypto-jacking scripts.
- The researcher has also published a document on PasteBin file detailing the 7,000 affected sites found since January 20 this year.
*Source: The Next Web, March 07, 2018
Vatican Invites Hackers to Fix Problems, Not Breach Security*:
- Computer hackers with a heart are descending on the Vatican to help tackle pressing problems particularly dear to Pope Francis, including how to better provide resources for migrants and encourage solidarity for the poor.
- The “Vatican Hackathon,” an around-the-clock computer programming marathon, starts Thursday in the Vatican, with the full support of the pope, several Vatican offices and student volunteers from Harvard and MIT.
- Organizers stressed that no firewalls will be breached or acts of computer piracy committed.
- Teams of programmers, graphic designers and project managers will be asked to provide technological solutions to specific problems in three general areas:
- Solidarity in a digital world
- Communication in interfaith dialogue
- Mobilization of resources for migrants
*Source: Washington Post, March 08, 2018
Vulnerability in Robots Can Lead to Costly Ransomware Attacks*:
- A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements.
- Softbank was notified of the vulnerability in January 2017, but Kaspersky said they aren’t aware of any available patches.
- The vulnerability can open opportunities for ransomware attacks targeting sensitive in-transit information collected on the robot – like video feed, audio, payment, or other business information running on the robots.
- Another critical ransomware target is downtime in robots – many businesses lose money every second one of the their robots is non-operational.
- The NAO and Pepper robots, priced around $10,000, are some of the most widely used research and education robots in the world.
- These robots are used by an array of businesses, in the education, retail and industrial space – such as Sprint, which has started to use Pepper robots to assist customers at its U.S.-based retail stores.
- In order to deploy ransomware, researchers exploited an undocumented function that allows remote command execution.
- To keep users from restoring the system uninstalling the ransomware, attackers can also disrupt the factory reset mechanism.
- The attacker could then notify infection to command and control servers and infect all behavior files, which contain custom code to execute the main robot business or actions.
- The research company’s proof of concept indicates that the notion of ransomware will become much more costly, and potentially dangerous, when applied to the robots increasingly appearing in homes, education centers, and businesses.
- Though its proof of concept ransomware targeted SoftBank’s Pepper and NAO, the same attack is possible on many robots from several vendors.
*Source: Threat Post, March 09, 2018
Fileless Malware Soars as Healthcare Suffers in Q4*:
- The volume of new cyber-threats found every second doubled between Q3 and Q4 2017, with the number of detected fileless malware samples soaring.
- Fileless malware attacks leveraging Microsoft PowerShell increased 432% over the course of 2017 and 267% in Q4 alone.
- It’s increasingly favored by the black hats as it allows them to conduct attacks with minimal use of malware, thus evading traditional cybersecurity filters.
- McAfee reported that ransomware volumes grew 35% in Q4 to end 2017 with 59% year-on-year growth.
- According to McAfee, cyber-criminals are increasingly turning their attention to crypto-mining and hijacking Monero and Bitcoin wallets as a way to make more money hassle-free.
- This backs up similar observations from the likes of Cisco, which has reported that hackers are increasingly eschewing ransomware in favor of tactics which offer a higher ROI.
- Publicly disclosed security incidents targeting healthcare decreased by 78% in Q4, but the sector experienced a massive 210% overall increase in incidents in 2017.
- It’s well known that healthcare organizations (HCOs) are an increasingly popular target for hackers, as many are poorly protected, but store valuable patient records.
*Source: Info Security, March 12, 2018
S.E.C.’s New Cybersecurity Guidance Won’t Spur More Disclosures*:
- Security breaches at companies like Equifax, Target and Yahoo over the past few years have exposed the personal information of millions of consumers; the response from companies usually seems to be about keeping a lid on the hack.
- The S.E.C. would like to end that response, but its guidance may not go very far in changing how companies deal with cybersecurity issues.
- The S.E.C.’s guidance is full of good advice, but the regulator has yet to institute any direct measures to compel companies to reveal the nature and scope of a cybersecurity breach.
- There will always be at least some lag time between discovering a theft of information and an assessment of its extent, but the S.E.C. said that an ongoing investigation (which can often be lengthy) would not on its own provide a basis for avoiding disclosures of a cybersecurity incident.
- The S.E.C. also warns companies about the potential for insider trading when they learn about a breach, which inevitably has a negative effect on the stock price once it is disclosed.
- The S.E.C.’s guidance is certainly welcome, and it may nudge companies to be more aggressive in policing stock sales when a cybersecurity problem comes to light.
- The problem is that advice can be easily ignored when a breach occurs; if they want to send a message to companies, the S.E.C. may need to pursue enforcement action.
*Source: New York Times, March 03, 2018
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'*:
- According to Investopedia, boiling the ocean is to undertake an impossible task or project, or to make a task or project unnecessarily difficult.
- In security, we can learn a valuable lesson from this expression – security is all about balance and pragmatism.
- Enumerating risks and threats to the organization while simultaneously prioritizing them.
- Seeking to mitigate risk while in parallel understanding the need to accept a certain amount of it.
- Building a security program even though some of the people, process, and technology involved may be missing or imperfect.
- Running security operations with an understanding that the conditions are never ideal.
- There are twenty signs you are trying to boil the ocean:
- Perfect is the enemy of good.
- Finding the problem in every solution.
- Working in series rather than in parallel.
- Inability to find the path forward.
- Playing hot potato.
- Always looking for more data points.
- Always waiting for something else to happen.
- Looking for every out.
- Waiting for more money.
- Waiting for more time.
- Looking for the perfect hire.
- Drowning in false positives.
- Stagnant on content development.
- Processes and procedures are forever a work in progress.
- Inability to start a dialogue with executives.
- Inability to make progress with the business.
- Operations permanently stuck in ramp-up.
- Inability to prioritize risk.
- Draconian policies.
*Source: Dark Reading, March 06, 2018