Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 14, 2016

December 12, Help Net Security – (International) New AirDroid releases fix major security issues. The AirDroid team released mobile version and Microsoft Windows and Apple Mac version of its remote management tool for Android after Zimperium security researchers found the app does not verify if a served update is legitimate, and sends and receives information over insecure channels, thereby exposing users on unsecured networks to man-in-the-middle (MitM) attacks. In addition to the security improvements, the AirDroid developers also upgraded the communication channels to Hypertext Transfer Protocol Secure (HTTPS) and enhanced the encryption method. Source

December 12, SecurityWeek – (International) Dozens of teens arrested over DDoS attacks. Europol announced that 34 arrests were made as part of a multi-national operation targeting users of distributed denial-of-service (DDoS) cyber-attack tools after the individuals allegedly paid for stressers and booters services to deploy malicious software to launch DDoS attacks. Authorities believe the tools used in the attacks are part of the illicit DDoS-for-hire services where a hacker can pay to have an attack carried out against a targeted victim. Source

December 12, SecurityWeek – (International) Samas ransomware gang made $450,000 in one year analysis. Palo Alto Networks researchers reported that the cybercriminals behind the Samas, or SamSa ransomware were carrying out targeted attacks against the healthcare industry and have collected over $450,000 in ransom payments from their targets since the beginning of 2016. The ransomware has undergone a series of modifications since it was first spotted, including changes to the encrypted filename extensions that are appended to files after encryption takes place in order to make analysis and reverse-engineering more difficult. Source

December 12, Help Net Security – (International) New minimum code signing requirements for use by all CAs. The Certificate Authority Security Council (CASC) announced that the Code Signing Working Group released new Minimum Requirements for Code Signing for use by all Certificate Authorities (CA) which represent the first standardized code signing guidelines and incorporate several new features to help businesses defend their systems from cyber-attacks, including stronger protection for private keys, certificate revocation, and improved code signatures time-stamping, among other features. Microsoft is the first applications software vendor to adopt the guidelines and will require CAs that issue code signing certificates for Windows platforms to adhere to the new requirements beginning February 1, 2017. Source

December 12, The Register – (International) Microsoft Edge’s malware alerts can be faked, researchers say. Security researchers discovered that malicious actors can abuse Microsoft’s Edge Web browser to display legitimate-appearing malware warning messages by altering URL characters and appending a hash and a URL of a Website that appears to be authentic to forge a technical support scam page due to flaws in Edge’s “ms-appx:” and “ms-appx-web:” protocols. The fraudulent warnings replace Edge’s SmartScreen messages, which are displayed if the browser detects suspected malicious Websites, indicating that a nominated site displayed in the address bar is infected. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.