UA-72240440-1

Risk Radar Free Cyber Newsletter – Aug 16, 2016

Date: August 24, 2016
Author: MRPE
Comments: 0 Comments
Categories: eCrime, Incident Response, Malware Threats, Mobile Security, Risk Radar FREE Newsletter, Security/Vulnerability Assessments

Microsoft Mistakenly Leaks Secure Boot Key
Microsoft has inadvertently released a golden key that compromises Secure Boot. Two windows updates have attempted to fix this problem. According to researchers the problem is not fully fixed and will be hard to completely fix. Some are using this as an example of why a secure back door is unworkable.
Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely
A new TCP flaw that relates to implementation of RFC 5961 allows man-in-the-middle attacks without the need for a man in the middle. Windows, OSX, and FreeBSD are not open to this attack due to these OS’s not fully implementing RFC 5961. Since the internet largely runs on Linux all major OS users could still be effected. Ways to mitigate the TCP attack are discussed in the article.

QuadRooter: New Android Vulnerabilities in Over 900 Million Devices
Android phones with Qualcomm SOC’s are vulnerable to new rooting malware. This is different than the Stagefright exploit, a full app needs to be installed for QuadRooter to work. Ways to mitigate this root attack are discussed in the article. While this is a serious flaw, Google is making the case that the hype goes beyond the real threat. If you stay in the Play Store for your apps and have side loading disabled you minimize your chance to be attacked with QuadRooter.
Google Beefs Up Gmail Security
Since most of us have at least one Gmail account it is nice to see Google enhancing security for Gmail. Gmail will start to tell users if the message is unauthenticated or has malicious links. This could be very helpful considering many of the worst malware is spread by email phishing attacks. These security updates are rolling out over the next two weeks.
Using File Entropy to Identify “Ransomwared” Files
Ransomware may not be at the top of the list today, but it is still alive and well. A researcher is using the entropy of files to identify if they have been encrypted. This identification can allow the copy and removal of unaffected files. It can also help in restoring just the effected files, resulting in a quicker recovery.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.
New Hack Uses Hard Drive’s Noise to Transfer Stolen Data from Air-Gapped Computer
Last week monitors were attacked, this week an interesting attack on spinning hard drives is in the news. Some computers are air-gapped to keep sensitive information safe. This attack used the sound a spinning hard drive makes to read the data of the air-gapped computer. The article goes over the attack in more detail and covers mitigation solutions.