Risk Radar Free Cyber Newsletter – Mar 28, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Fileless UAC Bypass Uses Windows Backup and Restore Utility
There is another interesting piece of information in the recent Vault 7 dump. A technique to bypass User Account (UAC) controls for Windows 7 was in the dump. This attack and others like it are called fileless attacks. These attacks use built in windows features to compromise the windows system. The next big feature update in Windows 10 will be fixing a number of older UAC bypasses.
FBI Warns on FTP Attacks to Access Medical, Dental Info
File Transfer Protocol (FTP) servers could be open to attacks that could result in data loss. The FBI has warned Medical and Dental facilities using FTP servers of this attack. When FTP servers are setup they may be operating in anonymous mode. Anonymous mode allows for easy access to the FTP servers using generic passwords. If you are running a FTP server make sure to check if it is running in the anonymous mode.

Apple Dials Up Encryption as Mobile Threats Soar
With mobile threats increasing on smart phones Apple is improving their encryption on iOS. iOS 10.3 will be updating the iOS file system that will support strong full disk encryption natively. A note to Android users, if you are using a flag ship device you have some strong full disk encryption options also. This increased use of full disk encryption will make for interesting issues with the government wanting access to these encrypted mobile devices.

APT29 Used Domain Fronting, Tor to Execute Backdoor
APT29 is a hacking group that has Russian ties. This group has been using a technique called domain fronting for two years. This technique allows the hacking group to operate in plain sight and make their web traffic look legitimate. Domain fronting uses Tor with a Tor plugin to make the web traffic look legitimate. There are also non hacking related uses for Domain fronting, Signal messaging app uses this in countries like Egypt and the UAE.
LastPass Races to Fix Yet Another Serious Flaw
Tavis Ormandy has found another serious flaw in LastPass. LastPass is working with Tavis to fix this serious bug. LastPass has recommended that users launch sites from the LastPass vault and switch to two-factor authentication for any sites that offer it.
Phishing 101 at the School of Hard Knocks
Another interesting article about phishing emails and how to avoid them. Brian Krebs goes over what Bowling Green State University is doing to combat phishing email attacks.