info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - 2017-1 Privacy and Security News

1/20/2017

 

 

2017-1 Privacy and Security News



The latest privacy and security news you should be concerned about.

MP3 - 2017-1 Privacy and Security News

 
 

 

2017-1 Privacy and Security News

Stenago malvertising campaign, FTC lawsuit over Java, security browser plugins, check your email address for being breached, Gmail phishing attacks, and Google privacy items you should action.
 

Stenago Malvertising Campaign

Originally reported on Secplicity:

Malvertising—the combination of malware and advertising—is nothing new. Cyber criminals have long taken advantage of legitimate web advertising agencies to sneak evil code into the ads of some very popular websites. However, a new malvertising campaign called Stenago takes stealthy malicious ads to a new level. By hiding its evil script in the transparency data of an image, and by avoiding infecting security researcher’s machines, Stenago has been successfully spreading malware for months, if not years.

Millions infected by malvertising hiding in a banner image – Ars Technica

Excellent article:
Researcher’s blog post detailing the Stenago malvertising campaign – Eset


Another research group calls this campaign AdGholas – Malwarebytes

Notable excerpts:

Stegano hides parts of its malicious code in parameters controlling the transparency of pixels used to display banner ads.

After verifying that the targeted browser isn't running in a virtual machine or connected to other types of security software often used to detect attacks, the script redirects the browser to a site that hosts three exploits for now-patched Adobe Flash vulnerabilities.


"We have observed major domains, including news websites visited by millions of people every day, acting as 'referrers' hosting these advertisements. Upon hitting the advertising slot, the browser will display an ordinary-looking banner to the observer. There is, however, a lot more to it than advertising."

Among other things, the script checked for the presence of packet capture, sandboxing, and virtualization software and a variety of security products. Machines that didn't exhibit signs of the software and contained a vulnerable version of Flash were then redirected to the exploit site, which would serve one of two families of malware. The Ursnif family is made up mainly of modules for stealing e-mail credentials, logging keystrokes, taking screenshots and videos, and acting as a backdoor. The Ramnit variety of malware offers most of the same capabilities and mainly targets the banking industry.

QPC Comments on the Topic:

This thing analyzes the environment of the computer and then presents a customized response, malicious or benign.

Specifically, if it was detected that security protections were in place, the malware would present benign content.

This is because it did not want to be detected by security pros.

The image wasn’t the malicious object itself, it was the javascript that included the malicious code.

Security researchers spend time analyzing malicious javascript regularly as it is a huge attack vector.

A security appliance, properly configured, can run scans on javascript on websites.

If the malware detects that it is being executed in a security protected environment, it just terminates.

  • block advertisments
  • Block the garbage at the network layer. This requires a security appliance. Endpoint protection is NOT enough by itself.
  • Patch your systems quickly
  • Use a system that will deploy 3rd party patches to your systems in a timely fashion
  • Use modern operating systems. Get off of old OS that we know does not have adequate security for today’s threat landscape.
  • block all content from analytics and advertising distribution networks
  • use endpoint protection that has plugins for the browser
    Trend Micro Worry-Free Business Security Services browser plugin for Internet Explorer
  • Use browser plugins such as PrivacyBadger for Firefox, ScriptSafe for Chrome, and AdBlockPlus for Firefox.
 

Oracle/FTC lawsuit over Java SE and versions not uninstalling

https://www.java.com/en/uninstall/attachmentA.xml


QPC patch management services have been scriptomatically uninstalling the old versions of Java before installing the new version for years. Almost 10 years after the problem was first noted in the security community, Oracle's hand was finally forced by the FTC to correct a major design flaw in their application. The new versions of Java tell you that an old version of Java is installed and prompts if you want to uninstall that.

Really old versions are still not uninstalled. You should check your computer for old versions of Java.

 

How Google tracks you and what you can do about it

http://www.zerohedge.com/news/2017-01-18/heres-how-google-tracks-you-and-what-you-can-do-about-it

If you're not paying for it you're not the customer - you are the product.

Google Takeout     https://takeout.google.com/settings/takeout

My Google Activity   https://myactivity.google.com

-All your YouTube watching is tracked if you watch while using a browser where your Gmail account is logged in.

-All your past web browsing history is tracked and stored if you are logged into your Gmail account in that browser while surfing.

Additional browser plugins to consider

  • Privacy Badger
  • Script Safe
  • Self-Destructing Cookies
  • uBlock Origin
 

Sophisticated Gmail phishing attacks

Sophisticated Gmail phishing attacks victimize even tech pros

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

Data URI scheme

https://en.wikipedia.org/wiki/Data_URI_scheme

 

Check this website to see if any of your email addresses have been included in large breaches

https://haveibeenpwned.com/

Linkedin