Erich’s “What in the (cyber security) world is going on?” 12-16-16 edition

Holy Crap! Lots of stuff going on in this weeks post. Stay safe out there and please use the buttons on the bottom to share with folks you think can use the info. I’m always up for comments and feedback as well.

If! You! Use! Yahoo! Just! Stop!

Nothing more to say about that. 1 Billion accounts exposed. This is just dumb. Get a Gmail account and move on.

Sneaky little hobbitses. Wicked, tricksy, false!  –  Nymaim using MAC addys to uncover virtual environments & bypass AV

So, the lovely trojan dropper known as Nymaim got smart and is looking at MAC addresses to see if the machine is a Virtual Machine (VM). Since VMs are used a lot as sandbox environments for malware research, it won’t launch if it detects a network card with an OUI associated with a VM. Keep this in mind when testing to see if a file is malicious or uploading to a sandbox for detonation. It may be misleading. On a plus note, if you run thin-clients, you might be better off.


Watch for Uber Vomit Scams 

This is a general PSA, but I am hearing about this more often. The way it works is, you get back from a trip somewhere and your card is charged an extra $150 by Uber for a “Clean up fee”. The drivers will sometimes upload pictures of a mess in the back seat as “proof”. This is usually fake, or a reused photo. The scam seems to be gaining steam and folks spend a lot more time out of town, often using an Uber to get to/from the airport. Moving forward, I might start taking cell phone pictures of the car when I get in and out, just for CYA. It’s tough to fight when it’s done and gone, and you have been home for a week. I still love Uber, but drivers are people too, and some are going to be looking to make a fast buck.


Security Sessions: Ransomware as a service on the rise 

My CEO, Stu Sjouwerman, did an interview with CSO Online regarding the RaaS (Ransomware as a Service) issue. It’s a quick video, but he talks about some of the trends and how to defend against them. You might already know that I’m a huge KnowBe4 Fanboy, and not just because I work for them. It’s all about helping educate people so they can make better decisions. it’s why I can get behind the company so much.


NY AG warns lawyers of phishing campaign

There are some phishing emails going around targeted at lawyers in the New York. It looks like it’s coming from the NY State Attorney General and is designed to get users to open a PDF attachment. An example of the email is here. This is an example of a very targeted spear phishing attack that is not likely to get flagged by spam filters.


A New And Scary Double-Ransomware Whammy

Here is a pretty interesting (and crappy) new strain of ransomware. It encrypts the files, then reboots and encrypts the MFT, so it ends up hitting you for a ransom twice. Kinda rotten. Be aware of any PDF saying it’s a job application, especially if it has a link to an Excel file.


Amazon shoppers targeted in ‘order cannot be shipped’ scam

Tis the season as I have said before. Packages are flying all over that place, and who doesn’t use Amazon? Scammers are sending emails saying that packages can’t be shipped. The idea is to get you to open an attachment or click a link (as is reported in this story) that leads a person entering credentials or a credit card for “confirmation”. I guess that scammers need to buy presents too, right? This is not new, but given the time of year, it’s very effective.


Samsung will be bricking the esploding Note 7 phones on December 19th

Yes, Samsung has decided that while you can own the hardware (as blow-uppy as it may be), they own the software, so they can go ahead and virtually blow up the phones before they physically blow up. An interesting angle on a “voluntary recall”. If you still have a Note 7 <AustinPowersVoice>I too like to live dangerously</AustinPowersVoice> You have until December 19th to return it, lest it become a potentially randomly exploding doorstop. Please “Note” that Verizon is not taking part in the OTA update that will brick these devices, as they figure folks may not have a device to switch to, and (the lawyers, I’m sure) have an issue with leaving someone without a device that can call 911 in an emergency.


Netgear Nighthawk Routers vulnerable to badness. 

Netgear Nighthawk R7000, R6400, R8000and R8500 models “might” be vulnerable to a bug provided to them by researcher Andrew Rollins (a.k.a. Acew0rm) on August 25, but only acknowledged after he posted it on December 6th. So much for Netgear supporting responsible disclosure. Basically, bad guys can get root through the devices web server. There is a temp workaround that kills the vulnerable web server process, but it only works until rebooted.

And Finally… A little much needed humor

Santa Gets Hacked! 


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.