Tag: Technology

Malware Makers Testing Vulnerability Of Meltdown And Spectre

Security researchers from around the web are reporting finding an increasing number of instances of proof of concept (PoC) code that incorporates the recently discovered Spectre and Meltdown vulnerabilities.

If you somehow missed those earlier reports, Spectre and Meltdown are a pair of critical security flaws recently discovered in literally every Intel chip set made over the last decade.  Exploiting these vulnerabilities would give a hacker root-level access to the impacted system.

Since the discovery, the chip giant has been scrambling to fix the issue. However, their first attempt to do so caused so many system problems for people who installed the patch that the company is now recommending that users avoid it until they can come up with a better solution.

Unfortunately, that leaves you between the proverbial rock and a hard place.  Installing the patch will protect you, but cause you to experience system reboots several times a day and seriously degraded performance.  Not installing it leaves you at the mercy of the hackers.

So far, at least, it appears that most of the proof of concept code found is the result of security researchers playing with the exploits.  This includes testing them, seeing how they work, and how to prevent them.  That said, the researchers point out that it’s all but certain that some of the PoC examples were created by teams of hackers who plan to use them in their next round of attacks.

To make matters worse, Mozilla has confirmed that the Spectre flaw can be executed remotely by inserting commands into Javascript.  Given that, plus the increased appearance of PoC code fragments, it seems it’s just a matter of time before we see the first ever Spectre-based hack.  The clock is ticking.

Microsoft is Adding Much Needed Feature To Windows Defender

Microsoft is getting tough on so-called “registry cleaners”, and it’s about time.  The company recently announced a planned change to Windows Defender (the anti-malware program that comes standard with every Windows installation).  The change will see to the deletion of an increasing number of these registry cleaners.  It’s a great move, and the company deserves credit for it, but there’s a catch.  This type of software has been around for decades. So the move, as welcome as it is, comes very late in the game.

It’s overwhelmingly likely that you’ve seen these programs in action.  They’re usually free downloads (though there are a few web based services too) that scan your system to find problems with your registry that the software claims are causing performance issues and slowing your machine down.

There are two major problems with this:  First, the software tends to be light on details, refusing to provide much information about exactly why the “problems” that have been identified are impacting system performance.  Worse, the software often incorrectly identifies critical system files and registry entries as being problematic. So of course, when they are deleted, they actually create many more problems than they solve.

Second, in order to actually fix the problems that have been identified, you’ve got to buy the premium version of the package.  The result is that you’re losing money, and the software often breaks your system.  Not a pretty picture.

This latest move by Microsoft builds on action they took back in 2016, when the company started penalizing the makers of such registry cleaners if their software didn’t provide adequate information. This missing information included why the problems they found needed to be fixed in the first place, and if they utilized a high pressure up-sell technique.

Ultimately, those moves proved to be insufficient, so Microsoft decided to take things to the next level.  Now, they’re simply going to start deleting these no- or low-value programs.  Late or not, that’s one less headache for you, and a very good thing.

Ransomware Affected Over 50 Percent Of Surveyed Companies

Sophos has released the results of their annual “State of Endpoint Security Today”, and it doesn’t paint a pretty picture. A full 54% of companies surveyed reported having been hit by a ransomware attack in 2017. Another 31% reported that they expect to be on the receiving end of such an attack in the near future.

If the headline statistic wasn’t bad enough, it only gets worse from there.  According to the data collected, the average cost of a ransomware attack (including network costs, manpower, downtime, and device replacement cost) was $133,000. Five percent of respondents reported total costs between $1.3 million and $6 million, before factoring in the cost of any ransom paid.

As bad as those figures are, what makes them even more painful is the frequency. On average, survey respondents report having been struck an average of twice in the past year.

Dan Schiappa, the Senior VP and General Manage of Products at Sophos explains: “Ransomware is not a lightning strike – it can happen again and again to the same organization.  We’re aware of cyber criminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack.

If IT managers are unable to thoroughly clean ransomware and other threats from their systems after attacks, they could be vulnerable to reinfection.  No one can afford to be complacent.  Cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access opportunity, infecting a server, or disabling security software.”

In light of this relentless attack methodology, and in spite of the headlines all last year warning of the dangers, Schiappa warns that most companies are starting 2018 woefully unprepared for a ransomware attack. With all that said if you haven’t done so already, it’s well past time to review the state of your network security.

Apple And Google No Longer World’s Top Brands

The latest Brand Finance Global 500 report out and contains some surprises this year.

In the battle of the Brands, two companies have long topped the list:  Apple and Google.  This year, there’s a new Sheriff in town.  Amazon blew past the top two claiming the top spot for itself.  It is now the most valuable brand in the world with an impressive $150.8 billion dollar value.

David Haigh, the CEO of Brand Finance had this to say about the upset in the rankings:

“Jeff Bezos once said that ‘brands are more important online than they are in the physical world.’  He has proved himself right by choosing the name Amazon, known as the largest, most powerful river in the world, as 23 years later the Amazon brand carries all before it as an unstoppable force.  The strength and value of the Amazon brand gives it stakeholder permission to extend relentlessly into new sectors and geographies.  All evidence suggests that the amazing Amazon brand is going to continue growing indefinitely and exponentially.”

The new number two, Apple, saw the value of its brand increase by a hefty 37% to $146.3 billion.  While impressive, the report stresses that Apple’s long-term prospects look bleak because the company has failed to diversify. It relies on its aging line of iPhones for more than a third of its total revenue, which hampers its opportunities for growth.

Third ranked, Google’s brand saw more modest growth in value (just 10 percent), and now stands at $120.9 billion.  Like Apple, the report stresses that although Google is a Titan in certain sectors (search, cloud, and Mobile OS), its relatively narrow focus has kept it from unleashing the full power of its brand in the same way Amazon has.

All hail the new King of the brands, Amazon!

Almost Half Of Top Ranking Websites Are Vulnerable

Menlo Security just released their third annual “State of the Web” report and it’s not pretty.  The headline finding is that 42% of the top 100,000 sites as ranked by Alexa are more dangerous than you think.

The report defines a risky site as one that meets one of three criteria:

  • The site, or one of its associated background sites (from which news articles or video is pulled), is running software with a known security vulnerability
  • The site has been used to launch attacks or distribute malware
  • The site has suffered a security breach in the past twelve months

This first point is key, and often overlooked by security professionals.  Any time your website is pulling content from another source, it creates an opening that a hacker could potentially exploit.  Worse, most security professionals lack the tools to properly monitor those connections.

As bad as that sounds, there’s an even worse detail lurking in the pages of the report, and that concerns emails.

Hackers are increasingly moving away from setting up their own domains.  Instead, they’re preferring to create a subdomain of a compromised, legitimate domain, which makes it harder to spot.  Amir Ben-Efraim, the CEO of Menlo Security, had this to say about the issue:

“It is far easier to set up a subdomain on a legitimate hosting service than use other alternatives – such as trying to hack a popular, well-defended site or to set up a brand-new domain and use it until it is blocked by web security firms.  Legitimate domains are often whitelisted by companies and other organizations out of a false sense of security, giving cover to phishing sites.

Also, hosting services typically allow customers to set up multiple subdomains.  For example, researchers found 15 phishing sites hosted on the world’s 10 most popular domains.”

The bottom line is:  The web and even the most popular sites on it, aren’t nearly as safe as you think.

Vulnerability Found In Popular Grammar Checker

On February 2, Tavis Ormandy, a researcher on Google’s Project Zero team discovered a critical flaw in the popular online grammar checking app, “Grammarly.”  Tens of millions of users make regular use of the app to improve the quality of their writing.  The bug allowed a hacker to steal a Grammarly user’s authentication token and use that token to log on and access every document they’ve run through the Grammarly system. This along with that user’s history, logs and other data. They were able to do it all using just four lines of JavaScript code.

The bug was found in both the Firefox and Chrome Grammarly extensions and was reported immediately.

While response time to such a report varies greatly, Grammarly set a new record for speed and efficiency.  The bug was reported on a Friday, and by Monday, it was patched.  If you use either the Chrome or the Firefox Grammarly extension, there’s nothing for you to do, as these should update automatically.

A spokesman for Grammarly had this to say about the matter:

“Grammarly resolved a security bug reported by Google’s Project Zero security researcher, Tavis Ormandy, within hours of its discovery.  At this time, Grammarly has no evidence that any user information was compromised by this issue.

We’re continuing to monitor actively for any unusual activity.  The security issue potentially affected text saved in the Grammarly Editor.  This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the Grammarly browser extension.  The bug is fixed, and there is no action required by Grammarly users.”

Kudos to Tavis Ormandy for finding the bug, and a hearty round of applause to Grammarly for their speedy and deft handling of the issue.  Given the severity of the bug, it’s easy to see how such a discovery could have gone an entirely different direction. As it turns out, Grammarly set a new bar for excellence with their handling of the issue.

Some Smartwatches May Be Able To Diagnose Diabetes

That smartwatch you’re wearing might save your life.  Literally.

A new study conducted by the University of California San Francisco, and a healthcare startup called Cardiogram revealed that smartwatches and other wearables were able to detect diabetes in previously diagnosed patients an impressive 85 percent of the time.

The study monitored health statistics of more than 14,000 smartwatch wearers (both Android and Apple) over the course of several months.  All health data that was collected was fed into a deep neural network which compared the collected data to samples taken from people both with, and without diabetes.

Obviously, while 85 percent is good, it falls short of greatness.  Then again, the AI routine (dubbed “DeepHeart”) is still in its infancy and is all but certain to continue improving over time.

That’s important, given how many people in America have diabetes.  It is estimated that there are more than 100 million Americans who either have the disease or who are prediabetic, and many of these haven’t been diagnosed yet.

Given these results, and in a bid to further improve DeepHeart’s accuracy, the company plans to incorporate the AI into the next update of its app on both iOS and Android platforms.

All that to say, if you currently have and wear a smartwatch or other wearable, it may help you in ways you can’t even begin to imagine.  This is the bleeding edge of a segment of the market that is only just beginning to emerge.  At this point, it’s so new that it would be difficult even to say it’s in its infancy.  Although we can’t know for certain what new revelations and advances wearable technology will bring to the medical field, based on what we’ve seen so far, we can say there will be a bunch of them, and they’ll all be exciting.

If you’ve been considering getting one but haven’t yet, this is a pretty solid reason to do so.

Smart TV’s May Be Tracking You And Vulnerable To Hacks

Do you own a smart TV?  More than half of all television sales in the US last year were smart TVs, so chances are decent that you own one.  If you do, be aware that it may be collecting far more data about you than you think.

Recall that last year, Samsung, (one of the top smart TV manufacturers) found itself in hot water when it was revealed that the TV could listen in on conversations, record them (for better voice recognition) and save them on a Samsung server.

Those issues still persist to varying degrees, but a recent Consumer Reports study underscores something most people in the tech business have known all along.  Smart devices really aren’t all that smart, at least when it comes to security.

The Consumer Reports study concluded that most smart TVs and associated technologies like the Roku have only the most rudimentary of security features and can easily be hacked, giving the hackers total control of your TV. This includes the ability to turn it off, on, change the channel, and monitor your viewing habits.  Given that, these TVs can also be voice-controlled. Once a hacker is in control of your set, he could monitor any conversations that take place near it without your knowledge.

In addition, the most recent smart TVs come with a feature called Content Recognition.  For example, if you watch the latest episode of the Walking Dead (whether on AMC or Amazon Prime or some other streaming service), the next time you pull up a web page on your PC or smart phone, you’ll start seeing advertising related to the Walking Dead.

This, of course, gives any would-be hacker a much deeper view into your viewing habits and history.

The upside is that most of these features can be deactivated if you have the patience to sift through the television’s menu system. Of course, if you do that, then it’s no longer a smart TV, and thus, not worth the extra money you spent on it.

As ever, the bottom line is this:  These kinds of risks aren’t going to go away on their own.  Until and unless smart device makers start taking security more seriously, we’re going to keep hearing about potential or actual abuses.

2018 Olympics Hit By Malware

Hackers are picky about their victims.  They’ll target just about any group or organization, including the 2018 Olympics.

Cisco’s Talos Group recently identified a new strain of malware they’ve dubbed “Olympic Destroyer” which is wreaking havoc in Pyeong Chang’s computer networks and causing downtime to internal WiFi and television systems. This has impacted the games’ opening ceremonies, and stands an excellent chance of further disrupting the rest of the festivities.

Because the threat was only recently discovered, the Talos team’s initial assessment and report was spotty and short on details, but the group recently amended their initial findings.  The results aren’t pretty, and the malware is seen as being both more dangerous and more advanced than originally thought.

The big three findings in the team’s amended report are as follows:

  • It’s Polymorphic – As the malware spreads, it collects new credentials from each machine it infects, adding these to its binary on the fly. Members of the Talos team had this to say about the behavior: “I have not seen a malware sample modify itself to include harvested creds before and I’ve been doing this stuff longer than I should admit.  Polymorphic malware isn’t a new idea by itself, but I’ve never seen any examples of malware modifying itself to include harvested credentials.”
  • It Spreads Via The EternalRomance Exploit – This bit of information comes to us from the Windows Defender team. The mechanism by which Olympic Destroyer spreads is industrial grade, utilizing an exploit from the NSA leaked by the Shadow Brokers last year.
  • Finally, It Wipes Data – This is perhaps the most significant of the three updates to the Talos report. The malware has a data wiping mechanism built into it that it utilizes at every opportunity in an attempt to delete files on network shares.  Since it only seems to target shared files, it’s not deleting items key to OS functionality. Even so, these shared files are important, and this is what’s causing operational disruptions.

More details will no doubt become available as the various teams researching Olympic Destroyer get a better understanding of what they’re looking at.  The bottom line is, it’s a pretty advanced threat and will likely inspire copycats in the months ahead.

Changes To Google Images Will Make Image Theft Difficult

Image theft is one of the biggest problems on the internet.  If you’re a photographer, you’ve almost certainly lost money because people find your work online and make a copy of it rather than paying for the right to use it.

Unfortunately, Google has made that incredibly easy to do, but that’s changing.  Until recently, if you did a Google image search, you’d get a list of images that matched your search phrase, and one of the buttons displayed was a “View Image” button that would take you to the image file itself, as opposed to viewing the image in the context of whatever web page it was displayed on.

This, of course, made stealing the image a trivial task.  Content providers have been complaining loudly, and Google listened.  Effective February 15, the “View Image” button is no longer listed.  Of course, it’s still possible to steal the image in question, but users will have to jump through at least a couple more hoops to do so.

A second, smaller and somewhat less impactful change is the fact that Google has also removed the “Search By Image” button that formerly appeared when you navigated straight to an image file.  Savvy users will still be able to drag the image itself to the search bar and accomplish the same thing, but relatively few people are aware of this, which will cut down on its use significantly.  The thinking here is that netizins were making use of this feature to find copies of images that didn’t have a watermark visible.

While these two changes give photographers reason to cheer, it definitely negatively impacts the user experience, as there are a number of perfectly legitimate uses for copyrighted image material.  The bottom line is that if you’re accustomed to the old way of searching for and acquiring images, you’ll have a bit of an adjustment period ahead.