Friday Five: 4/27 Edition
Zero days, cyber takedowns and more -- catch up with the week's infosec news with this roundup!
1. GravityRAT malware takes your system's temperature by Martijn Grooten
In case you missed it: Martijn over at Virus Bulletin digs into Cisco Talos' GravityRAT research this week. The malware, really a Remote Access Trojan, is is deployed via a malicious Microsoft Office document and is interesting in the sense that it has a handful of ways to detect whether it's being run in a virtual machine. My favorite among them? It requests the CPU temperature - something not often supported by hypervisors. Absolutely fascinating way to determine whether or not it's running a legit machine.
Thermometer image via Manki Kim
2. Google accounts get new verification feature to prevent phishing attacks by Chris Smith
An added layer of security will soon bolster Google users whose organizations use SAML to login to its services. BGR reports that on the Monday after next - May 7 - Google will ask Chrome users to verify the account is theirs, and not one that belongs to a malicious third party. “We’re working on ways to make the feature even more context-aware in the future, meaning your users should see the screen less and less over time," Google said on Wednesday this week. The move should help thwart phishers from tricking users into surrendering their credentials on fake sites designed to look like a G Suite login.
3. DHS cyber strategy to land by mid-May by Mark Rockwell
There's been no shortage of DHS news in this spot the last several weeks and this week keeps pace with that trend. According to FCW the DHS will release a national cybersecureity strategy in a few weeks, by mid-May. DHS Secretary Kirstjen Nielsen made the announcement in a House committee oversight hearing on Thursday. The strategy is overdue as Mark Rockwell notes, the official due date was over a year ago.
What is Data Governance? Data Protection 101
4. Europol Smacks Down World’s Largest DDoS-for-Hire Market by Tara Seals
Yet another government cyber takedown this week: the Dutch National High Tech Crime Unit and the UK’s National Crime Agency, Europol, and a handful of other law organizations collaborated to take Webstresser, a DDoS-for-hire market on Tuesday. According to Europol, who announced the news, the site had over 136,000 registered users and was responsible for 4 million attacks, including many against services offered by banks, government institutions, the police, and gaming sector. While Europol didn't say who was behind the site according to Brian Krebs' sleuthing it was the work of a 19-year-old from Sebia.
5. MikroTik Patches Zero-Day Flaw Under Attack in Record Time by Catalin Cimpanu
MikroTik, a Latvian router manufacturer, issued a speedy fix to a zero-day vulnerability in the operating system that ships with many of its routers this week. According to the company all RouterOS versions released since v6.29 were affected. Anyone running the OS would be well served to download both v6.42.1 and v6.43rc4, released earlier today, to address the issue. Before the fix an attacker could have connected tothe router's "Winbox port, and request the system user database file," something that would have let them decrypt user details and login to the router.