CyberSecurity Pulse 2017-01-23

CyberSecurity Pulse 2017-01-23

“Whatever you’re thinking, think bigger.”
Tony Hsieh

Analyst Insight

Browser Extension Usage to Perpetuate the Islamic State Propaganda

One of the tools that the Islamic State has been using to spread its propaganda is the use of social networks. In the past they have shown how capable they are of expanding their capabilities to cover smartphones and mobile devices, but recently they have also opted for the development of browser add-ons in order to further facilitate access to their content.

CyberSecurity Pulse 2017-01-23ElevenPaths, a Telefónica Cyber Security Unit, has discovered the Islamic State’s propaganda apparatus is also distributing .xpi files in related websites. By using this approach, banning the access to related webs would not be enough to stop their propagation mechanisms considering that the application developer would only need to modify a field to redirect to the new domain in which the content would be hosted.

The Islamic State has shown in the past that it has used all the means at its disposal to massively spread its content in both, social networks and mobile applications. In this case, the use of a browser plug-in is another example of how the individuals linked to this organization are capable of adapting themselves to ensure the dissemination of content using not only a technological assets located in different countries, but tools and systems such as Cloudflare and various servers and methods to ensure the effectiveness of the difussion of their message.

» More information at ElevenPaths

Top Stories

Attackers Start Wiping Data From CouchDB and Hadoop Databases

CyberSecurity Pulse 2017-01-23 After MongoDB and Elasticsearch, attackers are looking for new database storage systems to attack. Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments. According to latest count, 126 Hadoop instances have been wiped as well as up to 400 CouchDB databases. Unlike the Hadoop vandalism cases observed, the CouchDB attacks are accompanied by ransom messages asking for 0.1 bitcoins (around $100) to return the data. As usual, victims are advised against paying because, in many of the MongoDB attacks, there was no evidence that attackers had actually copied the data before deleting it from the compromised platforms.

» More information at Computerworld

Using Google Services to Control Its Banking Malware

CyberSecurity Pulse 2017-01-23The Carbanak group has been found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of unsuspecting malware victims. Forcepoint Security Labs researchers said that while investigating an active exploit sent in phishing messages as an RTF attachment, they discovered that the Carbanak group has been hiding in plain site by using Google services for command and control. Forcepoint has already notified Google of the issue, and its researchers are working with the web technology giant on this particular way abusing of its legitimate web services.

» More information at Forcepoint

Rest of the Week´s News

Old-School Mac OS Malware Spotted Targeting Biomedical Industry

Apple has quietly issued a security fix for a new yet retro-looking malware sample recently found on a Mac machine sitting in a university health center. The so-called FruitFly malware, analyzed and detailed in a blog post by Malwarebytes researchers, thus far has infected at least three biomedical research sites and may have been running on the Mac machine at the university site at least since January of 2015.

» More information at Malwarebytes Labs

US-CERT Urges Admins to Firewall Off Windows SMB

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers after a potential zero-day exploit was released by the Shadow Brokers hacking group. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

» More information at US-CERT

iPhone Bug Crashes Phone With Emoji

A new bug has been found, which allows anyone to crash an iPhone with a three-character text message. First revealed in a YouTube video, the issue affects iPhone models running older builds of the iOS operating system. The message itself comprises a white flag emoji, a '0' and a rainbow emoji, exploiting a workaround iOS uses in order to create the rainbow flag emoji, which isn’t an official emoji. The easiest way to protect yourself, therefore, is by updating to the latest version of iOS.

» More information at The Independent

Further Reading

Who Is Anna-Senpai?

» More information at Krebs on Security

Secret Tokens Found Hardcoded in Hundreds of Android Apps

» Más información at ZDNet

ProtonMail Announced That Its Tor Hidden Service Is Online

» Más información at Security Affairs