CyberSecurity Pulse 2017-01-23
|“Whatever you’re thinking, think bigger.”|
Browser Extension Usage to Perpetuate the Islamic State Propaganda
ElevenPaths, a Telefónica Cyber Security Unit, has discovered the Islamic State’s propaganda apparatus is also distributing .xpi files in related websites. By using this approach, banning the access to related webs would not be enough to stop their propagation mechanisms considering that the application developer would only need to modify a field to redirect to the new domain in which the content would be hosted.
The Islamic State has shown in the past that it has used all the means at its disposal to massively spread its content in both, social networks and mobile applications. In this case, the use of a browser plug-in is another example of how the individuals linked to this organization are capable of adapting themselves to ensure the dissemination of content using not only a technological assets located in different countries, but tools and systems such as Cloudflare and various servers and methods to ensure the effectiveness of the difussion of their message.
Attackers Start Wiping Data From CouchDB and Hadoop Databases
After MongoDB and Elasticsearch, attackers are looking for new database storage systems to attack. Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments. According to latest count, 126 Hadoop instances have been wiped as well as up to 400 CouchDB databases. Unlike the Hadoop vandalism cases observed, the CouchDB attacks are accompanied by ransom messages asking for 0.1 bitcoins (around $100) to return the data. As usual, victims are advised against paying because, in many of the MongoDB attacks, there was no evidence that attackers had actually copied the data before deleting it from the compromised platforms.
Using Google Services to Control Its Banking Malware
The Carbanak group has been found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of unsuspecting malware victims. Forcepoint Security Labs researchers said that while investigating an active exploit sent in phishing messages as an RTF attachment, they discovered that the Carbanak group has been hiding in plain site by using Google services for command and control. Forcepoint has already notified Google of the issue, and its researchers are working with the web technology giant on this particular way abusing of its legitimate web services.
Rest of the Week´s News
Old-School Mac OS Malware Spotted Targeting Biomedical Industry
Apple has quietly issued a security fix for a new yet retro-looking malware sample recently found on a Mac machine sitting in a university health center. The so-called FruitFly malware, analyzed and detailed in a blog post by Malwarebytes researchers, thus far has infected at least three biomedical research sites and may have been running on the Mac machine at the university site at least since January of 2015.
US-CERT Urges Admins to Firewall Off Windows SMB
The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers after a potential zero-day exploit was released by the Shadow Brokers hacking group. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.
iPhone Bug Crashes Phone With Emoji
A new bug has been found, which allows anyone to crash an iPhone with a three-character text message. First revealed in a YouTube video, the issue affects iPhone models running older builds of the iOS operating system. The message itself comprises a white flag emoji, a '0' and a rainbow emoji, exploiting a workaround iOS uses in order to create the rainbow flag emoji, which isn’t an official emoji. The easiest way to protect yourself, therefore, is by updating to the latest version of iOS.