News
11 Aug 2017

The Friday Tech Takeaway - 11.08.17

WannaCry Inspires Banking Trojan to Add Self-Spreading Ability: Researchers at Flashpoint have discovered that the TrickBot Banking Malware Trojan has evolved to add WannaCry-style SMBv1 LAN scanning and propagation. It doesn't yet have the capability of scanning out into the public Internet, which was WannaCry's claim to fame. But it does probe LAN-based servers via the NetServerEnum Windows API and enumerate other computers on the network via Lightweight Directory Access Protocol (LDAP). So if it gets inside an enterprise network which has not yet administratively and globally disabled SMBv1 (do it now!) it could create a real mess. And it's foreseeable that this won't be the last re-use of the SMBv1 vulnerability we encounter http://thehackernews.com/2017/08/trickbot-banking-trojan.html

IoT hacking gains momentum: The guys at Bitdefender have been doing some poking around with the Shodan Internet device search service and have identified approximately 175,000 online and connected security cameras with what can only be described as blatant remote access vulnerabilities. The vulnerable cameras are manufactured by a Chinese company Shenzhen Neo Electronics who offer surveillance and security solutions, including IP cameras, sensors and alarms. http://securityaffairs.co/wordpress/61595/iot/security-cameras-flaws.html

Firefox's VERY INTERESTING new "Send" service – snapchat for files: “Send” lets you upload and encrypt large files (up to 1GB) to share online. When you upload a file, Send creates a link to pass along to whoever you want. Each link created by Send will expire after 1 download or 24 hours, and all sent files will be automatically deleted from the Send server. https://send.firefox.com/

SonicSpy Authors Spin Out Over 1,000 Spyware Apps: The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play. https://www.darkreading.com/threat-intelligence/sonicspy-authors-spin-out-over-1000-spyware-apps/d/d-id/1329616

Mysterious company offering up to $250,000 for VM Hacks through a bug bounty: A mysterious company is making the headlines for offering up to $250,000 for virtual machine (VM) hacks. The “secret” bug bounty program was announced by the crowdsourced security testing platform Bugcrowd. http://securityaffairs.co/wordpress/61898/hacking/vm-hacks-bug-bounty.html

Self-driving car hacked by putting stickers on road signs: A team of experts showed that a simple sticker attached on a sign board can confuse any self-driving car and potentially lead an accident. http://securityaffairs.co/wordpress/61870/hacking/self-driving-car-hack.html

Ukrainian Man arrested for NotPeya: Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe. http://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html

Chinese Quantum Satellite sends first unshackle transmission: In what appears to be the world's first quantum satellite transmission, China has successfully sent an "unbreakable" code over a long distance from an orbiting satellite to the Earth, achieving a milestone in the next generation encryption based on "quantum cryptography."http://thehackernews.com/2017/08/quantum-satellite-data.html

Cyber criminals demand millions from HBO to plug the leak: Crooks claiming to have hacked television group HBO networks were demanding millions of dollars in ransom payments from the company while threatening to release more material. The alleged hackers published a five-minute video letter to HBO chief Richard Plepler claiming to have “obtained valuable information” in a cyber attack. The cybercriminals said they had stolen 1.5 terabytes of data. http://securityaffairs.co/wordpress/61832/cyber-crime/crooks-hbo-hack.html

Top companies accidentally leaking data online: An anti-malware detection service provider and premium security firm has been accused of leaking terabytes of confidential data from several Fortune 1000 companies, including customer credentials, financial records, network intelligence and other sensitive data. http://thehackernews.com/2017/08/fortune-1000-data-leak.html

91 Percent Of Cybersecurity Executives Believe Achieving Complete Breach Intolerance Is Crucial: The majority (64 percent) of executives surveyed are concerned that the next breach or attack they experience could be severe, a fear that is coupled with the fact that decision makers do not know the system or the vector that will be attacked next. https://www.endgame.com/news/press-releases/91-percent-cybersecurity-executives-believe-achieving-complete-breach