Security Roundup 2016-03-30

Posted on  by

This is a long one folks. Largely due to an entire subsection on ransomeware at the bottom.


  • Sean

Whitehat Security recently did a study of patching cadence across a number of websites. This includes a follow up survey on what drives remediation efforts, which I found interesting.

Duo has an article/paper on the various ways that Windows OEM laptops are compromising your privacy and safety, and what you can do about it.

Checkpoint has a brief article on how people get around Apple’s walled garden on iOS for malicious purposes. Apple has been making a number of improvements to secure their devices, but they have teased that they will be announcing some workarounds at Blackhat Singapore on Friday.

Rapid7 has an interesting article on the Topology of Malicious Activity in the IPv4 space. Of the 65,000 autonomous systems existing today, 200 are apparently responsible for 70% of all phishing activity.

Google has made a number of changes to gmail to highlight whether emails were delivered without TLS encryption. As a result, they have seen a 25% increase in TLS encrypted emails already. They have also further highlighted state sponsored attack warnings. Finally, they have teamed up with industry leaders to do a draft on Strict Transport Security, for emails that can ONLY be delivered over encrypted channels, a sharp contrast to regular ‘backwards compatible’ email recommendations.

Ransomeware Roundup!

Apparently TeslaCrypt is now [generating random encryption keys and sending them to remote servers](>, meaning that investigators can not obtain the key locally to unlock files. In related news, EC-Council, the company administering the Certified Ethical Hacker program has had a subdomain compromised and has been distributing TeslaCrypt as a result.

ThreatPost has some interesting information on two new strains of ransomeware, SamSam and Maktub. These strains are following the trend of attacking hospital systems, and get into the system by looking for unpatched software.

Another new ransomeware strain, Petya, has upped the game by encrypting Master Boot Records and then attempts to encrypt the Master File Table to make files inaccessible to users.

Yet another Ransomeware variety, PowerWare, has upped the game in a different direction. It is leveraging macros (to be fair, a traditional form of delivery of malware) to avoid writing additional files to disk, and better blend in as actual user activity.