Security Roundup - 2017-08-04

Posted on  by and

We covered conferences earlier this week, now here is the rest:

As if ATM skimmers were not enough, apparently there are now skimmers at gas station pumps that steal your credit card information, and even text the information to attackers. These skimmers seem to be wired up to the power supply of the pump, meaning they can operate indefinitely, with attackers never needing to revisit the location again.

For those that love visualizations, and are interested in breaches, you should check out this interactive “World’s Biggest Data Breaches” bubble chart.

Chrome Extensions are part of everybody’s workflow, making our lives easier and allowing us to be more productive. Extensions are extremely powerful and have the possibility of altering every webpage that is open in the browser without user consent. On July 30th the authors of the extension CopyFish have been victims of a phishing attack and subsequently lost access to their google account. The attackers hijacked the chrome extension adding adware injection capabilities; the new release triggered the automatic update of chrome infecting thousands of computers.

Palo Alto Networks offers an in-depth analysis of a webshell named TwoFace. Named due to the fact that this webshell installs a second webshell in a multi-layer system that was able to deploy different variants of the webshell and allow remote control through an embedded webserver. This threat allowed attackers to maintain persistent access to a remote server for nearly a year while they tried to exfiltrate user passwords.

Palo Alto also provides some in depth analysis of “Foudre”, apparently an evolution on a malware strain named Infy which was taken down last year. This new strain appears to incorporate some protections to prevent takedowns, now using a DGA algorithm as well as a signature mechanism to validate the C2.

The terms of Symantec’s Certificate Authority probation has been outlined. Later this year, Symantec is expected to become a Subordinate Certificate Authority, with another certificate authority issuing certificates in their name. Next year, there will be 2 separate incidents where browsers (and specifically Chrome) will distrust certificates issued by Symantec under the previous structure. This will provide Symantec with time to build out this new system, and their customers to have new certificates issued, rather than disrupt Symantec’s customer base. Most certificates should get renewed naturally under this scenario.

certificates hardware malware skimmers visualizations