Teaching with Raspberry Pis and PiNet

Education is our mission at the Raspberry Pi Foundation, so of course we love tools that help teachers and other educators use Raspberry Pis in a classroom setting. PiNet, which allows teachers to centrally manage a whole classroom’s worth of Pis, makes administrating a fleet of Pis easier. Set up individual student accounts, install updates and software, share files – PiNet helps you do all of this!

Caleb VinCross on Twitter

The new PiNet lab up and running. 30 raspberry pi 3’s running as fat clients for 600 + students. Much thanks to the PiNet team! @PiNetDev.

PiNet developer Andrew

PiNet was built and is maintained by Andrew Mulholland, who started work on this project when he was 15, and who is also one of the organisers of the Northern Ireland Raspberry Jam. Check out what he says about PiNet’s capabilities in his guest post here.

PiNet in class

PiNet running in a classroom

PiNet, teacher’s pet

PiNet has been available for about two years now, and the teachers using it are over the moon. Here’s what a few of them say about their experience:

We wanted a permanently set up classroom with 30+ Raspberry Pis to teach programming. Students wanted their work to be secure and backed up and we needed a way to keep the Pis up to date. PiNet has made both possible and the classroom now required little or no maintenance. PiNet was set up in a single day and was so successful we set up a second Pi room. We now have 60 Raspberry Pis which are used by our students every day. – Rob Jones, Secondary School Teacher, United Kingdom

AKS Computing on Twitter

21xRaspPi+dedicated network+PiNet server+3 geeks = success! Ready to test with a full class.

I teach Computer Science at middle school, so I have 4 classes per day in my lab, sharing 20 Raspberry Pis. PiNet gives each student separate storage space. Any changes to the Raspbian image can be done from my dashboard. We use Scratch, Minecraft Pi, Sonic Pi, and do physical computing. And when I have had issues, or have wanted to try something a little crazy, the support has been fabulous. – Bob Irving, Middle School Teacher, USA

Wolf Math on Twitter

We’re starting our music unit with @deejaydoc. My CS students are going through the @Sonic_Pi turorial on @PiNetDev.

I teach computer classes for about 600 students between the ages of 5 and 13. PiNet has really made it possible to expand our technology curriculum beyond the simple web-based applications that our Chromebooks were limited to. I’m now able to use Arduino boards to do basic physical computing with LEDs and sensors. None of this could have happened without PiNet making it easy to have an affordable, stable, and maintainable way of managing 30 Linux computers in our lab. – Caleb VinCross, Primary School Teacher, USA

More for educators

If you’re involved in teaching computing, be that as a professional or as a volunteer, check out the new free magazine Hello World, brought to you by Computing At School, BCS Academy of Computing, and Raspberry Pi working in partnership. It is written by educators for educators, and available in print and as a PDF download. And if you’d like to keep up to date with what we are offering to educators and learners, sign up for our education newsletter here.

Are you a teacher who uses Raspberry Pis in the classroom, or another kind of educator who has used them in a group setting? Tell us about your experience in the comments below.

The post Teaching with Raspberry Pis and PiNet appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Twitter says it's making progress battling abusive behavior

Twitter’s renewed focus on harassment is a “completely different mindset” from several years ago, said Danielle Citron, a University of Maryland law professor who studies hate on the internet. Back then, unchecked mobs led to hate campaigns, such as in the 2014 attacks against video game critics that came to be known as #GamerGate. Now Citron is part of Twitter’s Trust and Safety Council, a group of more than 60 organizations and experts working to prevent abuse and hateful rhetoric.”

Location

United States
Date published: 
July 20, 2017
Focus Area: 
People: 


Source: Cyber Law

Source: Privacy Online


Source: Zologic

Electronic monitoring isn’t kid-friendly

Location

United States

Across California, young people in the juvenile justice system are routinely tracked 24/7 with GPS ankle monitors that are often touted as “better than jail.” That’s too low a standard for a technology used on children.

new report issued by UC Berkeley School of Law and the East Bay Community Law Center, which we helped draft, suggests that electronic monitoring may worsen the very problems that juvenile courts try to remedy. Rather than further rehabilitation, it often leads to jail for technical rule violations and traps young people in the system longer.

Electronic monitoring is harsh and a poor fit for youth, is disproportionately used for youth of color and should be reserved only for certain serious cases.

We wrote this report because we regularly saw clients sent back to jail for violating inflexible monitoring rules. One client, a 13 year-old boy, was arrested for stealing a backpack, his first offense, and was put on an electronic monitor for three months. This meant staying inside his house except when going to school. He wound up going to jail for violating monitoring rules seven times during the roughly two years on probation. Every time he went to jail, he fell behind in school, missed counseling appointments and lost job and mentoring opportunities.

Most other California counties have similarly stringent rules. Not surprisingly, rule violations are frequent, and young people cycle in and out of jail for technical violations.

Their families also struggle to pay daily monitoring fees of $3.50 to $30 per day. Some counties charge additional fees for applying to the program or moving, on top of fees for probation, juvenile hall and drug testing. The costs add up and are often impossible to pay. An important bill before the Legislature, Senate Bill 190, would eliminate these costs.

Read the full piece at The Sacramento Bee

Focus Area: 
Related Topics: 
Author(s): 
Publication Type: 
Other Writing
Publication Date: 
July 20, 2017


Source: Cyber Law

Source: Privacy Online


Source: Zologic

How Threat Hunting Can Help Defend Against Malware Attacks

By Kris Merritt (Vector8) and Justin Swisher (Anomali)

Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently, leveraging threat hunting techniques developed to identify and pattern malicious behavior evident in malware like Petya.

Specifically, our data source for analysis is a Microsoft Windows Sysinternals tool called Sysmon. In short, Sysmon provides an authoritative source of what’s happening on a computer by linking all observable activity on that system back to the responsible process(es). This is a boon for real-time threat hunting as well as forensic analysis; the conventional follow-on data collection to obtain such details is no longer required. In other words, Sysmon has high resolution and animation (see descriptions of these terms). Read this blog post for further information regarding Sysmon as a detection, hunting, and analysis tool.

By sending Sysmon events to an aggregation point for further querying and historical analysis, our analysis of Petya was limited only by speed of thought, not tooling or data gaps. In this case, the aggregation point is Elastic’s open source “Elastic Stack,” which consists of a Logstash aggregator, Elasticsearch cluster backend, and Kibana web user interface frontend.

Our test environment was a fresh Windows 10 install on a Virtual Machine, preloaded with Sysmon v6, a custom configuration, and a logger that feeds events to Vector8’s analysis platform (Sysmon + Elastic Stack). We copied over a confirmed sample of the Petya malware (027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745) to the machine. Next, we manually ran the malicious DLL via rundll32.exe on the command line with the flag “#1” to activate the malware.

Sysmon analysis
Command line execution of the Petya malware

The following events are recorded by Sysmon and forwarded to the Vector8 cloud platform for analysis. This details how the malware behaves and provides insights into how to detect or prevent similar malware from executing in the future.

  1. The first thing that happens is that Rundll32.exe (the parent process) writes a copy of the DLL to ‘C:Windows’. This activity is unusual, but not necessarily malicious on its own.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:Windows7cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
  2. Rundll32.exe then accesses raw disk several times, presumably to modify the MBR. Accessing raw disk is abnormal, as it bypasses the filesystem structure to access the disk sectors directly. This level of disk access is not normal operations and is very suspicious, especially by Rundll32.
    • Sysmon event ID 9 (Raw Disk Access Read)
      Image: C:WindowsSysWOW64rundll32.exe
      
      Device: DeviceHarddisk0DR0
    • 1 access to the current working volume (DeviceHarddiskVolume2) and 24 accesses to DeviceHarddisk0DR0
  3. Rundll32.exe schedules a task to force reboot of the system 60 minutes from time of execution. Rundll32 creating a scheduled task is a suspicious pattern that should trigger a hunter to investigate.
    • Sysmon event ID 1 (Process Created)
      CommandLine: /c schtasks /Create /SC once /TN "" /TR "C:Windowssystem32shutdown.exe /r /f" /ST 16:06
      
      ParentCommandLine: rundll32.exe 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.dll,#1
  4. Rundll32.exe writes a .tmp file in the user’s LocalTemp directory. Temp files created in this directory would not normally cause alarm, unless linked to another more suspicious event.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:UserstanooAppDataLocalTemp95.tmp
  5. Rundll32.exe kicks off the .tmp file it wrote earlier and directs it to a named pipe. As referenced above, since this .tmp file is now communicating with another process over a named pipe, a hunter would want to investigate the .tmp file as this is unusual behavior as well.
    • Sysmon event ID 1 (Process Created)
      Image: C:UserstanooAppDataLocalTemp95.tmp
      
      CommandLine: "C:UserstanooAppDataLocalTemp95.tmp" .pipe{77A05906-5A7D-4442-8140-0899A3C4423C
    • When 5695.tmp runs (Sysmon event ID 1), we get its hash (02EF73BD2458627ED7B397EC26EE2DE2E92C71A0E7588F78734761D8EDBDCD9F), which open source research and VirusTotal results purport to be mimikatz
    • Sysmon pipe events show the pipe creation by rundll32.exe and access by 5695.tmp
      • Sysmon event ID 17 (Pipe Created)
        Image: C:WindowsSysWoW64rundll32.exe
        
        PipeName: {77A05906-5A7D-4442-8140-0899A3C4423C}
      • Sysmon event ID 18 (Pipe Connected)
        Image: C:UserstanooAppDataLocalTemp95.tmp
        
        PipeName: {77A05906-5A7D-4442-8140-0899A3C4423C}
  6. Rundll32.exe writes a file called dllhost.dat to C:Windows, which is a very suspicious event as dat files are not normally written to that directory.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:Windowsdllhost.dat
    • Open source research corroborates this file write and has concluded it is a legitimately signed psexec
    • Since dllhost.dat wasn’t executed in our sampling (due to our VM not meeting malware checks), we don’t get this file’s hash
  7. The tmp file accesses another running process, lsass.exe. This event could be a solid candidate for a hunting trigger as it could be indicative of credential harvesting or some other abuse of Windows’ security authority service (lsass.exe). It is not unusual for lsass.exe to be accessed, but a .tmp file doing so is highly unusual.
    • Sysmon event ID 10 (Process Accessed)
      SourceImage: C:UserstanooAppDataLocalTemp95.tmp
      
      TargetImage: C:Windowssystem32lsass.exe
      
      CallTrace: C:WindowsSYSTEM32ntdll.dll+a5314|C:WindowsSystem32KERNELBASE.dll+290ad|C:UserstanooAppDataLocalTemp95.tmp+3390|C:UserstanooAppDataLocalTemp95.tmp+369a|C:UserstanooAppDataLocalTemp95.tmp+25e9|C:UserstanooAppDataLocalTemp95.tmp+4577|C:WindowsSystem32KERNEL32.DLL+8364|C:WindowsSYSTEM32ntdll.dll+65e91
    • Lsass.exe then accesses the malicious rundll32.exe
      • Sysmon event ID 10 (Process Accessed)
        SourceImage: C:Windowssystem32lsass.exe
        
        TargetImage: C:WindowsSysWoW64rundll32.exe
        
        CallTrace: C:WindowsSYSTEM32ntdll.dll+a5ea4|C:WindowsSystem32RPCRT4.dll+6576f|C:Windowssystem32lsasrv.dll+ceed|C:WindowsSYSTEM32SspiSrv.dll+11a2|C:WindowsSystem32RPCRT4.dll+77d63|C:WindowsSystem32RPCRT4.dll+3450f|C:WindowsSystem32RPCRT4.dll+3739a|C:WindowsSystem32RPCRT4.dll+4a2b4|C:WindowsSystem32RPCRT4.dll+491cd|C:WindowsSystem32RPCRT4.dll+49a7b|C:WindowsSystem32RPCRT4.dll+29c1c|C:WindowsSystem32RPCRT4.dll+2a09c|C:WindowsSystem32RPCRT4.dll+4438c|C:WindowsSystem32RPCRT4.dll+45beb|C:WindowsSystem32RPCRT4.dll+386ea|C:WindowsSYSTEM32ntdll.dll+325fe|C:WindowsSYSTEM32ntdll.dll+330d9|C:WindowsSystem32KERNEL32.DLL+8364|C:WindowsSYSTEM32ntdll.dll+65e91

Petya activity
Activity related to the execution of the Petya malware from 27 June 2017, as seen in Kibana

Petya Execution Infographic

Petya Execution Timeline

See an in depth view of Petya’s execution timeline with this infographic.

VIEW NOW

The result of this type of analysis provides some crucial insights into the behaviors this malware exhibits. These behaviors can be examined and turned into defensive measures such as hunting triggers or even preventative measures through endpoint tools, network tools, or system policies.

For this example, there are a number of behavior patterns we can key on:

  • Process writes a .tmp file, and that .tmp file is later run as a process
  • A .tmp file accesses lsass.exe
  • A schtasks.exe process command line includes the “shutdown” switch
  • Rundll32.exe writes files
  • The string “pipe” is found in a process’ command line
  • A .dat file is written to c:windows
  • Raw access reads to DR0 volume

Note that these patterns are all based on endpoint process metadata, like Sysmon output. It’s also important to point out that the fidelity of each of these patterns depends on what is normal in your environment.

Threat hunting can be used as a powerful tool not only to detect malicious behavior missed by other security measures but also drive a deeper understanding of how malicious software, actor tools, and behaviors work and how to proactively detect or prevent them.

Anomali partners with Vector8 to provide threat hunting services. To find out more about this service, see our Professional Services page.

This is a joint blog between Anomali and Vector8. Vector8 provides threat hunting services leveraging tools, techniques, and expertise introduced in this blog. For more information on Vector8, visit them at https://www.vector8.io/


Source: Honeypot Tech

Pioneers winners: Make it outdoors challenge

To everyone’s surprise, the sun has actually managed to show its face this summer in Britain! So we’re not feeling too guilty for having asked the newest crop of Pioneers to Make it outdoors. In fact, the 11- to 16-year-olds that took part in our second digital making challenge not only made things that celebrate the outdoors – some of them actually carted their entire coding setup into the garden. Epic!

The winners

Winners of the second Pioneers challenge are…

We asked you to make it outdoors with tech, challenging all our Pioneers to code and build awesome projects that celebrate the outside world. And we were not disappointed! Congratulations to everyone who took part. Every entry was great and we loved them all.

We set the challenge to Make it outdoors, and our theme winners HH Squared really delivered! You best captured the spirit of what our challenge was asking with your fabulous, fun-looking project which used the outdoors to make it a success. HH Squared, we loved Pi Spy so much that we may have to make our own for Pi Towers! Congratulations on winning this award.

Watching all the entry videos, our judges had the tricky task of picking the top of the pops from among the projects. In additon to ‘theme winner’, we had a number of other categories to help make their job a little bit easier:

  • We appreciate what you’re trying to do: We know that when tackling a digital making project, time and tech sometimes aren’t in your favour. But we still want to see what you’ve got up to, and this award category recognises that even though you haven’t fully realised your ambition yet, you’ve made a great start. *And*, when you do finish, we think it’s going to be awesome. Congratulations to the UTC Bullfrogs for winning this award – we can’t wait to see the final project!
  • Inspiring journey: This category recognises that getting from where you’ve started to where you want to go isn’t always smooth sailing. Maybe teams had tech problems, maybe they had logistical problems, but the winners of this award did a great job of sharing the trials and tribulations they encountered along the way! Coding Doughnuts, your project was a little outside the box IN a box. We loved it.
  • Technically brilliant: This award is in recognition of some serious digital making chops. Robot Apocalypse Committee, you owned this award. Get in!
  • Best explanation: Digital making is an endeavour that involves making a thing, and then sharing that thing. The winners of this category did a great job of showing us exactly what they made, and how they made it. They also get bonus points for making a highly watchable, entertaining video. Uniteam, we got it. We totally got it! What a great explanation of such a wonderful project – and it made us laugh too. Well done!

The Judges’ Special Recognition Awards

Because we found it so hard to just pick five winners, the following teams will receive our Judges’ Special Recognition Award:

  • PiChasers with their project Auqa (yes, the spelling is intentional!)
  • Sunscreen Superstars, making sure we’re all protected in the glorious British sunshine
  • Off The Shelf and their ingenious Underwater Canal Scanner
  • Glassbox, who made us all want Nerf guns thanks to their project Tin Can Alley
  • Turtle Tamers, ensuring the well-being of LEGO turtles around the world with their project Umbrella Empire

Winners from both our Make us laugh and Make it outdoors challenges will be joining us at Google HQ for a Pioneers summer camp full of making funtimes! They’ll also receive some amazing prizes to help them continue in their digital making adventures.

Massive thanks go to our judges for helping to pick the winners!

Pioneers Make it Outdoors Raspberry Pi

And for your next Pioneers challenge…

Ha, as if we’re going to tell you just yet – we’re still recovering from this challenge! We’ll be back in September to announce the theme of the next cycle – so make sure to sign up for our newsletter to be reminded closer to the time.

The post Pioneers winners: Make it outdoors challenge appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Cyberattack on Ukrainian clinics, pharmacies worries experts

Scott Shackelford, the chair of the Cybersecurity Program at Indiana University in Bloomington, said that the past progress toward setting international norms for behavior in cyberspace “is in danger of eroding.”

“What’s needed is leadership, and right now that’s in dangerously short supply, especially coming from Washington,” he said.”

Location

United States
Date published: 
July 19, 2017
Focus Area: 
People: 
Related Topics: 


Source: Cyber Law

Source: Privacy Online


Source: Zologic

FBI NSL Gag Orders Ruled Constitutional – Threat Wire

FBI Gag orders are ruled constitutional, android ransomware threatens to leak your personal data, and verizon customers had a data breach. All that coming up now on Threat Wire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Links:
https://www.cnet.com/news/court-rules-fbi-can-continue-to-request-data-in-secret/
https://www.reuters.com/article/us-usa-surveillance-idUSKBN1A21XJ?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+reuters%2FtechnologyNews+%28Reuters+Technology+News%29
http://cdn.ca9.uscourts.gov/datastore/opinions/2017/07/17/16-16067.pdf
https://en.wikipedia.org/wiki/USA_Freedom_Act

https://www.cnet.com/news/this-ransomware-will-share-your-browser-history-with-friends/
http://www.zdnet.com/article/this-android-ransomware-threatens-to-expose-your-browsing-history-to-all-your-contacts/
https://thehackernews.com/2017/07/leakerlocker-android-ransomware.html

http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/
https://www.cnet.com/news/israeli-tech-firm-exposes-verizon-customer-records/
https://thehackernews.com/2017/07/over-14-million-verizon-customers-data.html

Third Party Exposes 14 Million Verizon Customer Records

Youtube Thumbnail credit:
https://cdn.pixabay.com/photo/2016/08/11/23/54/judge-1587300_960_720.jpg

Source: Security news


Source: Zologic

The Best Litter Robot, the Litter Robot III – TekThing Short

I’m loving the new Litter Robot III, and so are my cats! It keeps my cats area clean but also keeps the house smelling fresh. Check it out at this link: https://www.litter-robot.com/

——
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
https://www.patreon.com/tekthing
——
EMAIL US!
ask@tekthing.com
——
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
——
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
THANKS!
HakShop: https://hakshop.myshopify.com/
——
SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers
——

Source: Security news


Source: Zologic

Visual Privacy Management in User Centric Open Environments (VISION) project presents scientific paper at Annual Privacy Forum 2017

The Horizon 2020 project ‘VisiOn’ participated in the Annual Privacy Forum 2017, one of the biggest events at E.U. level in the field of privacy and data protection, and presented a scientific paper entitled “Privacy Data Management and Awareness for Public Administrations: a Case Study from the Healthcare Domain”.
Source: Cybersecurity and digital privacy newsletter

Source: Privacy Online


Source: Zologic

WTB: New “WPSetup” Attack Targets Fresh WordPress Installs

The intelligence in this week’s iteration discuss the following threats: Adobe Patches, Android Malware, Cloud Leaks, Point-of-Sale, Ransomware, Remote Access Trojan, and Windows Protocol Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

GhostCtrl Is an Android RAT That Also Doubles as Ransomware (July 17, 2017)
A new Android Remote Access Trojan (RAT) called “GhostCtrl RAT,” has been used in a wave of attacks against Israeli healthcare organizations. GhostCtrl RAT is a variant of OmniRAT, which targets four operating systems: Android, Linux, macOS and Windows. GhostCtrl tries to hide itself by masquerading as popular applications. It has a large amount of functions such as data exfiltration, audio and video recording, ransomware, controlling bluetooth, and more.
Recommendation: Ensure that your company’s firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity.
Tags: RAT, Android, Malware

New “WPSetup” Attack Targets Fresh WordPress Installs (July 14, 2017)
A campaign was discovered that took place in May and June that targeted fresh installations of WordPress which allowed an attacker to take over the hosting account. The attackers scanned for a URL used by new installations of WordPress, “/wp-admin/setup-config.php.” The URL, if present, indicates that the user did not complete the installation steps. An attacker is able to go through the first steps of the installation and enter their own database server information. This allows an attacker to create an admin-level account on the victim’s server, which gives the attacker the ability to run any PHP code on the hosting account.
Recommendation: Website administrators should always make sure that their WordPress installation is complete as soon as possible. Additionally, website administrators should also use a web application firewall to block unwanted access. One can also use a “.htaccess” file to limit access by IP address.
Tags: WordPress, Vulnerability

A .NET malware abusing legitimate ffmpeg (July 13, 2017)
A new wave of malware that records videos and spies on user activities is being distributed in a new campaign, according to researchers. First discovered in 2015, the malware’s objective is to spy on a user’s banking activities. The malware contacts a Command and Control (C2) server over TCP. The C2 server requests information on the infected machine, and then sends the infected machine a list of targeted banks which are saved in the registry. The legitimate program “FFmpeg” is downloaded and used to record videos of the victim. The recording event is triggered when the victim opens a website associated with banking. The video is then sent to the C2 server encoded in Base64.
Recommendation: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (don’t rely on single security mechanisms – security measures should be layered, redundant, and failsafe). Also take a look at processes running in your computer in the background that should not be running. If there are unexpected processes running, you should terminate them and run a virus scan immediately.
Tags: Malware, FFmpeg, Banking

Meet Ovidiy Stealer: Bringing Credentials Theft to the Masses (July 13, 2017)
A new credential-stealing malware called “Ovidiy Stealer” has been found being advertised for sale on Russian-speaking marketplaces, according to Proofpoint researchers. The malware is offered for purchase for 450-750 Rubles (approximately $7-13 USD). Ovidiy Stealer is being distributed via emails with compressed executable attachments or links to an executable download. The malware can steal information from multiple web browsers and credentials from targeted applications on a Windows OS machine.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders.
Tags: Crenditla theft, Ovidiy

New Ransomware Threatens to Send Your Internet History and Private Pics to All Your Friends (July 13, 2017)
Two malicious applications were discovered in the Google Play Store to contain malware called “LeakerLocker,” according to McAfee researchers. Researchers call the malware a form of ransomware except that it does not encrypt files. Instead the malware gathers information from the infected device and then displays a screen that threatens to share the data unless a payment is made. LeakerLocker can read various forms of data including Chrome history, device information, email address, pictures, as well as random text messages and call information.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, it is important to review the permission the application will request and comments from others who have downloaded the application. Furthermore, it is paramount that mobile devices be kept up-to-date with the latest security patches and employ trusted antivirus software.
Tags: Ransomware, LeakerLocker, Mobile

Telegram-based Katyusha SQL injection scanner sold on hacker forums (July 12, 2017)
A Russian-speaking hacker is offering an automated SQL injection vulnerability scanner tool, called “Katyusha,” for sale on an underground forum. The tool is based on the open source Arachni web app security scanner. Katyusha is controlled via a web app and it can be monitored using the Telegram messenger. In addition to identifying SQL injection flaws within websites, the tool is able to perform actions such as brute-forcing logins, dumping databases, and uploading web shells.
Recommendation: Properly sanitize user provided data to prevent injection attacks. Using prepared statements and stored procedures, implementing escape schemes, properly limiting privileged accounts, and using input validation are also different steps you can take to better protect your company from SQL injections attacks.
Tags: Telegram, SQL, Vulnerability

Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts (July 12, 2017)
UpGuard researchers discovered in late June that the Israeli technology company, “Nice Systems,” controlled an Amazon S3 storage bucket that was misconfigured. The bucket was configured to be publicly accessible, and the data was downloadable by anyone who was able to guess the correct web address. The data was available for download for approximately one week, according to researchers. The files stored consisted of 14 million Verizon customer records with each record containing cell phone number, full name, and their account PIN.
Recommendation: Always make sure your cloud storage is properly configured. Experts have been warning companies that Amazon S3 buckets are too often misconfigured. Leaked data can be used by extortionists in an attempt to make money. Ensure that any cloud storage services you use are properly configured to only allow access to trusted and authorized users. Require multi-factor authentication for access to the most sensitive materials you store.
Tags: Verizon, Breach

LockPOS Joins the Flock (July 12, 2017)
Arbor Networks researchers have discovered that an inactive C2 server for the “FlokiBot” Point of Sale (POS) malware has recently become active. Interestingly, the C2 is not distributing FlokiBot but was instead identified to be distributing a new strain of POS malware dubbed “LockPOS.” Additionally, researchers believe that the same actors behind FlokiBot are responsible for LockPOS because both are distributed by the same botnet have a mutual C2 host.
Recommendation: Customer facing companies that store credit card data must actively defend against Point-of-Sale (POS) threats and stay on top of industry compliance requirements and regulations. All POS networks should be aggressively monitored for these type of threats. In the case of FastPoS infection, the affected networks should be repopulated, and customers should be notified and potentially offered fraud protection to avoid negative media coverage and reputation.
Tags: POS, LockPOS

Spam Campaign Delivers Cross-Platform Remote Access Trojan Adwind (July 11, 2017)
The “Adwind” Remote Access Trojan (RAT) has reappeared in a spam-distribution campaign, according to Trend Micro researchers. The spam emails attempt to trick recipients into following a malicious URL to download a PDF file. This download will install the Adwind RAT that is capable of filming and retrieving videos, exfiltrating data, keylogging, stealing credentials, and taking pictures or screenshots.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders.
Tags: RAT, Adwind


Source: Honeypot Tech