Security Boulevard posted about an Arkansas business that was affected by ransomware; more so the after effect of the attack. When attackers make off with their paid ransom, organizations are left to rebuild.

” Despite paying the attackers what they demanded, the company struggled to get back on its feet. The company could no longer pay wages so the CEO decided to close shop and let everyone go. “

Security Boulevard

These attacks would make organizations think of getting cyber insurance however there is a whole school of thought explained by ProPublica, “One cybersecurity company executive said his firm has been told by the FBI hackers are specifically extorting American companies that they know have cyber insurance”.

Microsoft Tweeted, “We found a malicious HTML file posing as a Kobe Bryant wallpaper that contains a coin mining script.”

The Daily Hodl goes on to explain, “Microsoft says its Windows Defender security system will automatically detect the malware when a user visits the website where the images can be downloaded.”

They go on to block and to find if a website is utilizing crypto scripts, “One great way is to use Wappalyzer, a handy tool used by Ahrefs that can detect various types of technologies deployed on websites, including 14 of the most popular mining scripts like Coinhive, Crypto-Loot, Cloudcoins, Coinlab, deepMiner and Monerominer. To prevent sites from stealing your computing power, Ahrefs recommends installing browser extensions like minerBlock or No Coin. These plugins specifically block crypto mining malware scripts from running on the sites you visit.”

Andrea Fortuna has a great write up about Canvas Fingerprinting and how it is being utilized in place of sites using cookies.

Canvas fingerprinting works by exploiting the HTML5 canvas element: when a user visits a website their browser is instructed to “draw” a hidden line of text or 3D graphic that is then rendered into a single digital token, a potentially unique identifier to track users without any actual identifier persistence on the machine.

Andrea Fortuna

The article is a great and quick read that also links to a website that helps users understand if their browser is susceptible to being finger printed.

Offices print, fax, and scan countless documents; it is safe to say that some of that data is proprietary or at least is private/intended for a select few. Printers have hard drives that store everything that is printed, faxed, or scanned. If an IT department does not change the admin/default passwords; and, does not encrypt the data being sent to and from the printer, then the data is vulnerable. The FTC has general guidelines for users to follow including, overwriting and adding a pass code to access the hard drive; and, for entities to retain the hard drive after the printer is replaced.

Wonder How To’s Null Byte has a fantastic article about how easy it is for an attacker to sniff wireless packets without logging into a router, as well as only needing an SSID’s password to decrypt the packets.

Password managers allow users to rely on only remembering their master password to be be able to access all of their saved passwords. This allows for users to have a secured environment to store their data as opposed to a word file on their desktop. There are paid and opensource password managers that all offer the same benefit but they all come with their own features. Wired has an in depth article that does a deep dive into paid and free versions. Though the rule of thumb is that an open sourced meaning that the code is open to be inspected and corrected.

Crackstation has an excellent write up on the importance of not just hashing passwords. They mainly cover the utilization of salting hashes and state, “The salt does not need to be secret. Just by randomizing the hashes, lookup tables, reverse lookup tables, and rainbow tables become ineffective.”

Crackstation also goes into the follies in specific hashing techniques and explains the idea of double hashing saying, “All it does is create interoperability problems, and can sometimes even make the hashes less secure. “

” The salt needs to be unique per-user per-password. Every time a user creates an account or changes their password, the password should be hashed using a new random salt. Never reuse a salt. The salt also needs to be long, so that there are many possible salts. As a rule of thumb, make your salt is at least as long as the hash function’s output. The salt should be stored in the user account table alongside the hash. ”

Crackstation

Lifehacker has revisited the dangers of charging devices at public charging stations.

public USB ports can potentially be hacked so that they install data-stealing malware onto your phone while you charge up

Lifehacker

There is no way to ever fully know that the usb charging station is safe to connect to devices, so the biggest piece of advice is to not use them. Lifehacker states that if you do need to use them to, ” a USB condom or cable without data capabilities can also be a great idea“; if, users do not have portable recharging batteries.

Vice has a great article on how researchers were able to make Cylance think that known viruses were safe, all by purchasing Cylance, reverse engineering, and running test after test after test.

They didn’t just run the files against the static Cylance program – they executed the malicious files on a virtual machine with Cylance PROTECT running on it, to see if it would catch the malicious files in action. The theory was that even if the product was tricked by the strings, the malicious action of the file would still be detected by Cylance, but it wasn’t.

Vice

Many networks can be attacked because of their IoT devices and the device’s default passwords. We have discussed this before and there are recommendations to have all IoT devices on their own separate network as well as updating their default passwords. Pen testers are well aware of this habit, of users not changing their default passwords, and the utilize a tool called Shodan to help them. Daniel Miessler via his website danielmiessler.com has a great tutorial that shows how easy it is for people to use Shodan to find clients that may have default passwords.