Wednesday, October 25, 2017

Bad Rabbit Ransomware: The Latest Attack - SonicWall Blog



What Is Bad Rabbit Ransomware?

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and has found its way into Western Europe and the United States. The initial installer masquerades as a Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical.  Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network.  According to SonicWall Capture Labs Threat researchers, Bad Rabbit spreads using the SMB protocol within Windows. We should think of it as a bug fix maintenance release of NotPetya (within EternalBlue method of propagation removed). The purpose of using the SMB protocol is to spread laterally across an organization. 

Are SonicWall Customers Protected from Bad Rabbit?

Yes. SonicWall Capture Labs released signatures to protect against Bad Rabbit malware, which are available for anyone with an active Gateway Security subscription (GAV/IPS).  In addition, SonicWall Capture Advanced Threat Protection (ATP) sandboxing service is designed to provide real-time protection against new strains of malware, even before signatures are available on the firewall. SonicWall Capture ATP customers will be protected against new forms and copycat versions of this malware. Multiple variations of this ransomware strain have been processed in Capture ATP, with a 100 percent success rate of catching it.

How Can I Stop Ransomware Like Bad Rabbit?

SonicWall customers should immediately ensure they have the Capture Advanced Threat Protection sandbox service turned on with their next-generation firewalls, and have the Block Until Verdict feature activated.  For Bad Rabbit, there is no need to manually update the signatures on SonicWall firewalls, as they are automatically propagated to the worldwide installed base upon deployment.
General recommendations for everybody, regardless of their security vendor, include:
  • Apply all patches to operating systems
  • Protect endpoints with an up-to-date anti-virus solution
  • Promote good password hygiene policies
  • Ensure firewall and end point firmware is current
  • Implement a network sandbox to discover and mitigate new threats
  • Deploy a next-generation firewall with a gateway security subscription to stop known threats
I will update this post as analysis of Bad Rabbit ransomware develops.  For more information, read the SonicAlert posting from SonicWall Capture Labs Threat Research Team. To learn more about ransomware defense, please read our Solution Brief: Eight Ways to Protect Your Network Against Ransomware.
See original article, with credits, here
at 1 comment:

Search for Your Email Address to See If Your Password Has Been Stolen





Untitled



No doubt you’ve Googled yourself at least once to see what comes up (or to see what embarrassing photos and blog posts you need to purge from the web before your boss finds them). While doing a search for yourself might yield some predictable results—your LinkedIn page, any mentions of you in the local paper, obituaries for other people with the same name—a conversation with a friend on the topic of data breaches led me to search for something I rarely need to find: my own iCloud email address. That search brought me to a sketchy-looking blog post filled with information one would rather not have online, namely, usernames and passwords. If, like me, you thought your security hygiene was under control, that quick search might be a rude enough awakening to inspire you to take a few steps toward further protecting your personal data.

One Weak Password Can Break Your Security Chain

The username and password combo I found when searching for my email address belonged to an old streaming service I used in 2015. While I’d since cancelled the service, I was both concerned about what other personal data was floating out in the ether, and embarrassed I’d been compromised by a password I’d always meant to retire.
 
The password was used for more than just an HBO subscription. In the past I’d used it for bank accounts, social media pages, and other sites I knew I’d want to try out for a bit, usually with a slight change to the original each time. While I wasn’t alone in my compromised state (the list included dozens of now-defunct accounts), the fact remained I was still a potential victim. It was the weak link in my data security chain, one that needed to be replaced with something more robust, and capable of protecting me.

Ditch the Old Password

Before you begin creating permutations of that one passphrase you’ve hung onto since college, know this: you’re doing passwords wrong. (And if your password is a series of phrases rather than a string of characters with numbers or symbols, you need a new way to create passwords.) First, you should rid yourself of the compromised password as soon as possible, as well as all the slightly-altered versions you use for different accounts in an attempt at securing them from attackers.
While you’re at it, you should look at your most-frequented accounts to see which passwords need an update.This is where password managers come in. Besides keeping track of (and in some cases creating) your secure passwords, these services can also do an initial assessment to tell you if your passwords suck. More on those below:

Get a Password Manager Already

Not using a password manager is basically begging for trouble. Password managers not only make it easy for you to generate strong passwords for all of your accounts, but their integration into your web browser through extensions, or your smartphone with a companion app, makes it easy to get access to your personal information wherever you are, all while keeping your private info secure.
With a password manager, you can ditch the old method of trying to remember passwords for every site, or writing them down on a post-it you stick behind your computer monitor (such a bad idea, by the way). While I use 1Password ($35 per year), other options like LastPass ($24 per year) and KeePass (free) exist and offer their own unique features in addition to easy password management.
You don’t have to change them all at once; I change about one to two passwords every other day, which makes the process less intensive but also, obviously slower. If you’ve got the time, you should create new, updated passwords for as many accounts as you can, as quickly as you can. Better to be secure than sorry.

Enable Two-Factor Wherever You Can

Add another layer of security to your accounts after you change your password by employing two-factor authentication. Forms of two factor authentication include entering single-use codes sent via SMS message when you attempt to login, or randomly generated codes from a two-factor authentication app, like Authy or Google Authenticator, you enter after your login attempt. Both methods help prevent people who have obtained your login information from actually getting into your account, primarily because they lack access to your phone’s text messages and apps.
Enable two-factor authentication on email accounts, financial accounts, social media profiles, or any site that stores your personal information, like a cloud storage service or online retailer. A good rule of thumb to follow when dealing with sites that don’t employ some form of two-factor authentication is to use a secondary or spam-specific email address.

Unsubscribe (Within Reason)

Your email address gets around a lot more than you might think. All those newsletter emails, discount codes from your favorite underwear vendor, and last-minute deals from some store you shopped at three years ago all have your email address. And not everyone keeps it as secure as you’d like to believe.
You should probably know that your mileage may vary when it comes to unsubscribing and reducing email trafficked to your inbox. More reputable sites may honor the sacred “Unsubscribe” button, but emails from less than ideal senders often include unsubscribe buttons to confirm you read their email, and, well, send more garbage to your inbox.


Read the original article, with credits, here




at No comments:

New ransomware attack hits Russia and spreads around globe - Oct. 24, 2017



Untitled






The U.S. government has issued a warning about a new ransomware attack that spread through Russia and Ukraine and into other countries around the world.

Cybersecurity experts said the ransomware -- which posed as an Adobe update before locking down computers and demanding money for people to get their files back -- targeted Russian media companies and Ukrainian transportation systems. It has also been detected in other countries including the U.S., Germany and Japan.
The U.S. Computer Emergency Readiness Team said late Tuesday it "has received multiple reports of ransomware infections ... in many countries around the world."
Dubbed "Bad Rabbit," the virus is the latest example of cybercriminals using ransomware to try to extort money from victims across the globe. Two major international attacks earlier this year -- NotPetya and Wannacry -- caused widespread disruption affecting businesses, government institutions and hospitals.
When Bad Rabbit infects a computer, it seizes files and demands a ransom. Experts and government agencies advise victims not to pay up, warning that there's no guarantee they will get their files back.
On Tuesday, the virus attacked Russian media groups Interfax and Fontanka, and transportation targets in Ukraine including Odessa's airport, Kiev's subway and the country's Ministry of Infrastructure of Ukraine, according to Russian cybersecurity firm Group-IB. Interfax confirmed its servers had gone down due to a cyberattack.
Most of the victims were located in Russia, but attacks were also observed in Ukraine, Turkey, and Germany. Cybersecurity firm ESET also identified cases of Bad Rabbit in Japan and Bulgaria. Another company, Avast, says the ransomware has been detected in the U.S., South Korea and Poland.
Ties to previous attack
The number of victims appeared to be significantly smaller than the NotPetya attack, which struck Ukraine and spread to other countries in June, doing hundreds of millions of dollars of damage to some major companies.
Experts said there were clear links between the two viruses.
Vyacheslav Zakorzhevsky, head of the anti-malware research team at Russian cybersecurity firm Kaspersky Lab, said the company's investigation shows the Bad Rabbit attack targeted corporate networks using similar methods as NotPetya.
How to protect yourself from hackers
How to protect yourself from hackers
Costin Raiu, director of the Global Research and Analysis Team at Kaspersky Lab, said in a message the Bad Rabbit attack was launched through "an elaborate network of hacked websites," with a link to NotPetya.
Group-IB also identified similarities between the NotPetya code and that of Bad Rabbit.
Virus used popular malware trick
The Bad Rabbit ransomware infiltrated computers by posing as an Adobe Flash installer on compromised news and media websites. It serves as a reminder that people should never download apps or software from pop-up advertisements or websites that don't belong to the software company.
ESET says once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal and exploit user credentials to get on other computers.
Researchers say Bad Rabbit doesn't use EternalBlue, the Windows exploit that was leaked in a batch of hacking tools believed to belong to the U.S. National Security Agency. The NotPetya and WannaCry ransomware attacks did use EternalBlue.
It's unclear who's behind Bad Rabbit, but the attackers appear to be "Game of Thrones" fans. The ransomware code contains references to characters from the popular book and TV series like Grey Worm and Daenerys' dragons.
Many anti-virus software detects Bad Rabbit, including Windows Defender. A researcher from Cybereason discovered a "vaccine" that the company said can protect machines from infection.
According to malware researcher James Emery-Callcott, the ransomware campaign is slowly dying down.
"As far as I can see, the attacker's server is no longer live and most of the infected sites hosting the script that gives the Flash update prompt" have fixed the issue, he said. "Fake Flash updates are an incredibly popular method of distributing malware these days. Hopefully people will start to realize that when you get an unsolicited Flash update, it's generally going to be bad."


View the original article, with credits, here



at No comments:

How to trigger Spotify’s creepy Stranger Things Easter egg - The Verge

Take your playlist to The Upside Down



In honor of Stranger Things’ upcoming second season, which premieres this Friday on Netflix, Spotify has hidden a spooky little gem in its web player: a re-skin that turns the black-and-green media player into The Upside Down. It won’t affect the music you’re playing, but it will add some floating spores and a flashlight beam to make your listening experience a little creepier.



Triggering the Easter egg is pretty simple: just open the Spotify, play the Stranger Things soundtrack for either season, and let it play. Wait a few seconds, and you’ll enter the home of the Demogorgon. If you move your mouse or browse around Spotify, however, it’ll disappear.





The trick only seems to work on the browser-based version of Spotify; neither me nor my colleagues were able to activate it on the desktop app, but it might just be a matter of time before it works there too. It also only applies to the Stranger Things soundtracks — sadly, I could not get Drake to take the plunge — and Spotify only supports specific browsers, like Chrome. Nevertheless, it is Halloween season, and who doesn’t appreciate a little visual panache with their moody playlists?



Check out the original article, with credits, here
at No comments:

Tuesday, October 24, 2017

Gigantic new Reaper 'botnet' could bring down the internet, cyber security experts warn


FEAR THE REAPER

Fears grow after security researchers spot network of hacked devices that could cause havoc for companies across Europe and the UK


 By Margi Murphy24th October 2017, 11:11 amUpdated: 24th October 2017, 2:25 pm

A MASSIVE botnet that has been gathering steam over the past few weeks is threatening to ravage the web, security researchers have warned.


 A botnet uses collections of devices like wifi routers or smart webcams which have been hacked to collaboratively send surges of data to servers - causing them crash, disrupt services and ultimately go offline.


  Check Point security found that attacks were coming from many different types of devices and many different countries Check Point security found that attacks were coming from many different types of devices and many different countries


 Around this time last year, a similar attack called the Mirai botnet wiped out the internet across the US, targeting mostly the East Coast.


 But Israeli security researchers at Check Point have discovered what they described as an entirely new and more sophisticated botnet that could cause a "cyber hurricane".


 A blog post published on Check Point Research read: "So far we estimate over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing.


 "Our research suggests we are now experiencing the calm before an even more powerful storm.


  Every wifi router on the planet could be vulnerable, unless they have been patched to fix the vulnerability Every wifi router on the planet could be vulnerable, unless they have been patched to fix the vulnerability. 


 "The next cyber hurricane is about to come."


 They claim the botnet, named Reaper, has already infected one million companies.


 Kids' smartwatches can be hacked - and its gives strangers the exact location of YOUR child

Using Check Point’s Intrusion Prevention System (IPS) in the last few days of September, researchers spotted an increasing number of attempts were being made by hackers to exploit a combination of vulnerabilities found in various smart gadgets.


 With each passing day, the malware appeared to exploit more and more vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.


 It became apparent that the attempted attacks were coming from many different sources and a variety of devices, meaning the attack was being spread by the devices themselves.


 One tech website warned that Reaper could "take down the internet"



Check Point said we were experiencing "the calm before the storm" and warned that companies should make preparations for a Distributed Denial of Service (DDoS) attack which could potentially knock them offline.


 DDoS attacks were made famous by Lizard Squad, the cyber gang that took down the PlayStation network during Christmas of 2014.


 They involve flooding websites or other targets with traffic so they collapse.


 Security experts have been told to check over company networks and take any of the possibly infected gadgets offline.


 Those who might have the products in their home are told the same, although the only difference they might notice is slower wifi speeds.




 Read the original article, with credits, here
at No comments:

8 things you didn’t know you could do with Google Assistant | AndroidAuthority



Google Assistant keeps on growing. New features and functionality are constantly appearing and that’s made keeping track of all the service’s little quirks and features tougher than ever. You can do much more than just searches these days.



Here’s a list of some of Google Assistant’s lesser known but still incredibly handy features.



> What is Google Assistant, and what devices use it? 



Control your smart home

You don’t need a Google Home to be the ear in your living room, Google Assistant on your smartphone can also control the various smart doodads dotted around your home.



Google Assistant plays nicely with smart home products from Nest, Philips Hue, Belkin, and a few others. You can control your lighting, thermostat, and other products using voice controls from your phone. Assistant also recently received support to work with Google’s Chromecast, so you can also start up content from YouTube, Netflix, Spotify, and the like from your phone and push it directly to your TV if it’s on the same WiFi network. Simply request the title of a TV show and your Chromecast will start right up. You can also issue commands to pause, play, adjust playback volume, and even skip songs.







Toggle your Quick Settings

The real power of Google Assistant is hot-word detection from any app or even when your screen is locked. As such, you can use the software to open up apps and even toggle your phone’s hardware settings regardless of what app you’re in or what you’re currently doing. Saying “OK Google, open [app name]” will boot up what you’re after, without having to sift through the app draw.



The same works for hardware toggles like Bluetooth or Wifi. Simply say “OK Google, turn off my WiFi” and that’s it. Google also presents a little toggle to confirm the setting is off, or for you to manually switch the option back on. This feature works for Bluetooth, WiFi, location, NFC, mute, Flight mode, and your phone’s flashlight.



Keep working when offline

Although most of Google Assistant’s features require an internet connection, it’s possible to add events to your calendar, manage alarms, and play music when stuck outside of data range. Commands that are linked to most apps won’t work, but many of your phone’s hardware voice commands keep on working when your phone is offline. Here’s the list of features that work even when offline:



Open an app by name

Play Music

Add an event to your calendar

Place calls and sends texts to contacts

Set new and cancel alarms

Toggle WiFi, Bluetooth, Airplane mode, and flashlight

Adjust your phone’s volume

Dim the screen

Ask follow up questions



Google Assistant actually has a little bit of a memory. This means you can “have a conversation” about something and Assistant won’t forget what you’re taking about. Google likes to give the example of finding movie showtimes, but it works for other topics like finding your way to a local shop or restaurant just as well.



Here’s an example of how a conversation with Google would go. “OK Google, find Italian restaurants near me” and you’ll be presented with local results. Ask “which ones are open now” and Google will narrow down the results and display opening times alongside them. “Give me directions to the closest one” will then present you with a map of the nearest Italian restaurant that’s currently open. You can even close and reopen the app and Google remembers the context of your questions.










Send WhatsApp messages

Texts are all well and good but there are plenty more sophisticated messaging apps available these days, many of which work with Google Assistant. Simply say “OK Google, send a Whatsapp message to [contact].” Then you’ll be asked for your message, and then to confirm sending. It’s an especially handy feature for when you need to go hands-free.



As well as WhatsApp, Google Assistant plays nicely with Hangouts, Allo, Viber, and BlackBerry Messenger, to name just a few internet messaging services. A range of third party SMS applications are also supported, if you prefer old fashioned messaging. In fact, Assistant can also read back your latest text messages to you via the “Read Message” command too.



Read you the morning news

Like to catch up on the headlines with your morning coffee? Google Assistant can read those out to you too, just ask to “Play the news”.



You can curate the sources that Google will pull articles from. These are tucked away in the Settings menu under News. There are a range of US news outlets in there, including CNN, ABC, and USA Today, although other English speaking countries may find the choices a bit more limited. Some French, German, and Japanese sources are also supported, but again the number of outlets is a little more limited.



“Send me daily …”



Morning news bulletins are useful, but perhaps you’re more interested in receiving regular updates about something more specific? If you’re an Allo user, Google Assistant can help with these more niche requests too, thanks to its “send me daily” option.



If you search for news, the weather, or something more specific like a stock price or the route to work when using Allo, you might spot a prompt that says “send daily”. Clicking this adds the search to your Subscriptions and you’ll receive a message from Google Assistant each day with your request. You can also manually create recurring subscriptions by saying “send me the weather daily” or a similar request. There’s the ability to manage all your active subscriptions by asking for “my active subscriptions”, where you can delete and adjust daily requests. It’s just a shame this feature isn’t yet available outside of Allo.







Search through your pictures

If you’re a frequent traveller, you probably have thousands, perhaps tens of thousands of pictures saved somewhere. Such a vast library makes finding old pictures a bit of a chore. Fortunately Google Photo’s smart algorithms are pretty good at automatically sorting your pictures into categories, organising them by location, the picture’s content, or people in them. Google Assistant is integrated with Google Photos and can use these categories to help make finding pictures easy.



Ask Google “show me pictures from London” or “find pictures of my Mom” and you’ll be presented with a section of results from Google Photos. Alternatively, if Assistant can’t find anything or you don’t use Photos you’ll be shown a selection of web results.



Google Assistant isn’t just useful for searching through photos though. You can use similar commands to sift through emails for specific topics, a person, or a particular date.



See the original article here
at No comments:

How Windows 10 dictation works | PCWorld

While dictation within Windows 10 is easy, editing is a pain.







Read the full, original article here



Dictation within Windows has lived in the shadows for years. Finally, with Windows 10 and the Fall Creators Update (see our review!), dictating text is almost as easy as talking to Siri, Cortana, or Google.



Within Windows 10, you can turn on dictation with just a keystroke. It’s easy. I wrote this whole article with just my voice. I edited it, though, with my mouse and keyboard. It’s all part of Windows 10’s new emphasis on modality: first touch, then writing with a pen, voice control, and finally dictation.



Dictation has lived within Windows for years, though it’s been confined to the Control Panel, where users had to set up and configure dictation capabilities manually before they could actually use it in the real world. Within the upcoming Windows 10 Fall Creators Update, however, it’s been brought front and center. (Note: We used the Windows Insider builds to test, but we've confirmed that the dictation feature is present within the Windows 10 Fall Creators Update. It works in the same way.)



Launching dictation within Windows 10 is a snap. The WIN + H key instantly gets it started. That brings up a small window, which is actually the handwriting panel compressed to a single line. All dictation and navigation is completed orally, although you can stop at any time. Unfortunately, if you pause your dictation to edit using your keyboard, you’re forced to re-enter the WIN + H hotkey to resume dictation. In addition, if you pause for, say, five seconds, dictation stops automatically. A small beep signals when dictation begins or ends.



Dictation is easy within Windows; editing isn’t



Windows’ inability to switch easily between typing and dictation is probably the weakest element of the whole thing, because the accuracy of Windows dictation isn’t quite enough for you to be able to type with your voice routinely. While Windows is smart enough to occasionally recognize the proper context of (big W) “Windows,” it flubs other, seemingly commonplace words. Even 90-percent accuracy means that you’ll have to correct something manually in nearly every sentence.



Granted, the quality of your microphone plays a role, as does background noise. I used a Surface Pro 4 and a quiet conference room (albeit with air conditioning) as a test environment, and the overall experience was average at best. At home, with a noisier A/C unit and background noise, the experience differed. (In our review, we talk more about how we tested, along with a sample of how Windows' dictation did.)



Don't leap to the conclusion that you'll need a headset, though, as some modern tablets and laptops contain array microphones that can detect the subtle nuances that dictation depends upon. Still, you'll want to keep the keyboard and mouse handy.



Why? Because navigation is a pain. Trying to memorize the list of Windows commands, and use them in the context of a sentence, takes some doing. Here’s just a few: 



Say “press backspace” to inject a backspace character

Say “clear selection” to unselect the text that has been selected

Say “move to the start of the word” to move the insertion point to the start of the word

Say “go after <word or phrase>” to move the cursor to the first character after the specified word or phrase

...and so on. Microsoft says you can say punctuation words like “comma” and they will be inserted as punctuation, but that just isn’t always the case. Specialized characters, such as ellipses and em-dashes, simply aren’t recognized. And certain commands, such as “delete that” didn’t work regularly. In that case the only choice you have is to pull out your keyboard and start hitting backspace repeatedly. 



Unfortunately, that creates a sort of all-or-nothing scenario, where one has to either type or dictate—there’s no back-and-forth. Windows allows me to pull out a pen  and scroll or jot a note anytime I choose. Windows needs to do the same thing with speech, enabling a user to switch on the fly.



Is Windows better than competing software packages, such as Dragon NaturallySpeaking? No, not by a long shot. Windows simply doesn’t have the accuracy that a professional package like Dragon does, though it does pretty well in a pinch. I actually expected more of Windows, as I expected the speech engine to be based upon the way in which you speak to Cortana. Instead, it appears to be built upon the traditional dictation engine that’s been in Windows for the last decade. Either the accuracy need to improve, or some training functionality needs to be built in. 





There’s one big thing going for Windows 10, though: It’s free. Honestly, when we text or type a message to a friend, we don’t expect the accuracy to be perfect. Likewise, within Windows, a little bit of inaccuracy here or there doesn’t make much of a difference. Dictating this story, though, where accuracy is critical, was a somewhat painful experience. If Microsoft believes dictation to be a productivity tool, the overall experience needs to improve.  



Read the full, original article here
at No comments:
Subscribe to: Posts (Atom)