Articles for December 2017

I always remove this POS as soon as Win10 is up and running.  It is full of holes… read more below.

If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely.

Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ permission.

According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.

Read more here.

Users who allowed Firefox to run its studies feature found an unwelcome add-on installed over the weekend.

Source: Privacy-touting Mozilla caught shoving Mr Robot add-on into Firefox | ZDNet

The latest release of this excellent security, forensic, and penetration testing Linux distribution is everything I have come to expect from the software and more, with both PC (32 and 64 bit) and Raspberry Pi images.

Source: Kali Linux 2017.3 hands-on: The best alternative to Raspbian for your Raspberry Pi | ZDNet

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents.

Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected.

Researchers from the Mandiant division of security firm FireEye published a report on Thursday, suggesting state-sponsored attackers used the Triton malware to cause physical damage to an organization.

Neither the targeted organization name has been disclosed by the researchers nor they have linked the attack to any known nation-state hacking group.

According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware “TRISIS,” the attack was launched against an industrial organization in the Middle East.

Read more here.

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools.

Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader.

Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London.

Read more here.

New research suggests that fewer than half of industrial businesses are even monitoring for suspicious entry into their systems.

Source: Industrial firms fail to adopt basic security measures against hackers | ZDNet

In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called “one of the longest-running malware families in existence” known as Andromeda.

Andromeda, also known as Win32/Gamarue, is an infamous HTTP-based modular botnet that has been around for several years now, and infecting computers with it’s malicious intentions ever since.

The primary goal of Andromeda bot is to distribute other malware families for mass global malware attacks.

The botnet has been associated with at least 80 malware families, and in the last six months, it was detected (or blocked) on an average of more than 1 million machines per month.

Read more here.

Source: Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

Do you own a Hewlett-Packard (HP) Windows PC or laptop?

Multiple HP customers from around the world are reporting that HP has started deploying a “spyware” onto their laptops—without informing them or asking their permission.

The application being branded as spyware is actually a Windows Telemetry service deployed by HP, called “HP Touchpoint Analytics Client,” which was first identified on November 15.

According to reports on several online forums, the telemetry software—which the HP customers said they never opted to have installed and had no idea was continually running in the background—was pushed out in a recent update.

Read more here.