Category: News snippets

“Ransomware” makes it into the Oxford English Dictionary

The Oxford English Dictionary has taken note of some IT related words.

For 1, Ransomware is defined now as:

A type of malicious software designed to block access to a computer system until a sum of money is paid.

Another new word is “esc”, that is coined by Apple devices. Instead of “Esc” which would be for the PC’s (Dell, HP, etc)

Also “Selfie” and something sounding like someones grandad would use “e-shopping” got into the OED

CPU Kernel Bug: Security issue for millions

You may have heard of a bug in computers that could cause a problem with security. I have gathered some information below to help you understand the problem.

So what is the problem?

The processors kernel is providing a way for memory to be read, by a malicious entity. It could be a hacker or app that reads the memory.

Intel have reported: “these exploits do not have the potential to corrupt, modify or delete data,” However, the act of reading memory could give a route for hackers to read passwords, login details, ciphers and a lot more sensitive data (basically that goes through the processor).

What or who is affected?

At the moment, everyone with a X86 CPU, made by Intel, in the past decade is at risk.

Do you have AMD, ARM or another CPU? You might still be at risk as the instruction sets for x86 are shared between manufacturers, but for AMD, certainly the other big player in the market, they are only slightly affected (https://www.amd.com/en/corporate/speculative-execution)

For ARM, 64 bit processors, there is a Linux kernel patch being developed https://lwn.net/Articles/740393/

I’ll be OK, I have a Mac

You’re wrong this time I’m afraid. Macs also use x86 technology and they’ll need patching, although if you’re up to date with macOS (10.13.2) then you’ll be OK. That patch was released Dec 6th. Further updates will be made in 10.13.3.

Is there anything I can do?

Only make sure your PC is up to date with all OS updates, especially security updates.

Microsoft plan dropping an update on us around the 9th Jan, so look for updates then as well as now!

Don’t install dodgy apps, be careful on what websites you click on, don’t click on click bait. If someone sends you a link that you’re not expecting then ask them if it was them who actually sent the email!

What is a CPU?

Central Processing Unit – Made up of lots of transistors, LOTS, approximately 700million for modern CPUs they control logic and calculate the commands from the kernel.

What is a kernel?

A Kernel is inside a microchip that controls instructions going into your CPU as well as what comes out of it. It’s basically in control of your entire system.

 

Curse of the Bad Rabbit – Ransomware

BadRabbit Ransomware

A new Ransomware threat has infected PC’s in Russia and multiple other countries stretching to the other side of the globe. Corporate systems at Interfax as well as two other Russian media companies seem to be first affected. But has been seen in Poland and South Korea.

In Ukraine, Odessa airport, the Kiev metro, and the Ministry of Infrastructure were also infected. It is the usual sign of a ransom for encrypted files.

The team at ESET. Antivirus have said this is a strain of the Diskcoder.

Screen shot of the BadRabbit ransomware (Source: Group-IB)

The software will pose as a false adobe flash update to seduce victims to installing the malware, the software would be installed by people visiting these websites according to IB-Group. There may be other websites that are infected.

https://twitter.com/GroupIB_GIB/status/922972032098291718

Once installed on a Windows PC, the malware will actually use a legit open-source tool: Mimikatz to seek out file server login details from the memory on the computer. The software will then spread via SMB shares on the same network.

There is some news to show that it has used a leaked CIA hacking tool as WannaCry did a few months back.

The Master Boot Record will be changed and this will display a start-up screen and not allow progress via this screen. The BadRabbit ransomware will also have a countdown till the price actually goes up. This will force companies and individuals to make a quick decision and possibly more likely to pay. Remember if you pay you are more likely to get attacked more often as the attackers know who pays.

The payment required is 0.05BTC which is just a little over £200.

Signs of infiltration

If you’ve had network connections to caforssztxqzf2nm.onion, or downloads from the following sites:

hxxp://1dnscontrol.com/flash_install.php

hxxp://1dnscontrol.com/install_flash_player.exe

are obvious signs of infiltration.

But the software might pop-up with a sign asking you to disable or stop current AV or malware protection. Some AV packages have spotted it already.

According to Kaspersky Lab, if you prevent these files from executing you should be able to disable BadRabbit from starting to run.

C:\Windows\infpub.dat

C:\Windows\cscc.dat

But you should check the Flash update you’re installing is legit even if you have Flash enabled.

Backing up and having a system image backed up regularly is one way to have a small amount of post-malware protection. But anti-malware software is one of the best remedies to protect yourselves. But checking updates are legit is the best way and not clicking on dodgy links!

Security warning over data.gov.uk – time to change your password!

Have a data.uk.gov account? You should probably change your password.

The site that people can search for data published by the government has discovered, after a data security review, that some usernames and passwords were placed on a publicly accessible resource.

Following quote is taken from the BBC site: (http://www.bbc.co.uk/news/technology-40443601)

A GDS spokeswoman told the BBC that the breach had affected only data.gov.uk accounts, and people with separate accounts for other government websites were not affected.

She said only email addresses, usernames and hashed passwords were implicated, rather than personal information such as names and addresses.

Hashed passwords are not massively secure, but certainly more secure than clear text passwords. It all depends on the algorithm that is used. But the BBC site also reports that users will need to change their passwords next time they login.

The Computer Saint would also advise changing your password, if the same, on any other services. So if you login with the same details to Yahoo, Google, Hotmail, etc then you should change your password.

You should also keep an eye for fraudulent emails, if you suspect an email is fraudulent then you should contact the website in question and not via the email you’ve just got. Go to the actual website via a browser.

Aquila Drone: 2nd test flight a success!

Facebook Drone: Aquila has successfully completed it’s 2nd test flight. Where as the 1st drone broke up on landing the 2nd incarnation was all good at landing and stayed in the air for 1hr 46minutes.

When complete the drone is pencilled to be able to stay in flight for around 2 months.

It is solar powered and will be designed to bring Internet to remote areas.

It is a good idea, however some remote areas might have a poor weather, so if the drone cannot handle winds and rain and other weather patterns I could see this being good for all areas. But there are lots of places that could certainly benefit from this technology

Read more about it on Facebook site

https://code.facebook.com/posts/200887800439084/aquila-s-successful-second-flight-another-step-forward-in-bringing-the-world-closer-together/