Find up-to-date news about new technologies and cybersecurity.

Our IoT Smart Checker allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.

IoT Smart Checker gathers data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networksscanner. HouseCall for Home Networks is a free tool that features device recognition and vulnerability scanning in users’ networks and connected devices. Home Network Security is a solution plugged into users’ routers that protects connected devices from potential cyberattacks. Currently, IoT Smart Checker supports multiple operating systems, including Linux, Mac, Windows, Android, iOS, and other software development kit (SDK) platforms.

This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.AELF_VPNFILT.BELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Initially reported at the tail end of May to have infected at least 500,000 networking devices across 54 countries, including those from Linksys, MikroTik, Netgear, and TP-Link, to steal website credentials and even render devices unusable, the malware is now seen targeting more devices to deliver exploits and even override reboots. The Federal Bureau of Investigation (FBI) has even released a public service announcement (PSA), warning that it is the work of foreign threat actors looking to compromise networked devices worldwide.

Different brands and models affected by VPNFilter and more

VPNFilter is known to affect over ten brands and 70 models of devices. IoT Smart Checker can identify other publicly known vulnerabilities targeting the devices as listed below:

Manufacturer Model Device Type
Asus RT-AC66U, RT-N10, RT-N10E,
RT-N10U, RT-N56U, and RT-N66U
Routers
D-Link DES-1210-08P
DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N
Ethernet switch
Routers
Huawei HG8245 Router
Linksys E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N Routers
MikroTik CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011,
RB Groove, RB Omnitik, and STX5
Routers
Netgear DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50 Routers
QNAP TS251, TS439 Pro, and other QNAP NAS devices running QTS software NAS devices
TP-Link R600VPN, TL-WR741ND,
and TL-WR841N
Routers
Ubiquiti NSM2 and PBE M5 Wireless access points
ZTE ZXHN H108N Router

Table 1. Some of the known affected devices by VPNFilter

Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

At the time of our scanning, we observed that 34 percent of home networks had at least one device with a known vulnerability. We found that 9 percent of vulnerable devices are potentially affected by VPNFilter.

Device Vulnerabilities Vulnerable Devices/Services
Authentication Bypass Vulnerability CVE-2015-7261 QNAP FTP Service
Reaper Remote Code Execution CVE-2011-4723 D-Link DIR-300
Remote Code Execution CVE-2014-9583 ASUS RT-AC66U, RT-N66U
Reaper OS Command Injection CVE-2013-2678 Linksys E2500
Buffer Overflow Vulnerability
CVE-2013-0229
Vulnerable UPnP Service (e.g. Netgear/TP-Link/D-Link)
Stack Overflow Vulnerability
CVE-2013-0230
Vulnerable UPnP Service (e.g. Netgear/TP-Link/D-Link)
Remote Code Execution CVE-2017-6361 QNAP QTS before 4.2.4 Build 20170313
Router JSONP Info Leak CVE-2017-8877 ASUS RT-AC* and RT-N*
Router Password Disclosure CVE-2017-5521 Netgear R6400, R7000, R8000
Stack Overflow Vulnerability
CVE-2012-5958
Vulnerable UPnP Service (e.g. Netgear/TP-Link/D-Link)
Stack Overflow Vulnerability
CVE-2012-5959
Vulnerable UPnP Service (e.g. Netgear/TP-Link/D-Link)
Reaper Router Remote Code Execution D-Link DIR-300
Router Password Disclosure Netgear WNR2000
Remote Code Execution CVE-2016-6277 Netgear R6400, R7000
Router Session Stealing CVE-2017-6549 ASUS RT-N66U
OS Command Injection CVE-2013-2679 Linksys E4200
Authentication Bypass Vulnerability Netgear WNR1000
Router Password Disclosure Netgear WNR1000
Unauthenticated Router Access Vulnerability TP-Link TL-WR841N

Table 2. 19 vulnerability detections on VPNFilter-affected devices

As expected, the 19 vulnerabilities primarily affect routers. Interestingly, the Authentication Bypass Vulnerability CVE-2015-7261, an FTP (File Transfer Protocol) flaw in the QNAP NAS firmware, mostly affects printers based on our detection. While determining the possible reason behind this, we found that many of the detected printers’ FTP could connect to the network without any authentication. In some cases, this may be the printer’s default configuration, but it still poses a potential security risk if the FTP is set as open on the internet.

Figure 1. A Shodan result of an FTP connection to a printer without authentication

The other vulnerabilities detected, such as the Buffer Overflow CVE-2013-0229 and Stack Overflow CVE-2013-0230, can allow attackers to cause a denial-of-service (DoS) and execute arbitrary code in systems, respectively. Vulnerable UPnP Services detected, moreover, aren’t exclusively associated with Netgear/TP-Link/D-Link devices, as other brands could also have the same vulnerability. In that case, we can expect more detections.

Protecting devices and networks against VPNFilter malware and other vulnerabilities

The threat of VPNFilter malware is augmented by the fact that other publicly known vulnerabilities were detected in the affected devices. Since not all device manufacturers provide immediate fixes for discovered vulnerabilities and not all users regularly apply patches, users should first secure the way they set up their devices and networks. Trend Micro™ Home Network Security solution can check internet traffic between the router and all connected devices. Our IoT Smart Checker tool has been integrated into the Home Network Security solution and HouseCall™ for Home Networksscanner. Enterprises can also monitor all ports and network protocols for advanced threats and thwart targeted attacks with the Trend Micro™ Deep Discovery™ Inspector network appliance.

Aside from adopting security solutions that can protect networks and connected devices from the vulnerabilities through the identification and assessment of potential risks, we recommend standard security measures, such as:

  • Updating the firmware versions of devices once they’re available to avoid attacks that exploit known vulnerabilities.
  • Avoiding the use of public Wi-Fi on devices that are also used in home or corporate networks.
  • Changing device’s default credentials and using strong passwords to deter unauthorized access.
  • Being wary of suspicious URLs or attachments from unknown sources that may lead to infecting devices connected to the network.

Users of the Trend Micro Home Network Security solution are also protected from particular vulnerabilities via these rules:

  • 1058981 WEB Directory Traversal -21
  • 1130327 EXPLOIT ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Command Execution (CVE-2014-9583)

Online survey company  Typeform hacked, malware scam hits macOS users and Samsung smart phone users get an unwelcome surprise.

Many online companies ask customers to fill in ‘How did we do?’ surveys to improve service. But a number of firms around the world – including hotel chain Travelodge,food manufacture BirdsEye and the British prestige brand Fortnum & Mason – are finding out their surveys and quizzes have impaired customer service. That’s because those companies used surveys that collected customer data from a software company called Typeform, which was hit by a data breach. According to news reports, Typeform recently acknowledged suffering a breach caused by attackers downloading a “partial backup” of its customer data. So far the types of data taken include people’s names, birthdates, email addresses and home addresses and social media handles, depending on the company.

According to Typeform, all customer data is hosted on Amazon’s AWS service. The main servers are located in Virginia, and the backup servers are located in Germany.

Typeform said it detected an issue on June 27 and fixed it within 30 minutes. But data affected was collected prior to May 3rd.

This breach could be big. The digital bank Monzo said personal data of about 20,000 people is likely to have been included in the breach. Travelodge has hotels in the United States, Canada, the UK, Spain, Ireland, New Zealand, Australia and Asia.

You don’t hear a lot about malware hitting the macOS platform, but it’s out there. However, the latest scam is unusual. Often malware is spread by email. This time it’s being spread through cryptography or cryptocurrency chat groups on the Slack collaboration and Discord gaming Web sites. According to a columnist on the SANS Institute’s infosec blog, someone impersonating an administrator or a key person suggests readers download some code. It’s supposed to solve a problem. In fact, the file is malware. There’s an old saying, “Beware of Greeks bearing gifts.” These days, “Beware of people on the Internet offering helpful files.” Even if they appear to be knowledgeable, a stranger is still a stranger.

Finally, users of recent Samsung smart phones are reporting their devices are randomly sending photos to contacts in their address books. So far the problem has affected Galaxy S9 and S9+ devices. The problem, according to the news site Gizmodo, appears to be in Samsung Messages, the default texting app on Galaxy devices. For some reason it’s sending photos saved on devices to people on their contact lists. The suspicion is its related to a recent software update to wireless carriers aimed at improving the messaging service. Samsung told Gizmodo it’s looking into the problem. There is a fix – go into your phone’s app setting and revoke Samsung Messages ability to access storage.

Original Source: Howard Solomon, www.itworldcanada.com, July 4th, 2018

We’ve heard multiple times that Apple’s 2018 iPhones will employ faster charging out of the box, most likely relying on a higher wattage adapter and USB Type-C cable to reach speeds similar to those of the latest Android phones. Thanks to images published on Macotakara, we may have just gotten our first peek at what that new charger looks like.

The photos on the Japanese blog show the adapter from multiple angles, as well as its USB-C port where current iPhone power bricks currently employ USB-A. The design has that classic rounded rectangle look to it, with both flat ends painted gray. According to the report, it’s rated at 18 watts.

It’s important to point out that all rumors to date point to the 2018 iPhones retaining their Lightning ports. In other words, the shift to USB-C doesn’t portend Apple dropping its proprietary connector. The end of the cable that connects to the device will in all likelihood still be Lightning, while the other side that interfaces with the power brick will be USB-C.

While we’re pretty certain Apple is planning on tossing in a fast charging system with every new iPhone — a welcome departure from forcing iPhone users to shell out for a separate fast-charge accessory — it’s also quite possible that’s not what we’re looking at here. Earlier sketches of the brick presented a much sleeker, compact design, as 9to5Mac points out. This leak is inconsistent with that more oval-like plug.

What’s more, the text on the pronged side of the adapter has been rendered in a font Apple does not use. This is probably the biggest giveaway that what we’re looking at here isn’t an official product, but rather a third-party knockoff.

MORE: iPhone 2018 Rumors: Everything We Know

Although we may not be looking at the very same charger Apple’s next iPhones are expected to ship with, the fast charging question remains an important one. Among our biggest gripes with the iPhone Xwas its lack of the technology out of the box. Customers have to pay roughly $68 to buy all the gear from Apple they need to enable that speed, which is absurd for a device that already starts at $999.

The difference in charging times between the two systems is a significant one, too. Last year we tested charging speed across a range of phones, and found that the iPhone X recharged more than twice as quickly using the faster setup. Our iPhone X reached 50 percent in 30 minutes hooked up to the fast charger, compared to 17 percent for the packed-in one. Whatever new system Apple is planning should at least be that quick — something future iPhone owners will surely appreciate.

Original Source: www.tomsguide.com by ADAM ISMAIL on 
Similar to artists, designers feel stuck many times when working on their designs. They usually come across cranky clients asking for repetitive revisions or stuck in a large complex project. The designers’ life is definitely not supposed to be easy as it demands a lot of focus, enthusiasm, and creativity. They happen to lose the performance up to the mark and find it quite challenging to stay on top of the tasks.

When tasks multiply and compound, it can be challenging to stay on top of it all to keep the team focused to deliver the project when the client needs it. Here are some crucial productivity tips for web designers to keep their creativity alive. Read more

A new report has found that malicious actors are turning their attention away from ransomware to cryptojacking.

In recent years, the cryptocurrency market has become a hot topic, attracting more people keen to make a profit from it. Consequently, this has meant that criminals are eager to get involved as well.

In a new report from Kaspersky Lab, the Russian cybersecurity firm, it found that the total number of users who encountered ransomware fell by around 30 percent from nearly 2.6 million 2016-2017 to around around two million in 2017-2018. According to the report, this is because ransomware attackers are searching for more profitable means such as cryptojacking.

The study also showed that the proportion of people who were targeted by cryptors, which encrypt’s a user’s data, fell by around three percent to 41.5 percent in 2017-2018 compared to the previous year. Yet, in the same time, crypto malware rose by almost 44.5 percent.

“While ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/longer-term model,” the report states.

With more people embracing the crypto market, so too are cybercriminals embracing the number of victims they can target. According to Kaspersky Labs, victim numbers is key. This is illustrated by the fact that in 2016 the number of PCs targeted by illicit miners was 1.87 million. By the end of 2017, that figure had jumped to 2.7 million.

The number of PCs hit by crypto miners saw its true spike in the summer of 2016. Throughout the remainder of the year encounters rose at a steady rate, resulting in more than 400,000 hits a month, the report shows. In 2017, those numbers rose to 600,000.

Users attacked by mobile miners also increased, but at a steady rate. It grew by 9.5% from 4,505 in 2016-2017 to 4,931 in 2017-2018. According to the study, it suggests the mobile mining is an emerging threat targeting developing countries. However, while it adds that mobile mining may not be worth considering, the growth rates indicate that this is an area that needs careful monitoring.

Countries the cyber security firm is concerned about are China and India. It believes that these two nations are key targets for criminals as they account for around a third of all smartphones in the world.

“The population of these countries will therefore be particularly vulnerable if smartphone mining really takes off,” the report added.

Impatient Android video-gamers are downloading fake Fortnite games.

Be warned parents and Android users: If you download Fortnite on an Android device, you’re installing a fake app from a malware developer.

Fortnite is this year’s hottest video game with over 125 million playing the role-playing game on consoles, computers, iPhones and iPads. The downside is it still isn’t available to purchase from the Google Play Store, meaning millions of Android users cannot play the game on their phone.

Sensing a huge opportunity, hackers and malware developers have released dozens of fake Fortnite games that install spam or malware on any phone running it and it was easy to do.

Let’s say a video-gamer with an Android device really wants to play Fortnite like his iPhone carrying friends. They go to YouTube to search for a secret download code or information. There are dozens of YouTube videos with instructions and a link where anyone can download a fake, install it and get ready to play.

When I checked YouTube Monday morning I saw videos being uploaded nearly every hour and most had thousands of views. Some, with well over 100 thousand people watching. They all displayed a link where someone could download the game without going through the Google Play Store.

What happens when a fake app is installed is that the user gets prompted to download other games first. In one fake app, the user is prompted to download a game and play it for 30 seconds before getting the link to download Fortnite. When that game is played they’re prompted to download and play another one. Then another and another. Some YouTube creators report never being able to play Fortnite but continue down the rabbit-hole of more downloads and more games and apps.

Malware developers get paid by the number of downloads they get from the other app developers.

The takeaway for parents and other antsy-Android users is to never download a game or app to an Android phone without going through the Google Play Store. Unlike iOS apps, anyone can develop a spammy or malware-infested app in the Android operating system and release it anywhere on the internet.

Epic Games promises an Android version of Fortnite is coming this summer.

Getting hit by a ransomware attack is bad enough; it means that your files have been encrypted and you’ll be asked to pay a fee in a cryptocurrency such as Bitcoin or Ethereum to unlock them. The problem is that paying the ransom is in no way a guarantee that your files will be decrypted — the ransomware was created by criminals, after all.

If you’ve been struck by the Thanatos ransomware, however, there’s good news from Cisco Talos. The company has analyzed the malware and developed a free decryption tool that will enable you to get your files back without having to part with any money.

Cisco Talos says that this particular example of ransomware is something of a slippery beast. “Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild. Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others.”

Thanatos appears to be in active development, and this helps to explain why so many variants have been found in the wild. Going on to explain why there was such interest in creating a free decryption utility, the company says:

Additionally, due to issues present within the encryption process leveraged by this ransomware, the malware authors are unable to return the data to the victim, even if he or she pays the ransom. While previous reports seem to indicate this is accidental, specific campaigns appear to demonstrate that in some cases, this is intentional on the part of the distributor. In response to this threat, Talos is releasing ThanatosDecryptor, a free decryption tool that exploits weaknesses in the design of the file encryption methodology used by Thanatos. This utility can be used by victims to regain access to their data if infected by this ransomware.

If you have data that has been encrypted by Thanatos, you can download ThanatosDecryptorfrom GitHub.

The company has a detailed blog post about its investigation into the ransomware which you can find here.

 

Original Source: https://betanews.com/ By Mark Wycislik-Wilson. June 26, 2018

Copyright Image: CanalTech

The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.

Cybercriminals looking to maximize their investments are using evermore sophisticated software techniques and increasingly aggressive steps against their fellow malware authors. Those are among the conclusions by researchers at Deep Instinct about a new strain of malware found within the last two months.

The new malware, dubbed Mylobot, pulls together a variety of techniques to gain a foothold and remain undiscovered. Among the strategies employed are: Read more

In May, security experts discovered one of the most widespread malware infections in history. Now, they’re warning businesses and consumers that it’s even worse than their first assessment. The VPNFilter malware poses a threat to small businesses and requires immediate attention from anyone who hasn’t taken action against it.

VPNFilter recap

A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.

Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.

As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.

What’s new

Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.

How to stop VPNFilter

Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.

Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise.

Original Source: www.TechAdvisory.org

VDOO, a security company focusing on protected Internet of Things (IoT) devices, found multiple flaws in Axis surveillance companies that attackers could have used to create exploit chains against the devices. Read more