Internet Security Articles Wrap-up; w\c - 14-08-17

Good Morning,

Below is a digest of some important security news articles seen across the web between this week. Enjoy.

1. - Ransomware targeting WordPress sites - 'EV' Ransomware

Wordfence have identified attempts to upload ransomware to compromised Wordpress sites. With the ability to then encrypt the WordPress site the attacker can then get the site owner to pay a fee to retrieve their files. However on analysis of this particular attack, the decryption mechanism does not actually work, so paying the ransom will not retrieve your files. If you are affected by this the advise is to not pay as the encryption cannot be reversed even by the attacker.

To mitigate Wordpress attacks and to defend against 'EV' Wordfence offer a free threat prevention 'Wordfence Free' that runs on your WordPress site. They also offer a Premium service. Source at the bottom should you require further reading.

2. Firefox 57 to stop supporting legacy add-ons will be released November 14th 2017

The issue here is it is estimated that only about 20% of Firefox's 18,800 odd add-ons are compatible with the newer 'Web Extensions' format. This is obviously an issue, as one of the big draws to Firefox is, well, it's add-ons. If you are running Firefox add-ons and are wondering if your installed add-ons are one of those deemed legacy, I'll leave a link at the bottom which shows you how to find out if a particular add-on is affected. Just a note, if you continue to run an older version of the browser you'll be able to continue to use a legacy add-on. However going forward this obviously has security implications.

3. Gmail App on IOS to warn user about malicious links with 'Anti-Phishing'  checks on clicked links

Following in the footsteps of Gmail Android App, Google have announced the roll out of the 'Anti-Phishing' security feature to all users of the Gmail app on IOS. A warning will be displayed if a link is clicked that Google considers potentially malicious. The updated app will advise you to proceed with caution before continuing to website of the clicked link. The security feature will be rolled out to users over the next 2 weeks.

4. USB Desk Lamp modded to collect keystrokes from adjacent USB keyboard plugged into same USB hub

Channel-to-channel cross talk leakage is a way of exploiting the fact that USB data is transferred un-encrypted. Researchers have been able to  mod a USB lamp to collect key strokes from a USB keyboard that was plugged into the same USB hub and then send that data via Bluetooth to another computer. Obviously this is worrying as it's yet another means of sniffing data that we should be aware of. In essence if you do not trust a USB device, do not connect it.

5. Pulsewave, a new DDoS attack vector

DDoS attacks that last for days that reach peaks of 350 Gbps have been seen by Incapsula in recent months. The attackers also appear to be able to switch targets within seconds that shows when monitoring the attack an output of a 'pulse' like graph hence the name Pulsewave. More commonly a DDOS attack would take time before it reaches it's peak, this would be shown in graphical form when monitoring an attack by a gradual incline in traffic (followed by a gradual decreases as the attack curtailed).  Being able to hit peaks of over 300 Gbps in a matter of seconds and then seemingly switch between targets shows a new very advanced form of DDoS attack.

Thanks for reading, sources below in case you want in depth reviews.

https://www.wordfence.com/blog/2017/08/ransomware-wordpress/

https://www.ghacks.net/2017/03/09/firefox-legacy-add-on-or-webextension-how-to-find-out/

https://gsuiteupdates.googleblog.com/2017/08/anti-phishing-security-checks-in-gmail.html

https://www.theregister.co.uk/2017/08/11/leaky_usb_research/

https://www.incapsula.com/blog/pulse-wave-ddos-pins-down-multiple-targets.html