Microsoft e NSA confirmam falha grave no Windows 10. O que você deve fazer?

PC World (EUA) 16/01/2020 às 15h00

Foto: Shutterstock

Como esperado, a Microsoft revelou uma falha no Windows que afetou a biblioteca criptográfica do Windows 10. Apesar disso, as atualizações publicadas na última terça-feira (14) corrigem o problema, específico do Windows 10 e Windows Server.A falha, CVE-2020-0601, foi encontrada na biblioteca criptográfica do modo de usuário, CRYPT32.DLL, que afeta os sistemas do Windows 10. (Ao contrário dos rumores anteriores, não afeta o Windows 7, que coincidentemente foi encerrado na terça-feira.) 

Felizmente, a Microsoft relatou que a biblioteca não estava em uso ativo, embora isso não impeça um invasor de explorar a falha. Especificamente, o ataque pode permitir que o malware seja ocultado por trás de uma assinatura criptográfica falsificada. Portanto, o antivírus pode identificar o malware como aplicativo legítimo, induzindo o usuário a se tornar uma vítima.

A Microsoft não citou a fonte que revelou a vulnerabilidade. O Washington Post havia relatado que a Agência de Segurança Nacional (NSA) desenvolveu a pesquisa e a entregou à gigante da tecnologia. A própria NSA recebeu o crédito pela descoberta em um comunicado de segurança. "A exploração da vulnerabilidade permite que os invasores derrotem as conexões de rede confiáveis ​​e forneçam código executável enquanto aparecem como entidades legitimamente confiáveis", afirmou a NSA.

“Exemplos onde a validação de confiança pode ser afetada incluem: conexões HTTPS, arquivos e e-mails assinados, [e] código executável assinado iniciado como processos no modo de usuário.”

A NSA aconselhou que os usuários apliquem os patches do Patch Tuesday o mais rápido possível para evitar riscos. 

"A NSA avalia que a vulnerabilidade é grave e que atores cibernéticos sofisticados entenderão a falha subjacente muito rapidamente e, se explorados, tornarão as plataformas mencionadas anteriormente como fundamentalmente vulneráveis", escreveu a NSA. 

“As consequências de não corrigir a vulnerabilidade são graves e generalizadas. As ferramentas de exploração remota provavelmente serão disponibilizadas de forma rápida e ampla.” Os usuários devem garantir que os seus PCs com Windows 10 estejam atualizados.

New Android malware on Play Store disables Play Protect to evade detection

Por  Sudais em 13/01/2020 no site HackHead

This malware disables Google’s only security mechanism against malware-infected apps on the Play Store.

While the Android and iOS fanbase can be found constantly at war over the advantages one offers as compared to the other, there is one place where iOS wins by miles. We are talking about security with the latest malware discovered by Kaspersky Lab among an app on the Play Store. 

Dubbed “Trojan-Dropper.AndroidOS.Shopper.a,” the trojan tricks users into being downloaded by posing with a system icon and a similar name to a legitimate Android application. Once the fish (YOU) takes the bait, it starts with its magic by collecting your device’s sensitive and not-so-sensitive information including the IMEI Number, IMSI number, the network type and the country it is in. 

Once done, it sends the data to its command & control server (C&C) from which attackers behind the campaign can coordinate their future moves. These include tasks such as “Opening links received from the remote server in an invisible window (whereby the malware verifies that the user is connected to a mobile network)” as detailed by researchers.

See: Popular Android Emoji keyboard app makes millions with unauthorized purchases

But this isn’t where it ends. Additionally, the trojan helps boost the popularity of other “sister-malicious-apps” on the Play Store by posting overly optimistic reviews. Leaving the user little to do, it also happens to install certain apps from a third party store named Apkpure[.]com with the victim’s permission. 

How it does this is by abusing an accessibility service present to facilitate the disabled. To prevent any detection, it also disables the “Google Play Protect” which is normally used to protect Android users from such malware.Currently, (as shown above) with the statistics released by researchers, it was revealed that it is the most widespread in Russia with 28.46% of infected users. Brazil and India conveniently follow at 18.70% and 14.23% respectively.

Texas School District Lost $2.3M to Phishing Email Scam

Por David Bisson em 13/01/2020 no site The State of Security

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam.
On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed that it was investigating a phishing email scam that cost it $2.3 million.

In the statement, MISD Director of Communications Angel Vidal Jr said that the Federal Bureau of Investigations and the Manor Police Department were pursuing “strong leads” as part of their investigation but that their efforts were ongoing.
Vidal also took the opportunity to thank the Manor Police Department for working with MISD to notify the community about the security incident.
MISD’s statement didn’t disclose any information about the phishing email scam including how it occurred or how the school district, which serves 9,600 students, detected it.
Anne Lopez, a detective with the Manor Police Department, provided some details about the attack to television station KVUE:

It was three separate transactions. Unfortunately they didn’t recognize the fact that the bank account information had been changed and they sent three separate transactions over the course of a month before it was recognized that it was a fraudulent bank account.

Lopez’s insights suggest that the attack consisted of a business email compromise (BEC) scam in which digital fraudsters tricked an employee at MISD into changing the payment instructions for a vendor or supplier. Those attacks have individually cost companies like Nikkei and Toyota millions of dollars. Between June 2016 and July 2019, BEC scams were responsible for $26 billion in damages globally.
The attack described above highlights the importance of organizations taking steps to protect themselves against malicious emails. They can do so by educating their employees about some of the most common types of phishing attacks circulating in the wild today. This resource is a good place to start.