Cybercriminals Use Malicious Memes that Communicate with Malware

By Muhammad Bohio

Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.

Regular Windows 10 Users Who Manually Look For Updates May End Up Downloading Beta Code, Microsoft Says

In addition to relying on Windows Insiders, employees, and willing participants for testing updates, Microsoft is pushing patches before they are known to be stable to regular users too if they opt to click the “check for updates” button on their own, the company said. From a report: In a blog post by Michael Fortin, Corporate Vice President for Windows, it is made clear that home users are intentionally being given updates that are not necessarily ready for deployment. Many power users are familiar with Patch Tuesday. On the second Tuesday of each month, Microsoft pushes out a batch of updates at 10:00 a.m. Pacific time on this day containing security fixes, bug patches, and other non-security fixes. Updates pushed out as part of Patch Tuesday are known as “B” release since it happens during the second week of the month.

During the third and fourth weeks of the month are where things begin to get murky. Microsoft’s “C” and “D” releases are considered previews for commercial customers and power users. No security fixes are a part of these updates, but for good reasoning. Microsoft has come out to directly say that some users are the guinea pigs for everyone else. In some fairness to Microsoft, C and D updates are typically only applied when a user manually checks for updates by clicking the button buried within Settings. However, if end users really wanted to be a part of testing the latest features, the Windows Insider Program is designed exactly for that purpose.

Achieving a Security-Conscious Work Culture

Security-consciousness is more natural for some organizations than others. For certain industries, like finance or data management, it is almost ‘built-in’… but, all companies are a target for data breaches and ransomware, and employees are a primary entry-point for hackers, so how mindful your people are of security risks is increasingly important. The traditional response to this has been a one-and-done end-user training. A deeper avenue is to equip your employees with an awareness of the risks, and the behaviours to mitigate them – but if they aren’t motivated to comply, this can fall flat. So, how do you create a work culture that is security conscious, when you are not in an industry where it is already ‘built-in’?

This Week in Security News: Security Predictions and Malware Attacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the span of categories for Trend Micro’s 2019 Security Predictions. Also, learn about a new exploit kit that targets home or small office routers which attacks victim’s mobile device or desktop through web applications.

‘Donald’ Is Now One of the Top 25 Most Commonly Used Passwords

For the eighth year in a row, password management security company SplashData has scraped password dumps to find the worst passwords of the year. The company evaluated more than 5 million passwords leaked on the internet, excluding hacks of adult websites. This year, ‘donald’ has moved into the list of top 25 passwords, presumably a reference to President Donald Trump.

Scott Swaaley On High Voltage

If you were to invent a time machine and transport a typical hardware hacker of the 1970s into 2018 and sit them at a bench alongside their modern counterpart, you’d expect them to be faced with a pile of new things, novel experiences, and exciting possibilities. The Internet for all, desktop computing fulfilling its potential, cheap single-board computers, even ubiquitous surface-mount components.

Facebook Says A Bug May Have Exposed The Unposted Photos Of Millions Of Users

A day after hosting a pop-up store in New York City’s Bryant Park to explain how privacy is the “foundation of the company,” Facebook disclosed that a security flaw potentially exposed the public and private photos of as many as 6.8 million users to developers. From a report: On Friday, the Menlo Park, California-based company said in a blog post that it discovered a bug in late September that gave third-party developers the ability to access users’ photos, including those that had been uploaded to Facebook’s servers but not publicly shared on any of its services. The security flaw, which exposed photos for 12 days between Sept. 13 and Sept. 25, affected up to 1,500 apps from 876 developers, according to Facebook.

“We’re sorry this happened,” Facebook said in the post. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.” Facebook has not yet responded to questions about whether company representatives staffing its privacy pop-ups yesterday were aware of this security flaw as they were meeting with reporters and customers to discuss privacy.

2019 Could Be the Worst Year Yet for Cyber Breaches

Three months ago, it happened again – a high profile company with sophisticated cybersecurity was breached, compromising the credit card details of 565,000 customers. The victim was British Airways. Hackers managed to work around the airline’s encryption, among other protective measures, and siphoned the data over a two-week period ending in early September. 

Chinese Hackers Breach US Navy Contractors

Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, triggering a top-to-bottom review of cyber vulnerabilities, WSJ reported Friday, citing officials and experts. From the report: A series of incidents in the past 18 months has pointed out the service’s weaknesses,

highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing

How threat actors are using SMB vulnerabilities

Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services.