Cybersecurity links & commentary for April 20, 2019

Does this give you a sinking feeling?

Weaponized USB devices [and other devices] as an attack vector:

Human interface devices (HIDs) such as keyboards and mice, charging cables for smartphones, and even things like plasma balls and thermal mugs, can be tampered with to target industrial control systems. [and any computer]

Trojanized mice and keyboards, as well as surveilling or malicious cables, are serious threats that can be used to compromise even air-gapped systems. Nowadays, the tools for such attacks can be purchased cheaply and programmed with next to no programming skills, so such threats should be on your radar.

To protect critical infrastructure against such threats, use a multilayered approach.

This is an enlightening article for those who don’t comprehend how web traffic can fly below the radar, though the particular loophole is closing.

Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting

Script Kiddies Do What They Do Best: Infect Themselves

The security of product buyers is serious business. Product manufacturers should not be given insurance policies covering product liability is they do not security-check their products. If they don’t security-check and don’t have sufficient product-liability coverage, they should not be granted a business license or be allowed to renew that license. Their products should be mandatorily recalled by order of the government. All purchasers should be given a full refund. Wholesalers and retailers should also be required to do due diligence concerning the manufacturing and product chain.

Nearly a quarter of tech firms do not security check products:

Application security is not a priority for suppliers, with 23% of IT security professionals polled admitting their organisations do not carry out security testing on all products before launch.

Malicious AutoHotkey Scripts Used to Steal Info, Remotely Access Systems

Main moral of this story: don’t open anything with macros enabled. Make sure all your Microsoft software has macros disabled.

If you communicate overseas via the Internet, you need to know this.

Cyberspies Hijacked the Internet Domains of Entire Countries:

By corrupting the internet’s directory system, hackers were able to silently use “man in the middle” attacks to intercept all internet data from email to web traffic sent to those victim organizations.

That sort of man-in-the-middle attack should be prevented by SSL certificates, which are meant to assure that the recipient of encrypted internet traffic is who it claims to be. But the hackers simply used spoofed certificates from Let’s Encrypt or Comodo, which were able to trick users with signs of legitimacy like the lock symbol in a browser’s URL bar.

… it’s not hardened on enterprise networks, because it’s not part of the network. No one really thinks about who their [domain] registrar is.”

One solution to the DNS hijacking epidemic is for organizations to implement a “registry lock,” a security measure that requires a registrar to take extra authentication steps and communicate with a customer before the customer’s domain settings can be changed. The US Department of Homeland Security went so far as to issue an alert to American network administrators to check their domain registrar’s authentication settings in January, which was issued in response to reports of DNS hijacking from NetNod and Packet Clearing House according to latter company’s executive director Bill Woodcock.

But Cisco’s Williams says many country’s top-level domain registrars still don’t offer registry locks, leaving customers in a state of uncertainty.

There’s a patch available: Microsoft Edge File Permissions Clash with IE, Allow XXE Attacks

Here’s an easier way to block the IE XXE zero day security hole. You can also block .mhtml this way too, but be sure you know what you’re doing.

The latest Windows patch is breaking even more PCs with antivirus installed:

Affected computers either freeze outright or start acting abominably slow when you attempt to log into Windows. You can skirt the issue by booting into Safe Mode, disabling your antivirus, and rebooting your system normally.

If you need to do that, get your PC’s guard back up by activating Windows Defender in Windows 8.1, or downloading Microsoft Security Essentials for Windows 7.