BlueBorne Vulnerability

This week, it was discovered that there was a nasty collection of vulnerabilities that impact devices with Bluetooth connectivity. Armis Labs had discovered this attack vector was present on all major consumer operating systems (Windows, Linux, iOS, Android) no matter what type of device it is (desktop, laptop, smartphone, tablet, wearable, IoT). If you have a device with Bluetooth (except those using only Bluetooth Low Energy) that’s running an unpatched version of the software then it is vulnerable to BlueBorne. BlueBorne is a new malware that targets devices via Bluetooth and over five billion such devices globally are at risk.

Regardless of the security features on your device, the only way to completely prevent attackers from exploiting your device is to power off your device’s Bluetooth function when you’re not using it. Not putting it into an invisible or undetectable mode.

BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; CVE-2017-14315 for iOS, and CVE-2017-8628 on Windows. Three of these eight security flaws are rated critical and according to researchers at Armis — the IoT security company that discovered BlueBorne — they allow attackers to take over devices and execute malicious code, or to run Man-in-the-Middle attacks and intercept Bluetooth communications.

Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company’s network or even across the world.

Google patched the flaws in its September Android Security Bulletin.

Windows versions since Windows Vista are all affected. Microsoft said Windows phones are not impacted by BlueBorne. Microsoft secretly released patches in July for CVE-2017-8628, but only today included details about the fixed vulnerability in September’s Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung’s Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

New Arena CryptoMix Ransomware

A new variant of the CryptoMix ransomware that is appending the .arena extension to encrypted file names. When a file is encrypted by the ransomware, it will modify the filename and then append the .arena extension to encrypted file’s name. For example, a test file encrypted by this variant has an encrypted file name of EA1221EC8B516824060636CC280F0D0A.arena. This variant also contains 11 public RSA-1024 encryption keys that will be used to to encrypt the AES key used to encrypt a victim’s files.

Filenames associated with the ARENA Cryptomix Variant:
_HELP_INSTRUCTION.TXT
C:\ProgramData\[random].exe

Registry entries associated with the ARENA CryptoMix Variant:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”=”C:\ProgramData\[Random].exe””

Emails Associated with the ARENA Ransomware:
ms.heisenberg@aol.com

ARENA Ransom Note Text:
“All your files have been encrypted!
——————-
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
——————-

We recommend these safe security habits to follow:

  • Backup, Backup, Backup, yourself or use a good Anti virus product which will do this for you , such as Max Total Security
  • Do not open attachments if you do not know who sent them.
  • Turn on Email protection on provided by Anti-Virus such as Max Total Security.
  • Make sure all Windows updates are installed as soon as they come out, follow Max Total Security vulnerability scanner.
  • Also make sure you update all programs, especially Java, Flash, and Adobe Reader.
  • Use hard passwords and never reuse the same password at multiple sites.
  • Use a good Anti-Virus which protects your files from being encrypted in the first place, Max Total Security Max Crypto Monitor Tool does this for you

Connected and Autonomous Cars security concerns

By 2020, an estimated 188 million connected vehicles will be on the road according to Navigant Research. In 2025 partially autonomous cars and completely autonomous cars are expected to account for more than 15% of all cars shipped that year. This number will jump to 70% of all cars shipped in 2025, nearly 72 million cars annually.

For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. Connected cars pose serious privacy concerns: When you get down to it, your car knows a lot about you: where you go, when you go, how long you are there, the route you took to get there, the way you drove to get there, the temperature of the cabin, what entertainment you engaged in, and how long you were chatting on the phone (if you use Bluetooth). If you’re using it, quite a detailed record of your life is being collected and potentially transmitted somewhere. The biggest risk of car cyber attacks is loss of lives.

The vehicle mobile phone hardware providing a connection to the on-board computer system is also vulnerable to malware being installed that could allow a thief to unlock the car remotely and steal it. This is serious as there is already talks of an app store for vehicle apps.

Harvey hurricane phishing scams

US-CERT (United states computer emergency readiness team) warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

1. Do not follow unsolicited web links in email messages
2. Use caution when opening email attachments.
3. Keep antivirus and other computer software up-to-date.
4. Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.
5. You can find trusted contact information for many charities on the BBB National Charity Report Index

It is recommended to use a trusted Anti virus such as Max Total Security with 24×7 technical support.