Νέα Ασφάλειας

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them.

Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web.

Previously known as Outlook Web Application or OWA, “Outlook on the Web” is Microsoft’s web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft’s on-premises Exchange Server and cloud-based Exchange Online.

The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more.

Read more »

It’s been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here’s a recap of the most burning strains and trends seen in the wild during the months of July and August 2019.

Malware Evolution Trends

The heat must have had an effect as this summer saw malware continuing to evolve, particularly around three core trends:

Evasion-by-design

Malware has been increasingly designed to bypass security controls leveraging a host of tactics, most notably by:

  • Changing hashes via file obfuscation to evade AVs.
  • Using encrypted communication with C2 servers to foil EDRs.
  • Using feature manipulation and tampering to trick AI, machine-learning engines, and sandboxes through the detection of such environments and the deliberate delay in execution.

Read more »

Operation reWired – a globe-spanning, four-month-long crackdown on email fraud involving law enforcement agencies in 10 countries – has resulted in the arrest of 281 people suspected of running BEC (business email compromise) scams.

The US Department of Justice (DOJ) on Tuesday announced that the operation, which kicked off in May 2019, led to the seizure of nearly $3.7 million in assets and repatriations.

Out of the 281 arrests, 167 were in Nigeria, 74 in the US, 18 in Turkey, and 15 in Ghana. Arrests were also made in France, Italy, Japan, Kenya, Malaysia, and the UK.

Chief Don Fort, with the US Internal Revenue Service’s (IRS’s) Criminal Investigation unit, said in the DOJ’s release that the criminal network was complex, and it had a lot more going on besides talking businesses into making bogus wire transfers. Investigators discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in tax refunds, he said.

The collection of law enforcement agencies who coordinated their efforts in Operation reWired is a who’s who list: besides the DOJ, it included the US Department of Homeland Security (DHS), the US Department of the Treasury, the US Postal Inspection Service, the US Secret Service, and the US Department of State. Deputy Attorney General Jeffrey Rosen also gave a shout-out to the FBI, as well as to more than two dozen US Attorneys’ Offices, the Internal Revenue Service’s (IRS’s) Criminal Investigation unit, state and local law enforcement partners in the US, and law enforcement partners in Nigeria, Ghana, Turkey, France, Italy, Japan, Kenya, Malaysia, and the UK.

Read more »

Upcoming changes in Google Chrome and Mozilla Firefox may finally spark the end for Extended Validation certificates as the browsers plan to do away with showing a company’s name in the address bar.

When connecting to a secure web site, an installed SSL/TLS certificate will encrypt the communication between the browser and web server. These certificates come in a few different flavors, with some claiming to offer a more thorough verification process or extra perks.

One certificate, called EV Certificates, are known for having a browser display the owner of the certificate directly in the browser’s address bar. This allegedly makes the site feel more trustworthy to a visitor.

In reality, the different types of SSL/TLS certificates all serve a single purpose and that is to encrypt the communication between a browser and web site. Anything extra is seen by many as just a marketing gimmick to charge customers for a more expensive “trustworthy” certificate.

In numerous blog posts, security researcher Troy Hunt has stated that EV Certificates will soon be dead as more and more sites switch away from them, because they are much harder to manage due to extra verification times, and because people have become to associate a padlock with a secure site rather than a company name.

With Safari already removing EV Certificate company info from the address bar, most mobile browsers not showing it, and Chrome and Mozilla desktop browsers soon to remove it, Hunt’s predictions are coming true. EV Certificates will soon be dead.

Read more »

Mozilla has finally introduced a mechanism to let Firefox browser automatically fix certain TLS errors, often triggered when antivirus software installed on a system tries to intercept secure HTTPS connections.

Most Antivirus software offers web security feature that intercepts encrypted HTTPS connections to monitor the content for malicious web pages before it reaches the web browser.

To achieve this, security software replaces websites’ TLS certificates with their own digital certificates issued by any trusted Certificate Authorities (CAs).

Since Mozilla only trusts those CAs that are listed in its own root store, the antivirus products relying on other trusted CAs provided by the operating system (OS) are not allowed to intercept HTTPS connections on Firefox.
Read more »