Archive for March 12, 2018

UAG Teams Up With @Kookslams For Cool Cases

Posted in Commentary with tags on March 12, 2018 by itnerd

UAG is thrilled to announce that they’ve teamed up with the legendary Instagram Account @Kookslams to bring kooks around the world a Limited Edition UAG X Kookslams iPhone Case!


As frequently seen on Kookslams, accidents happen. And because of that, UAG is proud to offer their renowned smartphone protection to the average Kook. The Limited Edition case will feature an exclusive Kookslams design on UAG’s sleek and MIL-SPEC drop tested Plyo Series Case.

From minor slips to major falls, UAG’s superb armor shell and soft impact-resistant core provide kooky iPhone users with 360-degree protection. The Limited Edition case is also compatible with wireless charging and Apple Pay, for the tech savvy Kook.

Be sure to send it over to Instagram and follow @urbanarmorgear and @kookslams to see how you can win a UAG X Kookslams Limited Edition Case.

The case will be sold in limited quantities for iPhone X,  8/8+, 7/7+, and 6/6+. Pick one up before it’s too late!

Limited Edition UAG X @Kookslams iPhone Case

MSRP: $49.95

  • Armor shell & impact resistant soft core
  • Air-soft corners for cushioning impact
  • Feather-light composite construction
  • Oversized tactile buttons & easy access to touchscreen and ports
  • Protective screen surround
  • Compatible with Apple Pay and Wireless Charging
  • Meets military drop-test standards (MIL STD 810G-516.6)

Those Who Got Pwned In Yahoo Data Breaches Can Sue Says US Judge

Posted in Commentary with tags on March 12, 2018 by itnerd

This isn’t good news if you’re Verizon who now owns Yahoo. I say that because the company has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches:

In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo’s Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo’s bid to dismiss some unfair competition claims.

[…] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs’ decision to use Yahoo. ‘Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.

I’m pretty sure that if you factor in the number of people who were affected by this pwnage and the potential cash that could be extracted from Verizon, this is going to get settled out of court pretty quickly. Because fighting and losing is going to get expensive in a hurry and even Verizon doesn’t have that kind of cash. The question is, how long will that take to happen.


Slingshot Router Malware Has Been Lurking For Years And Is Likely State Sponsored

Posted in Commentary with tags on March 12, 2018 by itnerd

Researchers from Kaspersky Lab have discovered a new type of malware that they have dubbed “Slingshot”. Here’s what you need to know about it:

While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usually the sign of an advanced APT actor. This turned out to be a malicious loader internally named ‘Slingshot’, part of a new, and highly sophisticated attack platform that rivals Project Sauron and Regin in complexity.

The initial loader replaces the victim´s legitimate Windows library ‘scesrv.dll’ with a malicious one of exactly the same size. Not only that, it interacts with several other modules including a ring-0 loader, kernel-mode network sniffer, own base-independent packer, and virtual filesystem, among others.

While for most victims the infection vector for Slingshot remains unknown, we were able to find several cases where the attackers got access to Mikrotik routers and placed a component downloaded by Winbox Loader, a management suite for Mikrotik routers. In turn, this infected the administrator of the router.

We believe this cluster of activity started in at least 2012 and was still active at the time of this analysis (February 2018).

They key thing to note about “Slingshot” is that Kaspersky believes that a nation state was behind it and was likely used for espionage purposes. It can capture functions like logging to network, accessing the data on an infected machine’s hard drive or internal memory due to the ability to access an operating system’s kernel level. And it can avoid detection in some very clever ways. Finally, it might have been out there since 2012. That’s kind of scary. If you use the Mikrotik router (for the record, they’re a Latvian based company), updating your firmware is the best defense. Though 100 victims of “Slingshot” located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania have been identified and it appears that they were targeted by this unknown nation state.

You can fully expect to see more attacks like these pop up into the wild.