A number of varied security issues have come to my attention this week which I wanted to keep you informed of. I will provide a respectable shout out to the following sources:
Apple Encrypted Drive Information Disclosure:
At this time Apple macOS has an information disclosure vulnerability that affects encrypted drives in general (encrypted Apple HFS+ / APFS+ and VeraCrypt) that provide the potential for an attacker to obtain details of the files an encrypted hard drive is storing.
This vulnerability originates from the quick look feature of macOS; which allows a user to preview photos, files and folders quickly without having to open them. This feature stores the thumbnails (defined) of the files centrally in a non-encrypted area of the hard disk. This issue can also occur when a USB memory drive is inserted; the same feature stores thumbnails on the external drive and on the boot drive of the macOS system.
If you use an encrypted hard disk or value your privacy when using external drives, please run the following command documented at the end of the following news article after you have viewed sensitive info and want to clear that history/activity:
macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives: BleepingComputer by Catalin Cimpanu
This suggestion is a workaround until (and if) Apple patches this.
Yubico WebUSB Bypass:
The two-factor authentication/secure login vendor, Yubico has published a security advisory for the use of their YubiKeys. The vulnerability does not reside within the hardware keys themselves but in the authentication steps a web browser (e.g. Google Chrome) uses to authenticate an individual.
In summary, if you are using Google Chrome, please ensure it is updated to version 67 or later and follow the additional suggestion from Yubico in their security advisory:
Security Advisory 2018-03-02 – WebUSB Bypass of U2F Phishing Protection: Yubico
Windows 10 Persistent Malware:
The security vendor BitDefender have published a 104 page report detailing a spyware (defined) which uses rootkit functionality (defined). This malware is noteworthy due to its longevity (dating back to 2012) and it’s ability to install even on modern versions of Windows e.g. Windows 10:
Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation: BitDefenders Labs
On a side note I am not too surprised this infection can persist on Windows 10. If a user is tricked into running malware e.g. by clicking a link or opening an attachment either of which can be contained in a phishing (defined) email or an even more convincing spear phishing (defined) email from an organization or colleague you trust; strong defences won’t always keep you from becoming infected.
The BitDefender report can be downloaded from the above link (it does not request any personal information).
The following news article links to 2 detailed but still easy to follow removal guides. If you are experiencing un-wanted adverts showing within websites that don’t usually show them (even though you are using an ad blocker) or are experiencing re-directs namely you wish to visit website A but are actually sent to website B, please follow these guides to remove this malware:
Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US: BleepingComputer: by Catalin Cimpanu