Posted on

FBI, DHS Issue Warning On North Korea-Linked Malware

The FBI and the DHS issued a joint warning on the “Volgmer” Trojan malware, which has been infecting multiple organizations across industries over the past few years. The FBI has “high confidence” that the IPs linked to Volgmer belong to North Korea.

Volgmer Trojan

The FBI said that the Volgmer malware has been noticed in the wild since 2013 and has targeted government, financial, automotive, and media industries. The primary delivery mechanism for the malware seems to be spear phishing, a type of phishing attack in which a specific individual or organization is targeted. Through it, the attackers can gain higher privileges inside the network and then further infect the network with their malware.

The Volgmer backdoor is capable of gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. The US-CERT Code Analysis Team also observed in one of the malware samples that Volgmer has botnet controller functionality, too.

According to the government agencies inspecting this malware, Volgmer has been seen in 32-bit executable form, as well as a dynamic-link library (.dll). The malware uses a custom protocol, often with RC4 encryption, to send back data to the command and control (C2) servers. Volgmer maintains persistence by randomly selecting a Windows service in which it can copy itself.

Mitigations

The FBI and the DHS recommend that organizations take a look at the Volgmer-linked IPs and analysis. If they find those IPs connecting to their networks, the companies should take measures to block them and then look for the malware and remove it.

The government agencies have also prepared a list of host-based rules and network signatures that companies can use to detect malware activity related to North Korea. They warned that despite the careful selection of those rules and signatures, some false positives may exist.

The DHS also recommended that organizations implement security best practices, such as:

The agencies would also like to remind companies that a successful network intrusion can lead to loss of sensitive and proprietary information, disruption to regular operations, and financial and reputation losses.

Posted on

US Government Details Procedure In Revealing Security Vulnerabilities

The U.S. government has detailed the guidelines it follows on revealing security flaws to companies.

Unveiled in its Vulnerabilities Equities Policy, the White House delved into the specific set of rules it follows while working alongside various government agencies, such as the National Security Agency (NSA) and the Department of Homeland Security.

The VEP Charter touches on how the federal government handles the process that determines whether they should inform a company about a cyber security flaw found in its service or product. But the document also mentions how they may also withhold showing the vulnerability so it can be used for “operational or intelligence-gathering purposes”.

In a blog post, White House cybersecurity coordinator Rob Joyce stressed the importance of transparency, with the release of the once-private rules being “important to establish confidence” in the government’s decision-making process.

A flow chart in the charter details how the board starts the process with analyzing how dangerous the security flaw is, as well looking at the amount of potential damage that could be caused and how easy it is for the vulnerability to be exploited by hackers.

The agencies will also consider using the vulnerability for their own benefit, as well as assessing the risks involved with how the U.S.’s relationship with other countries and companies will be affected should it be revealed that the government had knowledge of the security defect.

The review occurs in the space of five days but is expedited if attacks because of vulnerability are already being used. The board then must come to a consensus on whether to reveal the security flaw to the company or not. Should the board decide to disclose the vulnerability, it must alert the company in seven business days. However, if the powers that be determine that the discovered flaw should be kept a secret, the board will annually review it until they have a change of heart or it becomes known to the public.

The government has been criticized for keeping security exploits it’s discovered a secret from an affected company. For example, a vulnerability that was being exploited by the NSA led to the WannaCry/WannaCrypt ransomware global outbreak, prompting Microsoft to condemn the government’s insistence in keeping certain security flaws to itself.

Posted on

How To Fix Windows 10 Unsupported Disk Layout UEFI Error

A common problem that Windows users have encountered when trying to update Windows 10 is the “Unsupported Disk Layout for UEFI Firmware” error. This error basically means that the partition structure of your hard drive is not supported by the version of Windows 10 that you want to upgrade to.

This error can be resolved by creating a Microsoft Reserved Partition (MSR), which is used on Unified Extensible Firmware Interface (UEFI)/GUID Partition Table (GPT) disks. Without getting too technical, we will outline the steps to fix this error when attempting to update.

1. Run Command Prompt as Administrator

Go to Start -> Windows System. Expand Windows System and right click on Command Prompt ->More -> Run as administrator. This will open the Command Prompt in administrator mode. You can now begin to type in the commands that follow.

2. Run Diskpart.exe and Create the MSR Partition

a. Open Diskpart.exe by simply typing diskpart and Enter.

b. Type list disk. After doing this you will see all of your disks listed. If there is a * marked under GPT then your system is using the GPT partition structure, and you can proceed to the following steps. If not, then your hard drive will need to be converted to the GPT format, and you’ll need to perform a clean install of Windows 10.

c. Now execute the following commands in sequence:
• select disk # (where # is the actual disk number as displayed in list disk in step b)
• List partition – This will display all partitions on the selected disk
• create partition msr size=128 – This command will create a 128MB partition (a size recommended by Microsoft)
• list partition – Verify that that the partition was created
• exit – Leave diskpart.exe and close command prompt.

3. Try the Windows 10 Upgrade Again

You can now try to upgrade your system again. If for some reason you were not able to successfully complete the steps above, or you are still receiving the same error, then it’s better to back up all your data and do a fresh install and let the Windows installation format your disk to the recommended GPT format.

Posted on

Apple Releases iOS 11.1.2 Update: What Features Are Included?

Today Apple released iOS 11.1.2 for the iPhone, iPad and iPod touch. Apple did not release any iOS 11.1.2 betas to developers or the public before it was rolled out today. As iOS 11.1.2 is a minor point release, Apple did not add any major features in this update.

Apple is currently in the process of testing iOS 11.2 in beta, which is expected to support Apple Pay Cash and SiriKit for the HomePod with limited third-party developer support. iOS 11.1.2 is the sixth update to iOS 11 following iOS 11.0.1, iOS 11.0.2, iOS 11.0.3, iOS 11.1 and iOS 11.1.1. And this version of iOS is specifically a minor point update for the iOS 11.1 iteration with a couple of bug fixes.

iOS 11.1.1 contained a fix for the keyboard auto-correct problem that caused the letter “i” to be converted to an “a” with a question mark symbol next to it and a fix for a problem that caused “Hey Siri” to stop working.

iOS 11.1 included over 70 new emoji and it brought back the 3D multitasking gesture. iOS 11.1 also included bug fixes where Live Photo effects played back slowly and a problem that caused Mail notifications to reappear on the Lock screen.

iOS 11.0.3 fixed a bug that caused the audio and haptic feedback to become dysfunctional on a number of iPhone 7 and iPhone 7 Plus devices. And iOS 11.0.3 also fixed an issue that caused the touch input to become unresponsive on some iPhone 6s displays that were not serviced with genuine Apple parts.

iOS 11.0.2 contained fixes for bugs that caused crackling noises in the iPhone 8 earpiece, a bug that caused attachments in S/MIME encrypted emails to not be able to open and a bug that prevented photos from appearing on certain devices.

iOS 11.0.1 fixed a bug that caused synchronization issues in Outlook.com, Office 365 and Exchange Server 2016 running on Windows Server 2016 in Apple Mail. And it also had performance improvements for iMessage app Drawer, Springboard, and App Explorer.

The big iOS 11 release was on September 19th and it brought many new features. The new features in iOS 11 included Do Not Disturb While Driving, the new Files app, document scanning in the Notes app, the app drawer in the Messages app, a customizable Control Center, indoor airport and mall maps, lane guidance in the Maps app, Live Photos editing and new iPad multitasking tools.

In the release notes, Apple said that iOS 11.1.2 fixes two issues. The first issue that iOS 11.1.2 fixes is a bug that causes the iPhone X screen to become temporarily unresponsive to touch after a rapid decrease in temperature. And the second issue that iOS 11.1.2 fixes is a bug that causes distortion in Live Photos and videos captured with the iPhone X.

Apple confirmed the iPhone X temperature problem about a week ago and said that the issue would be “addressed in an upcoming software update.” I am impressed with that kind of turnaround time.

Posted on

FCC vote could force low-income households offline

Bootstrapping yourself out of poverty via the internet is about to get a lot harder in the US. The FCC, led by industry-friendly chairman Ajit Pai, has voted along party lines to reform the low-income Lifeline broadband subsidy program. Among the most contentious items are a proposal to tighten eligibility requirements and cap spending, and another to halt subsidies through internet resellers like Windstream. If voted through, the latter proposal could force over 70 percent of Lifeline enrollees to seek a new provider, and many would have no option at all.

Lifeline gives low-income households a $9.25 monthly credit towards discounted home internet service from 900 participating companies. Until last year, that could only be applied to landline and mobile voice service, but former FCC Chairman Tom Wheeler expanded the program to broadband early last year. However, Pai scrapped an FCC directive that came at the end of Wheeler’s tenure that allowed nine new companies to participate, and promised more cost-cutting reforms, supposedly to close the digital divide.

Some of the reforms are still in the proposal stages, but the FCC issued an order yesterday that directly affects Tribal land residents. Those folks used to receive a $25 monthly subsidy on top of the $9.25 discount, but in 90 days, they’ll no longer be able to obtain the $25 subsidy through resellers. That will give many Native Americans far fewer options for mobile internet. “This will be a travesty to Indian Country because it will turn back the clock to times when consumers had but one choice,” Joe Redcloud from the South Dakota Sioux Tribe told the Washington Post.

Another proposal suggests that the FCC eliminate Lifeline subsidies across the US through carriers that don’t operate their own networks, but resell services from AT&T, Verizon and other companies. Advocacy group Public Knowledge says that 70 percent of Lifeline subscribers use such resellers, so they would be forced to use AT&T, T-Mobile and other direct providers.

This is not real reform. This is cruelty. It is at odds with our
statutory duty. It will do little more than consign too many
communities to the wrong side of the digital divide.

However, those carriers are often more expensive than resellers, so switching could eliminate much of the $9.25 Lifeline benefit. In some instances, low-income users wouldn’t have any option at all. “In many states, facilities-based providers have opted out of offering Lifeline-supported service altogether and prefer to allow non-facilities-based wireless providers to serve Lifeline subscribers and the low-income segments of the wireless market,” Public Knowledge wrote.

Finally, the FCC is looking at a cap that could drastically reduce the Lifeline budget and institute more rigorous checks. “The reforms that we implement and propose today seek to … curtail the waste, fraud and abuse that continue to plague the Lifeline program,” Pai said ahead of the vote. That includes forcing subscribers — many of whom have their broadband bill entirely paid by Lifeline — into co-paying part of their bill.

That could effectively cut off a lot of the most needy Lifeline recipients from the internet altogether. “The co-pay requirement would create significant attrition in the program since most subscribers are on plans that provide no-cost service, and many Lifeline subscribers lack bank accounts and access to basic financial services,” Public Knowledge said.

The advocacy group notes that there is no support for the FCC’s plan in the 50-plus dockets filed since the proposal was issued. Meanwhile, dozens of others from veterans, seniors, Tribes, and even the wireless industry have urged it not to implement the proposed items. Commissioner Jessica Rosenworcel, who voted against the bill, put it succinctly. “This is not real reform. This is cruelty,” she said. “It is at odds with our statutory duty. It will do little more than consign too many communities to the wrong side of the digital divide.”

Posted on

Twitter’s 280 character tweets are rolling out for (almost) everyone today

After testing a new 280-character limit a couple of months ago, Twitter is rolling out the new limit to everyone, starting today.

Twitter says you shouldn’t expect to see an apocalyptic flood of massive tweets now, though. According to its data, the number of tweets with a higher-than-average character count was small after the initial novelty wore off. In fact, only 5 percent of tweets sent by testers were longer than 140 characters.
According to Twitter’s Product Manager Aliza Rosen:

We saw when people needed to use more than 140 characters, they Tweeted more easily and more often. But importantly, people Tweeted below 140 most of the time and the brevity of Twitter remained.

I’m not sure whether that means Twitter is actually committed to the 140 character limit long term, or whether we’re just conditioned to self-edit and will grow out of that when all of us have the option.

The new character limit will be available to all languages that have problems with cramming. According to a spokesperson, Japanese, Korean, and Chinese languages don’t require a higher limit due to the languages inherently having more meaning packed into every character than in, say, English. As such, those who tweet primarily in those languages don’t have as much of a problem with cramming.