ISIS-controlled territory shrinks. Its messaging continues, but (suggests VICE) the messaging increasingly looks like what a sinking business would use to reassure investors.
Orange Labs claims that Android’s KeyStore default implementation could be susceptible to forgery attacks. This report joins concerns expressed earlier this week about Android’s KeyMaster module, whose Qualcomm environment was found vulnerable to reverse engineering. (Qualcomm says that it fixed the vulnerabilities in 2014, and so informed Google.)
Cryptobit, a new strain of ransomware, has been found joining distribution channels used by a revised CryptXXX. “Realstatistics,” as the criminal campaign is known, pushes ransomware through the Neutrino exploit kit. Sucuri says the vectors are usually infected sites based on Joomla or WordPress content management systems.
CryptXXX itself has grown harder to track. It’s being distributed in more effectively obfuscated forms (as, for example, in pseudo-DarkLeech). It now directs victims to a new [.]onion site for payment and removes the opportunity to contact customer (that is, victim) service.
DedCryptor ransomware is still around, with more infections of Anglophone users reported as it spreads outward from Russia.
In other campaigns, Kovter click-fraud malware poses as a Firefox update, Japanese banks are hit by the BEBLOH Trojan, and NetTraveler returns to Eastern Europe. Mac backdoors make a comeback—ESET has found another, “Keydnap,” which goes after passwords in the keychain.
FBI Director Comey’s testimony yesterday mollified few critics of former Secretary of State Clinton’s email practices—not-enough-to-indict seemed tepid vindication. Defendants in similar cases are already invoking a sauce-for-the-goose defense.