Computer News & Safety – Harry Waldron Rotating Header Image

March 22nd, 2017:

Android – New O version released as Developer Preview

The new Android “O” version has been released as released as Developer Preview, as documented in the announcement below:

https://android-developers.googleblog.com/2017/03/first-preview-of-android-o.html

The new mobile OS aims to improve battery life and device performance while offering new features like picture-in-picture display, Wi-Fi Aware support, and more  Android O introduces a number of new features and APIs to use in your apps. Here’s are just a few new things for you to start trying in this first Developer Preview:

Background limits: Android O puts a big priority on improving a user’s battery life and the device’s interactive performance. To make this possible, we’ve put additional automatic limits on what apps can do in the background, in three main areas: implicit broadcasts, background services, and location updates.

Notification channels: Android O also introduces notification channels, which are new app-defined categories for notification content. Channels let developers give users fine-grained control over different kinds of notifications

Autofill APIs: We are making this work more easily across the ecosystem by adding platform support for autofill.

PIP for handsets and new windowing features: Picture in Picture (PIP) display is now available on phones and tablets, so users can continue watching a video while they’re answering a chat or hailing a car. Apps can put themselves in PiP mode from the resumed or a pausing state where the system supports it

Adaptive icons: You can now create adaptive icons that the system displays in different shapes, based on a mask selected by the device.

Wide-gamut color for apps: Android developers of imaging apps can now take advantage of new devices that have a wide-gamut color capable display (AdobeRGB, Pro Photo RGB, DCI-P3, etc.).

Connectivity: Android O now also supports high-quality Bluetooth audio codecs such as LDAC codec. We’re also adding new Wi-Fi features as well

Keyboard navigation: With the advent of Google Play apps on Chrome OS and other large form factors, we’re seeing a resurgence of keyboard navigation use within these apps.

AAudio API for Pro Audio: AAudio is a new native API that’s designed specifically for apps that require high-performance, low-latency audio.

WebView enhancements: In Android O, we’re enabling multiprocess mode by default and adding an API to let your app handle errors and crashes, for enhanced security and improved app stability.

Java 8 Language API improvements: Android now supports several new Java Language APIs, including the new java.time API. In addition, the Android Runtime is faster than ever before, with improvements of up to 2x on some application benchmarks.

Partner platform contributions: Hardware manufacturers and silicon partners have accelerated fixes and enhancements to the Android platform in the O release. For example, Sony has contributed more than 30 feature enhancements including the LDAC codec and 250 bug fixes to Android O.

AMD Ryzen chips – BIOS update being developed to fix early CPU lockup issues

As noted by PC Magazine, a special BIOS update is being developed to fix a CPU lockup issue being experienced by AMD Ryzen chips which began to launch earlier this month.  

http://www.pcmag.com/news/352538/ryzen-7-chips-are-locking-up-pcs-amd-knows-why

All Ryzen desktop processors are suffering from the same problem, and owners are being asked to wait for BIOS updates to solve the issue.  AMD threw Intel a curve ball in February when the chip company announced its Ryzen CPUs would launch in early March. They are fast and significantly cheaper than Intel’s equivalent Core processors. It even led to some price cuts by Intel.

But with Ryzen chips now making their way into desktop PCs, AMD experienced its first major problem. All variants of the Ryzen 7 desktop processors are locking up PCs. The issue is related to FMA3 code, which are a set of streaming SIMD Extensions (SSE) that can greatly enhance the performance of floating point operations carried out by the chips. FMA3 isn’t new. AMD added support for the instruction set back in 2012.

Thankfully for Ryzen chip owners, AMD knows what the problem is but isn’t giving out much in the way of details. According to Digital Trends, the fix requires changes to the BIOS on motherboards. AMD is working on those changes, which will then be distributed to motherboard manufacturers who will then issue a patch.

Ransomware – Blank Slate uses blank spam email message with zip attachment

Ransomware is a highly destructive family of malware, which is designed to hold the victim hostage to get desired files restored.  A highly effective spamming technique used by malware designers to send out a blank spam email message with malicious zip attachment.  This is called the “Blank Slate” attack and is circulating extensively in the wild.

http://researchcenter.paloaltonetworks.com/2017/03/unit42-blank-slate-campaign-takes-advantage-hosting-providers-spread-ransomware/

In recent months, we’ve been tracking a malicious spam (malspam) campaign using emails with no message content and an attached zip archive to spread ransomware. We’ve nicknamed this campaign “Blank Slate” because the malspam messages are blank with nothing to explain the malicious attachments.

Last month, we published a blog  that discussed farming Microsoft Word documents in AutoFocus associated with the Blank Slate campaign. It revealed more than 500 domains were used. These malicious domains were quickly taken offline, but Blank Slate actors quickly registered new ones, revealing a cycle of abuse towards legitimate hosting providers.

Today’s blog describes the delivery, exploitation, and installation components of this attacker’s playbook, and it explores the cycle of abuse criminals follow against legitimate hosting providers to host ransomware associated with these infections.

Microsoft Security Updates – MARCH 2017

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

http://blog.talosintelligence.com/2017/03/microsoft-patch-tuesday-march-2017.html

https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx

https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/

https://isc.sans.edu/mspatchdays.html?viewday=2017-03-14

Following a sparse February patch Tuesday, today’s March release brings a bumper crop of fixed vulnerabilities: 17 bulletins covering 140 different vulnerabilities, 47 of which are rated as critical. The critical vulnerabilities affect Internet Explorer, Edge, Hyper-V, Windows PDF Library, Microsoft SMB Server, Uniscribe, Microsoft Graphics Component, Adobe Flash Player and Microsoft Windows. 92 vulnerabilities are rated as important, additionally affecting Active Directory Federation Services, DirectShow, Internet Information Services, Microsoft Exchange Server, Microsoft Office, Microsoft XML Core Services, Windows DVD Maker, Windows Kernel, Windows Kernel-Mode Drivers.

Internet Security – Five worst hacking incidents Q1 2017

Entrepreneur’s web site lists the five worst hacking incidents for the first quarter of 2017, as follows: 

https://www.entrepreneur.com/slideshow/290673

1. Fake GMAIL login page – hackers have discovered a highly-effective phishing scheme that’s fooled users into forfeiting their login credentials. The hacker — usually disguised as a close email contact — is found to be sending emails with a “PDF” attachment. Upon clicking the attachment, which is not actually a PDF but appears like one, victims are led to a fake Gmail login page.

2. World Wrestling Entertainment (WWE) hacked – Last year, hacking group OurMine was the leader of some big-time, harmless hacks.  OurMine broke in and informed the company how unsecure its accounts are, and offered its commercial services to help. “We’re just testing your security,” posted the company — which seems to be its well-known tagline.

3.CNN site hacked — Hacking group Our Mine was feeling ambitious over the Jan. 28 weekend. A day after breaking into WWE’s accounts, the cyber security company went for its next victim: CNN. On Jan. 29, the main CNN facebook page, along with CNN International and CNN Politics were hacked.

4. IndiGo Airline Twitter account hacked — Indian airline IndiGo fell victim to cyber attacks twice. Most recently, the company’s Twitter account, which previously had more than 100,000 followers, got hijacked

5. Hundreds of Twitter accounts — From Duke University to Justin Bieber to the Atlanta Police Department, Twitter accounts worldwide are being hijacked, with the hackers spreading a political message.