The Mask -- No, not the Movie

The place for what's new and going on in the tech, innovation, and science world.

The Mask -- No, not the Movie

Postby rapier57 » Mon Feb 10, 2014 9:14 pm

The Mask exploits vulnerabilities found in older Kaspersky versions and Flash:

https://threatpost.com/new-mask-apt-cam ... icated-yet

Users are targeted via spear-phising and the Mask has a number of implants at its disposal to infect and compromise OSX, Windows, and Linux. There may be implants available for iOS and Android, also.

So, if you are still running Flash on your OS of choice, might be a good idea to just get rid of it. I have and do not miss it.

I also got rid of the Java Runtime, due to similar issues. Got tired of endlessly updating to fix vulnerabilities. Don't miss that, either.

If someone requires Flash or Java Runtime, boycott them or tell them to quit it.
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: The Mask -- No, not the Movie

Postby DaFoxx » Mon Feb 10, 2014 9:25 pm

just for detail
what IS Flash for ?
and if it is so prevalent nowadays what is there to replace it ?

already dropped Adobe .pdf for Foxit reader
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: The Mask -- No, not the Movie

Postby dinowuff » Mon Feb 10, 2014 9:53 pm

rapier57 wrote:So, if you are still running Flash on your OS of choice, might be a good idea to just get rid of it. I have and do not miss it.

I also got rid of the Java Runtime, due to similar issues. Got tired of endlessly updating to fix vulnerabilities. Don't miss that, either.

If someone requires Flash or Java Runtime, boycott them or tell them to quit it.


So you don't use Netflix, HULU, YouTube...???
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
User avatar
dinowuff
I've posted HOW many
 
Posts: 5334
Joined: Sun Dec 25, 2005 11:26 pm
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″

Re: The Mask -- No, not the Movie

Postby rapier57 » Tue Feb 11, 2014 1:38 am

Not on my lappy or desktop.

Although, YouTube does switch to HTML5 with some browsers.
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: The Mask -- No, not the Movie

Postby DaFoxx » Tue Feb 11, 2014 2:07 pm

rapier57 wrote:Not on my lappy or desktop.

Although, YouTube does switch to HTML5 with some browsers.


actually been doing some reading and that is basically the driving force behind HTML5 to make the world adobe safe :mrgreen:
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: The Mask -- No, not the Movie

Postby DaFoxx » Tue Feb 11, 2014 2:09 pm

further reading from ElReg
http://www.theregister.co.uk/2014/02/11 ... _campaign/

Introduction to Apache Cassandra

Security researchers have discovered a sophisticated string of cyberattacks from a group of Spanish-speaking miscreants who have been operating since at least 2007.

”The Mask” (aka Careto) is one of the most advanced campaigns to date due to the complexity of the toolset used by the attackers, according to Kaspersky Lab. This includes sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS.

The cyber-espionage programme’s primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organisations and activists.

Researchers at Kaspersky reckon The Mask is likely a nation-state sponsored campaign that's ahead of Duqu industrial malware in terms of sophistication.

The attackers try to extract sensitive data from infected systems. These include office documents, but also encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by Remote Desktop Client, a proprietary protocol from Microsoft).
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: The Mask -- No, not the Movie

Postby Harry » Tue Feb 11, 2014 5:29 pm

I keep Flash and Java installed but disabled in the plugins bit of the browser - just enable them when you need them for specific sites you trust and then disable them again straight away.

We reckon there's probably 20 or 30 0-days in each of them that are un-patched and unpublished and used to compromise every man and his dog. It's funny how to free flash / Java download can be used to bypass security set-ups worth millions..
Drugs have taught an entire generation of kids the metric system..

TAZ's better half: http://www.theadminzone.com/
User avatar
Harry
Site Admin
 
Posts: 6784
Joined: Sat Feb 11, 2006 10:44 pm
Location: UK :-)


Return to Tech News Zone

Who is online

Users browsing this forum: No registered users and 8 guests