News for January 16, 2023


Norton Password Manager Breach
by Artie Kaye

Subscribers to Norton LifeLock were notified of a breach this past week. The credential stuffing attacks were first noticed on December 12. There is belief that personal data was obtained, including information related to the password manager. Changing the master password as well as any managed by the service would be prudent. Two-factor authentication can also be helpful in the prevention of a brute force attack like this.

https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/

https://techcrunch.com/2023/01/15/norton-lifelock-password-manager-data/

https://www.darkreading.com/remote-workforce/norton-lifelock-warns-on-password-manager-account-compromises

Polyglot Files Can Bypass Malware Checks
by Artie Kaye

A polyglot file can be read as at least two different file types. Some file types have identifying information at the start or the end of the file.  Certain malware is taking advantage of this to propagate. Using JAR combined with MSI or CAB files fills this need, as the MSI and CAB files store their information at the beginning of the file, while JAR is stored towards the end. 

Currently, anti-malware software will scan only the sections of the file defined for a particular file type, ignoring other sections that could contain the malware installer. The best step forward will be for the protection software developers to scan files for markers of any file type, regardless of the file type presented. 

To protect yourself, verify any files you are uncertain of, and contact your IT support if you need assistance.

https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar

https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html

Microsoft Exchange Server 2013 End of Support
by Artie Kaye

An end of service from Microsoft is approaching as Exchange Server 2013’s extended support will terminate on April 11, 2023. This means no more security updates or patched bugs after that date. The company encourages upgrading to Exchange 2019 or migrating to their cloud-based Exchange Online.  

https://learn.microsoft.com/en-us/lifecycle/products/exchange-server-2013

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-2013-end-of-support-coming-soon/ba-p/3714799

https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-2013-reaches-end-of-support-in-90-days/

BianLian Decryptor from Avast
by Artie Kaye

Cyber security company Avast has released a free decryptor for the BianLian ransomware. (Not to be confused with the same name banking malware targeting Android.) It has built a database of many of the encryption keys used by the ransomware, and is being updated as more become available. To learn more about the tool, please follow the links below.

https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/

https://www.bleepingcomputer.com/news/security/avast-releases-free-bianlian-ransomware-decryptor/