1.
Oracle
Controversy - Mary Davidson - the CSO of Oracle took to the corporate blog to
pen her thoughts on Security titled - "No, You Really Can't". The
post sharply admonished enterprise customers for reverse engineering, or hiring
consultants to reverse engineer, the company's proprietary software, with the
aim of finding as of yet unfixed security vulnerabilities. The post was deleted
few hours later but social media continues to either roll its eyes or shout in
outrage or just laugh at her.
2.
Marketwire,
PR Newswire, and Business Wire -- which distribute press releases for major publicly traded companies -- had its systems penetrated by a pair of Ukraine-based
hackers who stole 'market-moving media releases' and used this information to
profitably trade and pocket $100m.
3.
Cyber
thieves broke into the IT systems of Carphone Warehouse, a large cell phone
retailer in the U.K., and may have stolen personal and bank data of up to 2.4
million customers and the credit card details of up to 90,000 customers.
Specifically, the division that was attacked operates the OneStopPhoneShop.com,
e2save.com and Mobiles.co.uk websites, the company said in an emailed statement.
4.
Update
on Android's Stagefright vulnerability - Google issued a four line Patch but
that does not work. This highlights the utter shoddiness of the Android
ecosystem's processes for updates with three parties involved - Google, Device
manufacturer and Telcos. An expert in his tweet response to Samsung / HTC 's
plan to issue monthly patches to
carriers said - "I am giving
a steak to my dog, to deliver to you. I'm sure it'll arrive." Stagefright
vulnerability allows hackers to just send a text message and hack the Android
device.
5.
June
was "the worst month of malvertising ever" and Flash zero-day
vulnerabilities are partly to blame, say experts. In the first six months of
2015, malvertising was one of the biggest threats to endpoint security, causing
an estimated $525 million in damages The kind of malware dropped by
malvertising on the endpoint was mostly Ransomware, Banking trojans, or Bot
code that abuses endpoints for Click fraud campaigns. Malware + Advertising =
Malvertising. As you may recall from the last week's blog - Yahoo was recently missued
to deliver malvertising.
6.
The
Darkhotel cyberespionage crew keeps adding to its bag of tricks: New evidence
shows that the group seems to have latched on to some of the zero-day
vulnerabilities exposed by the Hacking Team data dump last month. Known best
for breaking into Wi-Fi networks in luxury hotels to target very high-profile
corporate and government executives, the team has long depended on zero-day
vulnerabilities to strike its targets. Darkhotel has gone through half a dozen
or more - zero-days targeting Adobe Flash Player in the past year, investing
considerable funds to beef up a quiver meant to hit the proverbial bullseyes.
The Darkhotel APT will relentlessly spearphish specific targets in order to
successfully compromise systems.
7.
Australians
are paying thousands of dollars to overseas hackers to rid their computers of
an unbreakable virus known as Cryptolocker. There has been a rise in the number
of people falling victim to the latest version of an encryption virus which
hijacks computer files and demands a ransom to restore them. The
"ransomware" infects computers through programs and credible-looking
emails, taking computer files and photographs hostage. It can arrive in an
email disguised as an installer of the new operating system in a zip file.
8.
Hackers'
arsenal was beefed last week, with a drone armed with software weapons to crack
into wireless computer networks at close range, whether they be in skyscrapers or
walled compounds. The drone is equipped with software tools used to perform the
kind of "penetration testing" done by hackers or computer security
professionals who seek vulnerabilities in computer networks. The drone is flown
past physical defenses of the targeted victim.
9.
India
features among the worst affected countries by Black Vine, a formidable, highly
resourced attack group, which is equipped to conduct cyber espionage against targeted
organizations. Black Vine typically conducts watering-hole attacks against
websites that are relevant to its targets' interests and uses zero-day exploits
to compromise computers (Recon, Lure, Exploit kit). If the exploits succeed,
then they drop variants of Black Vine's custom-developed malware (Dropper
file). These threats open a back door on the compromised computers and allow
the attackers to steal information. (Call home and Data theft).
No comments:
Post a Comment