Cool News Story Bro! Week of 8-01-2014

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys, busy news week this week, so let’s get started!

  1. Tor security advisory: “relay early” traffic confirmation attack

    1. First story of the week is a good one, and a heads up for all of the TOR users out there. A recent post revealed a new attack on TOR that could be used to deanonymize TOR users using a traffic confirmation attack. Very interesting read, and a good insight into how TOR works  and some of the vulnerabilities.
    2. Read More @ https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
  2. Fiesta exploit kit does the splits

    1. Next, we have an update on the “Fiesta Exploit Kit”, courtesy of MalwareBytes. Looks like Fiesta has decided to double up on the payload. Two for the price for one…they are so generous, aren’t they?
    2. Read More @ blog.malwarebytes.org/exploits-2/2014/07/fiesta-exploit-kit-does-the-splits
  3. Russia’s Interior Ministry Offers Millions For Data on Tor Users

    1. Next, we have another TOR related story. Seems to be the popular topic of the week. This time, it looks like Russia’s Interior Ministry is offering about $114,000 for research on ways to identify TOR users. Personally, it doesn’t really seem like a lot of money for something that significant…
    2. Read More @ http://www.themoscowtimes.com/news/article/interior-ministry-seeks-ways-to-track-tor-user-data/504051.html
  4. Spy of the Tiger

    1. Next, we have another article by FireEye. This time, they take a look at the Pitty Tiger APT campaign. Good read, as always.
    2. Read More @ http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-the-tiger.html
  5. Why the Security of USB Is Fundamentally Broken

    1. Next we have an interesting article on a presentation to be shown at BlackHat 2014, that shows a way to utilize the firmware on a USB stick to infect a machine in a way that’s pretty much undetectable to the user. They have created some proof-of-concept malware to demonstrate the potential uses of this vulnerability.
    2. Read More @ http://www.wired.com/2014/07/usb-security/
  6. 0-days found in Symantec Endpoint Protection

    1. This story is a pretty interesting one. Apparently during a pen-test researchers found several 0-days in the Symantec Endpoint Protection software. Just goes to show you, no software is safe, when it comes to potential vulnerabilities.
    2. Read More @ http://www.net-security.org/secworld.php?id=17185
  7. 97% of Global 2000 remain vulnerable to due to Heartbleed

    1. This story surprised me a bit, I have to admit. While I didn’t expect everyone vulnerable to Heartbleed to completely remediated for a long time, I didn’t think that the number of still vulnerable fortune 2000 companies would be that high. Considering the critical  nature of this vulnerability I expected a swifter response.
    2. Read More @ http://www.net-security.org/secworld.php?id=17180
  8. Canada’s National Research Council Hit by Apparent Chinese Cyber Attack

    1. Next, it seems like China is diversifying its targets a bit. This time an APT group hit a Canadian National Research Council. I can’t say I am surprised, as China seems to be fairly indiscriminate with their targets, as long as their is a worthy payoff.
    2. Read More @ http://threatpost.com/canadas-national-research-council-hit-by-apparent-chinese-cyber-attack/107524
  9. Nearly 600 U.S. businesses compromised by ‘Backoff’ POS malware

    1. So, this next article seemed appropriate to include with all the recent retailer breaches. Seems like the “Backoff” point of sale malware has been used in the large number of the recent breaches. This trends will only continue, I suspect, as it seems like many businesses have woefully inadequate protection mechanisms in place when it comes to storing and processing their Credit Card data.
    2. Read More @ http://www.scmagazine.com/nearly-600-us-businesses-compromised-by-backoff-pos-malware/article/363876/
  10. Sandwich Chain Jimmy John’s Investigating Breach Claims

    1. How very timely, that right after the above article we have news of another potential breach. This time the (un)lucky winner is the fast food sandwich chain Jimmy John’s. If you eat at Jimmy John’s and pay with your card, you might want to keep an eye out on your Credit Card activity.
    2. Read More @ http://krebsonsecurity.com/2014/07/sandwich-chain-jimmy-johns-investigating-breach-claims/
  11. Security Firm Analyzes Success of Botnet Takedowns

    1. Last story of the week takes a look at the success of the recent botnet takedown efforts, mainly Shylock and Gameover Zeus. To no-one’s surprise it looks like the malware authors are hard at work trying to restore operations to the botnets. This was always the most likely outcome, as hardly ever do these takedowns manage to completely destroy the botnet.
    2. Read More @ http://www.securityweek.com/security-firm-analyzes-success-botnet-takedowns


Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Friday