Hope you had a good week, and are having a good Friday. Why not unwind with some news and a beer or two? Let’s get to it!
- First post of this weeks comes from FireEye, and takes a look at some of the similarities in operations between two APT campaigns: DragonOK, and Moaffee, both operating from China. It’s an interesting view into the operations of some of these groups, as they seem to be working in parallel and share resources, among other things.
- Read More @ http://www.fireeye.com/blog/technical/targeted-attack/2014/09/the-path-to-mass-producing-cyber-attacks.html
- Next article, by SecureList, takes a look at a typical attack aimed at stealing financial information from a remote banking system. It’s a walk-through of the typical attack pattern, and the common findings that Kaspersky Lab has found during such investigation. Good read for any IR personnel.
- Read More @ https://securelist.com/analysis/publications/66454/thefts-in-remote-banking-systems-incident-investigations/
- Next, another story by one of our favorite bloggers Brian Krebs from KrebsOnSecurity. This one looks at how the FBI managed to track down the true location of the “Silk Road” black market, run by Ross W. Ulbricht — a.k.a. the “Dread Pirate Roberts”. For the unfamiliar, he was running the site as a TOR hidden service, which if configured correctly is suppose to hide the true location of the server in question. However, this also shows that all it takes is one mistake in order to have it all fall apart around you, and the FBI to find you.
- Read More @ http://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-leaky-captcha/
- With the announcement of the iWatch, iPhone 6 and most interestingly, the new Apple Pay service, the obvious question was just how secure is it going to be? Last thing anyone needs is another potential avenue for credit card theft. However, the early reports are positive and seem to indicate that Apple is taking security very seriously.
- Read More @ www.infosecurity-magazine.com/news/reaction-apple-pay-builds-in
- So it begins. Inevitably, after the breach, we knew that there would be lawsuits aimed at Home Depot over the recent breach and the first one has been filed, and is seeking class-action status. We will keep an eye out on these stories as they develop.
- Read More @ http://www.reuters.com/article/2014/09/10/us-home-depot-dataprotection-lawsuit-idUSKBN0H42HE20140910
- Finally, the Exploit Kit article for the week! Are you excited as I am? Well, this time around it seems like “Sweet Orange” has found it’s way to the site of a prominent Israeli think tank and has graciously offered itself to their visitors. Sweet Orange has at least partially taken the mantle, after the fall of “Paunch” and the “BlackHole” exploit kit.
- Read More @ http://thehackernews.com/2014/09/israeli-think-tank-compromised-to-serve_9.html
- This one is pretty interesting, I have to say. Stepping back from all the POS hacks and recent breaches, and back to the NSA/Snowden leaks we now have a story on the fight “Yahoo” had to face in order to protect the privacy of their users. At one point threats of $250,000 a day fine were considered by the U.S government for non-compliance. Finally, it seems, we are getting to peak behind the curtain at some of these legal battles over your private information. At the very least, I have to give props to Yahoo for not just handing data over, as more than a few companies are known to do when it comes to these requests.
- Read More @ http://www.securityweek.com/us-threatened-yahoo-huge-fine-over-surveillance
- We will close out this week with a very good write up by Trend Micro that takes a look at the PoS malware. This is a 97 page report, so it’s some in-depth reading. Coincidentally, I was just talking with some friends about wanting to learn more about this type of malware, so this was very much timely! Hope you find it enjoyable.
- Read more @ http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf?linkId=9590495