So, nice and easy news week this week, nothing major happened at all, right? Yea…
- So, our first mention this week has to be the Bash vulnerability (CVE 2014-6271), more commonly known as “Shellshock”. I am sure you have heard all about it at this point, as it’s damn near impossible to stay away from it. Essentially the exploit allows for arbitrary code execution by taking advantage of a vulnerability in the BASH (Bourn Again Shell). Some are dubbing this more severe than the Heartbleed vulnerability, as this allows for potential complete compromise of the host, instead of just reading arbitrary content stored in memory. There are a number of articles out there discussing patching, detection, etc. already so I won’t go over those, but we will keep you updated on any major related stories, going forward. It will be interesting to see where this goes, as far as being exploited in the wild.
- Read More @ http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
- Next, we finally seem to have a confirmation of the suspected Jimmy John’s fast food chain breach. Looks like source of the breach was one of the payment vendors associated with Jimmy John’s.
- Read More @ http://krebsonsecurity.com/2014/09/jimmy-johns-confirms-breach-at-216-stores/
- Next, an interesting Exploit Kit related update. It looks like some versions of Flash EK are bypassing the traditional infection chain process in favor of an entirely Flash based one. Flash is used for redirection, and exploitation. This is the first EK I’ve seen that does this, so far.
- Read More @ https://blog.malwarebytes.org/exploits-2/2014/09/flash-ek-skips-landing-page-goes-flash-all-the-way
- Now for some privacy related news. It looks like some amendments to existing legislation could make it easier for FBI to break into the computers of users using TOR to anonymize their traffic. It’s hardly a secret that feds hate TOR, so attempts to make it easier to circumvent it are hardly surprising. We will keep an eye on this one, and see where it goes.
- Read More @ nakedsecurity.sophos.com/2014/09/22/tor-users-could-be-fbis-main-target-if-legal-power-grab-succeeds
- Next, another story on a new underground drug market. Last week we brought you a story about “Agora”, and this week we have another one in “Evolution”. This one seems to be quite a bit larger than “Silk Road” and also seems to include things that “Silk Road” did not sell, like stolen credentials and credit card data.
- Read More @ http://www.wired.com/2014/09/dark-web-evolution/?linkId=9678187
Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information
- Next, an announcement from IC3.gov indicating that insider threat cases are increasing. While insider threats have always been a pretty large source of breaches, it’s interesting to read that they are on the increase.
- Read More @ http://www.ic3.gov/media/2014/140923.aspx
- Another week, another breach. Viator, a TripAdvisor site was breached affecting 1.4 million customers. It’s unclear how much of this was credentials, and how much of it includes credit card information. Either way, not good news for anyone using Viator.
- Read More @ http://thehackernews.com/2014/09/tripadvisors-viator-hit-by-massive-14_24.html?sf4810415=1
- Bad news for Home Depot just keeps coming. According to the report by New York Times, Home Depot was warned of their security deficiencies as far back as 2008. Company’s response was very lax, and inevitably led to the breach. This was an anonymous report by a former employee, so take it with a grain of salt but it seems very plausible. Security is sadly still a very reactive field, sadly.
- Read More @ http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html?ref=technology&assetType=nyt_now&_r=1
- Last article for the week is another Exploit Kit update. In this case it’s a look at the recent additions to the “Nuclear: Exploit Kit”. It looks like it’s now exploiting SilverLight as well. According to the report by TrendMicro the amount of exploits in Nuclear EK has doubled in 2014. They are definitely trying to pick up the slack, with BlackHole out of the picture.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/nuclear-exploit-kit-evolves-includes-silverlight-exploit/