Cool News Story Bro! Week of 10-03-2014

by Otakun
Categories: News
Comments: Leave a Comment

Hey Guys,

Another busy news week, so let’s get to it!

  1. Shellshock In The Wild

    1. Firsts article this week looks at some of the techniques being used to take advantage of the “Shellshock” exploit in the wild. This is by no means a complete list, but there are some pretty creative uses seen so far.
    2. Read More @ http://www.fireeye.com/blog/technical/2014/09/shellshock-in-the-wild.html
  2.  Yet another case of malvertising on The Pirate Bay

    1. Next, another malvertising article, but this one is interesting due to the site in question. The Pirate Bay, the (in)famous piracy site seems to have fallen prey to malvertising, leading to pages infected with “Angler Exploit Kit”
    2. Read More @ https://blog.malwarebytes.org/exploits-2/2014/09/malvertising-on-the-pirate-bay/
  3. US Attorney General urges tech companies to leave back doors open on gadgets for police

    1. Next, a privacy related article. Seems like the U.S Attorney General is not a big fan of tech companies increasing the security of their products in order to protect consumer privacy. This is hardly a surprise, and the reasoning is the predictable “prevents law enforcement from dealing with criminals” speech. Do you agree?
    2. Read More @ nakedsecurity.sophos.com/2014/10/02/us-attorney-general-urges-tech-companies-to-leave-back-doors-open-on-gadgets-for-police
  4. iWorm Botnet Uses Reddit as Command and Control Center

    1. This is an interesting one. Newly discovered “iWorm” Botnet that is infecting Macs around the world seems to have a number of interesting aspects. The malware itself seems fairly sophisticated for malware of this type, and it also utilizes Reddit.com as part of it’s Command and Control infrastructure. While use sites like twitter, and Google docs, etc. for C2 traffic is not new, this is the first time I have seen Reddit used for this purpose.
    2. Read More @ http://www.intego.com/mac-security-blog/iworm-botnet-uses-reddit-as-command-and-control-center/
  5. Silk Road Lawyers Poke Holes in FBI’s Story

    1. Next, more on the Silk Road trial. Remember the story from few weeks ago about the details relating to how the FBI was able to track down the true location of the Silk Road servers through the leaky CAPTCHA? Apparently, the Silk Road lawyers found this very interesting, and asked the government to prove their claim. Simple, right? Apparently not. It looks like the feds might not be telling the whole story, as they were not exactly able to comply with that request.
    2. Read More @ http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story/
  6. Marriott fined $600,000 for jamming guest hotspots

    1. Next, a rather unusual article. Apparently, Marriott was found guilty of jamming guest Hot Spot signals, in order to force its guests to pay for the hotel Wi-Fi. Seems pretty shady, and apparently the law agrees.
    2. Read More @ http://www.slashgear.com/marriott-fined-600000-for-jamming-guest-hotspots-03349010/
  7. JP Morgan Chase confirms breach, 76 million homes and 7 million businesses affected

    1. So, another week, another news of massive breach. Well, this one is not quite so new as it actually happened earlier this year, but finally we got some details on the scope of the “JP Morgan Chase” breach, and it’s a big one. 83 million accounts were compromised in total, which makes it one of the largest, if not quite the largest yet. A lot of contenders for this particular crown this year, between Target, Chase, and Home Depot. At this point, it’s not even surprising to see news like this anymore, as it has become almost routine, which is a rather scary realization about the state of corporate security.
    2. Read More @ nakedsecurity.sophos.com/2014/10/03/jp-morgan-chase-confirms-breach-76-million-homes-and-7-million-businesses-affected
  8. Security bug in Xen may have exposed Amazon, other cloud services

    1. Coming hot off the heels of Shellshock, a less devastating, but still significant bug was disclosed by the Xen Project that affects millions of virtualized servers.  A flaw in the Xen hypervisor could allow a malicious fully virtualized server to read data about other virtualized systems running on the same physical hardware or the hypervisor hosting the virtual machine. This is fairly significant, especially for any cloud service providers.
    2. Read More @ http://arstechnica.com/security/2014/10/security-bug-in-xen-may-have-exposed-amazon-other-cloud-services/
  9. Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

    1. Kevin Mitnick, and his security consulting firm is getting into the business of selling zero-day exploits. This is interesting for several reasons, as there are a number of opinions on the ethics of such services. Selling to government to enable spying, is just one of the possible scenarios to consider, though he claims that is not his aim. Regardless of your stance on the matter, interesting direction to go into for Mr.Mitnick, though not surprising as it is a lucrative venture, as I am sure VuPen can attest to.
    2. Read More @ http://nakedsecurity.sophos.com/2014/09/26/ex-con-kevin-mitnick-now-selling-zero-day-exploits-starting-at-100k/
  10. ‘Spike’ toolkit scales multi-vector DDoS with Windows, Linux hosts

    1. Last article of the week takes a look at a new DDoS toolkit dubbed “Spike”. What makes this particular one interesting, is that it scales well, is multi-vector, and also multi-platform (able to leverage both mobile and non-mobile Operating Systems).
    2. Read More @ http://www.scmagazine.com/spike-ddos-toolkit-discovered/article/373501/

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Friday