Sorry for the lack of news posts for the past few weeks. I just got back from a vacation to Japan, and my Internet situation in my hotel did not allow me to keep these posts going (massive amounts of beer didn’t help either). However, I am back now and we will get back to our regularly scheduled programming!
- First story this week takes a look at a unique, newly discovered, APT actor dubbed “DarkHotel”. What makes this group interesting is that they are specifically targeting executives through hotel networks. Very cool read.
- Read More @ http://threatpost.com/darkhotel-apt-group-targeting-top-executives-in-long-term-campaign/109265
- Next, another APT related story, this time though the hack focused on disrupting U.S infrastructure, mainly the weather system, which resulted in disruption of service and ability to receive weather data from some of the satellites affected.
- Read More @ http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html
- Next, an interesting article about the fake Microsoft Support Scam calls. This is timely, as one of our recent posts looked at exactly this type of scam. What makes this particular story interesting is that a company which outsources tech support to India is claiming that it’s brand is being misrepresented by…fake tech support scammers from India. You can’t make this stuff up folks.
- Read More @ http://krebsonsecurity.com/2014/11/microsoft-partner-claims-fuel-support-scams/
Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
- Next, we have an article on a new vulnerability in the Microsoft Secure Channel package that could allow Remote Code Execution through specially crafted packets. There is no known workaround, or mitigation at the moment.
- Read More @ http://www.kb.cert.org/vuls/id/505120
- To continue with the APT and China themed hacks for the week we look at the breach of USPS employee information. Breach affected about 800,000 employee records based on the reports so far.
- Read More @ http://outsidelens.scmagazine.com/video/China-Suspected-Of-Hacking-Into
- In our last news post we mentioned an article relating to a TOR exit node that was patching binaries downloaded through TOR with malware. Well, it looks like that ended up being a part of an APT campaign as well, related to the Russian APT “MiniDuke” campaign, according F-Secure.
- Read More @ http://www.f-secure.com/weblog/archives/00002764.html