2014/11/22

Cool News Story Bro! Week of 11-21-2014

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys!

Another news week round up is upon us, so let us delay no further!

  1. Operation CloudyOmega: Ichitaro zero-day and ongoing cyberespionage campaign targeting Japan

    1. Our first story of the day, courtesy of Symantec, looks at the new espionage campaign targeting Japan. The attack takes advantage of a vulnerability (CVE-2014-7247) in the Ichitaro software suite.
    2. Read More @ http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan
  2. Bypassing Microsoft’s Patch for the Sandworm Zero Day: Even ‘Editing’ Can Cause Harm

    1. Our next story, by McAfee, is a part 2 post that looks into how Microsoft’s Sandworm patch is being subverted. Part 1 is available here.
    2. Read More @ http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm
  3. Citadel Variant Targets Password Managers

    1. Next, an interesting development on the Citadel banking trojan front. Looks like one of the new variants has been seeing going after password management tools. This is the first time I’ve read about a trojan going specifically after password managers. Interesting, if inevitable.
    2. Read More @ http://threatpost.com/citadel-variant-targets-password-managers/109493
  4. EFF, Others Plan to Make Encrypting the Web Easier in 2015

    1. Next, a pretty cool development on the privacy front. Looks like, as of next year, EFF along with a number of other organizations plans to roll out a service that would provide HTTPS certificates to anyone that needs one, free of charge. Considering how expensive, and time consuming this process can be, this is great news.
    2. Read More @ http://threatpost.com/eff-others-plan-to-make-encrypting-the-web-easier-in-2015/109451
  5. Staples Confirms POS Malware Attack

    1. Next, back to the breach stories, as STAPLES confirms that an undisclosed number of stores were breached via Point of Sale malware.
    2. Read More @ http://www.bankinfosecurity.com/staples-confirms-pos-malware-attack-a-7570
  6. The Dridex Threat: How to Block the Latest Malware Aimed at Banks

    1. Next, a look at another – fairly nasty, banking trojan named “Dridex”. While it’s method of delivery are fairly old (Word Macro’s) the capabilities are anything but. This story looks at the details behind the trojan as well as some ways to protect against it.
    2. Read More @ http://www.americanbanker.com/news/technology/the-dridex-threat-how-to-block-the-latest-malware-aimed-at-banks-1071291-1.html?linkId=10637800
  7. USA Freedom Act foiled by Senate Republicans

    1. Next, another article on the privacy front, this time the news is not good. The USA Freedom Act, one that was suppose to curb the NSA metadata collection, failed to pass through the Senate. Suppose the modern version of the crypto-wars will continue still. A shame, but not a surprise.
    2. Read More @ http://www.scmagazine.com/usa-freedom-act-failed-to-pick-up-votes-needed-to-avoid-filibuster/article/384125/
  8. Most Targeted Attacks Exploit Privileged Accounts

    1. Next, an interesting report discovers that a majority of Targeted attacks exploit privileged accounts. Either through phishing campaigns, password guessing, or other similar methods. While this is hardly surprising, it’s good to see some research behind it.
    2. Read More @ https://threatpost.com/most-targeted-attacks-exploit-privileged-accounts/109514
  9. Neutrino : The come back ! (or Job314 the Alter EK)

    1. Last article of the week is an obligatory Exploit Kit related one. It looks like after nearly 8 months of absence, Neutrino Exploit Kit is back. Kaffeine takes a look at a “new” Exploit Kit making the rounds that looks to be the remade version of Neutrino.
    2. Read More @ http://malware.dontneedcoffee.com/2014/11/neutrino-come-back.html

 

Otakun
– Otakun

Leave a Reply

Your email address will not be published. Required fields are marked *



Today is Friday
2018/02/23