2014/12/06

Cool News Story Bro! Week of 12-05-2014

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey guys!

Another busy news week this week, so let’s not waste any time and get right to it!

  1. Sony Breach May Have Exposed Employee Healthcare, Salary Data

    1. So, the biggest news of this week revolves around the hack of Sony Pictures Entertainment. We brought you a story last week, prior to an official confirmation of the breach, indicating the hack might have occurred. Quite a few details have surfaced since that time and our first article on the topic, from Brian Krebs, and it looks like the breach is bad, really, really bad. Terabytes of data, that includes unreleased movies, employee data (SSN, health care data, salaries), celebrity personal information, etc. Basically, if there was anything there to take, it was taken.  Many believe this might be the most devastating corporate hack to date.
    2. Read More @ http://krebsonsecurity.com/2014/12/sony-breach-may-have-exposed-employee-healthcare-salary-data/
  2. F.B.I., Mandiant, Investigating Sony Pictures Breach

    1. Next in line for the SPE breach news, it looks like Sony has hired Mandiant, FireEye’s security consulting company, to investigate the breach. This isn’t really that surprising as Mandiant is fairly well known in this field and have investigated a large number of high profile breaches. In addition to Mandiant, this case is now also being investigated by the F.B.I. I doubt we will ever get to see the Mandiant report on the incident, but that would be a very interesting read. I would love to know the details on this one, considering the scope of the breach.
    2. Read More @ http://threatpost.com/f-b-i-mandiant-investigating-sony-pictures-breach/109645
  3. Sony/Destover: Mystery North Korean Actor’s Destructive and Past Network Activity

    1. Next, it looks like some of the malware used in the Sony hack has made it into the hands of security researchers. The researchers over at Kaspersky have done some analysis of the Destover wiper malware used in the attack, and they also look at some of the similarities to some other malware believed to be attributed to North Korean actors. Very good read, as always.
    2. Read More @ http://securelist.com/blog/research/67985/destover/
  4. ISPs shoulder responsibility for leaked Sony movies, says UK MP

    1. Next, on a bit of a different take on the breach, a UK member of parliament has said that ISPs, and hosting companies are at least partially responsible for the movies leaked as part of the SPE breach. He claims that ISPs, and Web Hosts don’t do enough to prevent sharing of leaked movies such as these. This opinion is not surprising, considering the aggressive stance the U.K has taken towards piracy. Personally, I am not sure if I agree that it’s the job of an ISP to police their users, but maybe that’s just me.
    2. Read More @ http://www.afterdawn.com/news/article.cfm/2014/12/05/isps-shoulder-responsibility-for-leaked-sony-movies-says-uk-mp
  5. Sony Hackers Knew Details Of Sony’s Entire IT Infrastructure

    1. Last in our string of SPE related stories is an interesting one. It appears as though the attackers in the SPE breach had intimate knowledge of the SPE infrastructure. The Destover malware used in the attack contained hardcoded server names, and valid credentials for accessing them, indicating there was knowledge of their IT operations. Whether this data was simply acquired in the early stages of the breach, or was information they had prior to the attack is not clear as of yet.
    2. Read More @ http://www.darkreading.com/sony-hackers-knew-details-of-sonys-entire-it-infrastructure-/d/d-id/1317898?_mc=sm_dr
  6. Banks: Credit Card Breach at Bebe Stores

    1. Now that we are done with the Sony related news, on we go to another Credit Card breach. The most recent news comes from Brian Krebs again, and it looks like “Bebe” stores were breached as well. A number of stolen card numbers were up for sale on an underground site. There is not a lot of details as of yet, but I am sure that will change in the coming weeks.
    2. Read More @ http://krebsonsecurity.com/2014/12/banks-credit-card-breach-at-bebe-stores/
  7. ‘Gangnam Style’ breaks YouTube

    1. Next, some more lighthearted news, to take a break from all the gloomy breaches. According to a post from Google, it looks like PSY’s “Gangnam Style” has exceeded the YouTube view limit (2,147,483,647). As a result, Google had to change the YouTube view counter to a 64-bit integer. PSY should be very proud of such an awesome milestone.
    2. Read More @ http://www.cnn.com/2014/12/03/showbiz/gangnam-style-youtube/index.html?hpt=hp_t4
  8. Anonymous reportedly publishes KKK wizard’s personal data

    1. Next, it looks like Anonymous has put their powers to use against the KKK. Reportedly, they published the personal information of the clan “Imperial Wizard” who threatened to use lethal force against the Ferguson protesters.
    2. Read More @ http://www.scmagazine.com/anonymous-reportedly-publishes-kkk-wizards-personal-data/article/385656/
  9. Google No CAPTCHA Simple for Humans, Tough on Bots

    1. Next, Google has updated their reCAPTCHA system in a rather significant way.  Instead of having users try to decipher blurry text, Google is now simply asking users if they are a bot. All the user has to do is click the checkbox. This change was prompted due to the recent advances in the ability of bots to accurately solve CAPTCHAs, making the old system less and less efficient.
    2. Read More @ http://threatpost.com/google-no-captcha-simple-for-humans-tough-on-bots/109707
  10. Judge says negligence case against Target can move forward

    1. Now, another update on the Target breach side of things. It looks like a U.S District Judge has decided to allow the negligence case against Target to continue. Not good news for Target, but this is only one of many lawsuits regarding that particular breach. We will bring you updates to this case as it develops.
    2. Read More @ http://www.scmagazine.com/judge-says-negligence-case-against-target-can-move-forward/article/386650/
  11. Kaspersky Lab Releases Predictions for 2015

    1. Kaspersky has released their predictions for 2015, and it looks like they believe that spotlight will mostly be on banks, and payment systems. This would make a lot of sense given the increase in banking malware over the years, and the amount of PoS related breaches that happened this year.
    2. Read More @ http://usa.kaspersky.com/about-us/press-center/press-releases/kaspersky-lab-releases-predictions-2015
  12. Why ‘Regin’ Malware Changes Threatscape Economics

    1. Next, an interesting take on the Regin malware, and it’s significant to the threat landscape. Regin has been in the spotlight recently as it’s a rather advanced espionage platform, possibly backed by a nation-state.
    2. Read More @ http://www.darkreading.com/attacks-breaches/why-regin-malware-changes-threatscape-economics-/a/d-id/1317879
  13. Treasury Dept: Tor a Big Source of Bank Fraud

    1. Another story by Brian Krebs looks at a report that alleges that a majority of bank account takeovers could have been prevented if banks knew to look for and block transactions coming through TOR. Interesting findings, for sure.
    2. Read More @ http://krebsonsecurity.com/2014/12/treasury-dept-tor-a-big-source-of-bank-fraud/
  14. German court blocks US extradition for “number two” hacker

    1. Final story of the week. Germany has decided to decline the extradition of a hacker associated with a number of Credit Card related hacks between 2011 and 2013, arguing that the maximum sentence proposed by the U.S (250 years) is too extreme of a punishment by German standards. Refreshing to see a bit of sense when it comes to prosecuting cybercrime.
    2. Read More @ https://nakedsecurity.sophos.com/2014/12/04/german-court-blocks-us-extradition-for-number-two-hacker/

Leave a Reply

Your email address will not be published. Required fields are marked *



Today is Friday
2018/02/23