Cool News Story Bro! Week of 01-02-2015

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys!

First news post of 2015, Wooooo! Last year was a pretty good year for security news, quite a bit happened especially with HeartBleed, Shellshock, and all the big retail breaches and we can’t go without mentioning the Sony hack to wrap up the year. The good news to come out of all this is hopefully an increase in focus on security for some of these larger companies (has to happen sometimes, right?), and it can only mean good things for anyone in this industry as the demand for quality security professionals will only go up. It’s a good industry to be in! Anyway, enough rambling, let’s get to the news.

  1.  North Korea blames U.S. for Internet outages, calls Obama ‘monkey’

    1. We are still not quite done with the SPE, and North Korea related news it seems. To start off this week, we have an article claiming that North Korea has blamed U.S for its Internet outage we mentioned in last week’s post. Going as far as to compare Obama to a monkey. Stay classy North Korea.
    2. Read More @ http://in.reuters.com/article/2014/12/27/northkorea-cybersecurity-idINL3N0UB04K20141227
  2.  South Korean activists to drop The Interview into North by balloon

    1. Ok, this next story is actually pretty funny. It looks like South Korean activists are planning to drop copies of “The Interview” into North Korea via  balloons. That’s pretty nice of them, I have to say. I am looking forward to Kim Jong Un’s review of the movie.
    2. Read More @ http://www.cbc.ca/news/arts/south-korean-activists-to-drop-the-interview-into-north-by-balloon-1.2887230?cmp=rss
  3. What We Know About the New U.S. Sanctions Against North Korea In Response to Sony Hack

    1. So the proportional response Obama promised in response to the North Korea hack, seems to include sanctions as President Obama has signed an executive order imposing additional sanctions on North Korea.
    2. Read More @ http://www.wired.com/2015/01/us-sanctions-north-korea-for-sony-hack/
  4. Researchers investigate, suggest fired employees assisted in Sony hack

    1. Since there is quite a lot of skepticism in the security community in terms of the true source of the attack on Sony, some new research is suggesting that a fired employee was at least partially responsible for the breach. They used the leaked documents in their investigations in order to try and piece together some clues as to the source of the hack. Very interesting read.
    2. Read More @ http://www.scmagazine.com/one-or-more-former-employees-may-have-aided-in-hack/article/390385/
  5. The Slow Death of ‘Do Not Track’

    1. Next, a privacy related story. “Do Not Track”, the proposal to allow Internet users to opt-out of being tracked online has been around for a while as an idea, but never really formalized. It looks like it’s finally getting close, but with some major issues. Mainly, it looks like the current state of it would allow a number of Internet giants like Facebook, Google, and Apple to basically exempt themselves from it. Considering these companies are some of the worst, when it comes to user data collection it would make “Do Not Track” in its current form nearly useless. Let’s hope this is not allowed to proceed as is.
    2. Read More @ http://www.nytimes.com/2014/12/27/opinion/the-slow-death-of-do-not-track.html?_r=0
  6. Chick-fil-A Investigating Possible Data Breach

    1. Next, another potential breach, this time it affects “Chick-Fil-A” fast food chain. At this point there is no confirmed breach, but an investigation into some potentially misused credit cards used at its location.  We will bring you any updates associated with this one as they surface.
    2. Read More @ http://www.darkreading.com/attacks-breaches/chick-fil-a-investigating-possible-data-breach/d/d-id/1318436
  7. Lizard Kids: A Long Trail of Fail

    1. Next, an article by Krebs, on the Lizard Squad, a group of script-kiddies that have been harassing gamers by DDoS-ing XBox Live and PSN around Xmas time. In this post Krebs sheds a bit more light on their activities and motivations. Good read as always. And like we predicted, it seems like a number of them are already being arrested and/or questioned by police. Hope it was worth it, Lizard script-kiddies.
    2. Read More @ http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/
  8. Report: UK police arrest Lizard Squad member

    1. As a follow up to the above, and to keep with the Lizard Squad theme, a report on the arrest of one of the members in the U.K. This was references in the Krebs story above, but here are some more details. One down, several to go.
    2. Read More @ http://www.polygon.com/2014/12/31/7475297/report-uk-police-arrest-lizard-squad-member
  9. Finnish National Bureau of Investigation questions suspected Lizard Squad member

    1. After the news of the U.K arrest of a Lizard Squad member, another report emerged of law enforcement in Finland questioned another suspected member. Slowly but surely, it looks like they are being rounded up. Good.
    2. Read More @ http://www.polygon.com/2015/1/1/7477587/finnish-national-bureau-of-investigation-questions-suspected-lizard
  10. Unpatched Windows Privilege Elevation Vulnerability Details Disclosed

    1. Google’s Project Zero has disclosed a new unpatched Windows 8.1 vulnerability that would allow for Privilege Escalation if exploited. It was reported to Microsoft in September but it has not been patched yet, it seems.
    2. Read More @ http://threatpost.com/unpatched-windows-privilege-elevation-vulnerability-details-disclosed/110176
  11. FBI searching for cyber experts to become special agents

    1. Ever wanted to work as a security professional for the FBI? If this sounds like something you might be interested in as it looks like the FBI is hiring for exactly that. I have to say, it sounds cool…except for that whole utter loss of privacy and all that.
    2. Read More @ http://www.scmagazine.com/fbi-searching-for-cyber-experts-to-become-special-agents/article/390362/
  12. Malware infection suspected at ISC, providers of the BIND DNS server software

    1. The ISC.org website looks like it might have been infected with malware, due to a potential Word Press vulnerability according to a post on Naked Security. Not much in terms of details, but if you visited the ISC site lately, you could have potentially have run across malware while on the site.
    2. Read More @ https://nakedsecurity.sophos.com/2015/01/01/malware-infection-suspected-at-isc/
– Otakun

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Friday