Time for another news post. A fairly slow week this week, but we still have some good stuff for you, so let’s get going!
- First article of the day, and it’s a pretty interesting one. The sophisticated espionage malware that was brought to late in recent times is apparently linked to the NSA. A german newspaper leaked source code for a piece of NSA software called “QWERTY”, a keylogger, and the code has enough similarities to Regin for researchers at Kaspersky to claim that they are linked. Given NSA’s cyber espionage capabilities, this is not that surprising.
- Read More @ http://thehackernews.com/2015/01/nsa-regin-qwerty-keylogger_27.html
- Next, another interesting article dealing with things on the privacy front. The Electronic Frontier Foundation has outlined a plan on how mass surveillance can be ended. The plan would require a global effort to succeed but it outlines the measures needed in order to help stem the rampant information collection, and surveillance like the ones outlined by the Snowden leaks. Whether this can, or will, actually happen is an entire separate issue…but you can’t help but think somethings needs to happen for us to keep our privacy, going forward.
- Read More @ https://www.eff.org/deeplinks/2015/01/effs-game-plan-ending-global-mass-surveillance
- Next, a new development on the banking Trojan front (oh the fun!). Dyre Banking Trojan’s most recent variant has included a mail worm in order to spread even faster through the use of Outlook. This allows the Trojan to exponentially increase it’s spamming activity.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/new-dyre-variant-hijacks-microsoft-outlook-expands-targeted-banks/
- The U.S army has released their python based internal forensics framework called “DSHELL” to the public. This looks to be a modular framework and the Army is hoping that people will create their own custom modules in order to tailor the software for their use.. Interesting read.
- Read More @ http://www.army.mil/article/141734
- A new Linux vulnerability named “GHOST” has been discovered by researchers at Qualys. GHOST is a buffer overflow vulnerability in the glibc library that could allow for remote code execution, if exploited.
- Read More @ http://www.scmagazine.com/buffer-overflow-vulnerability-in-linux-identified/article/395025/
- Last week, we had an article about a new Adobe Flash Zero Day, and this week we have a follow up that takes a deep dive into analyzing the vulnerability itself. For all the reversing people out there this is a great read.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0311-flash-zero-day-vulnerability/