2015/02/14

Cool News Story Bro! Week of 02-13-2015

by Otakun
Categories: News
Tags:
Comments: Leave a Comment

Hi Guys!

That time of the week again, hope you enjoy the read, got some good stuff for you as usual.

  1. Introducing Extension Signing: A Safer Add-on Experience

    1. Mozilla is introduction a new initiative for their browser add-ons that will require extensions to be signed or they will be unable to install. This was done in order to fight some of the more malicious add-ons that that make changes without user consent. Interesting idea in theory but it makes me wonder how people will react to being unable to go around this requirement as it’s not going to be optional.
    2. Read More @ https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/
  2. Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days

    1. Next, news on the APT front. Looks like a Chinese APT group has compromised Forbes.com and used it in a Watering Hole attack on various financial companies. They used a Flash and an IE exploit in order to compromise unsuspecting visitors.
    2. Read More @ http://threatpost.com/chinese-hackers-compromised-forbes-com-using-ie-flash-zero-days/110996
  3. Anonymous takes down dozens of “terrorist” social media accounts in #OpISIS

    1. Looks like anonymous has turned their powers to good use by disrupting several social media accounts associated with the ISIS terrorist group. Lot of these accounts were used for propaganda, and recruitment purposes so good for them I say.
    2. Read More @ https://nakedsecurity.sophos.com/2015/02/10/anonymous-takes-down-dozens-of-terrorist-social-media-accounts-in-opisis
  4. US Government builds “Memex Deep Web Search Engine” to Track Criminals

    1. The new DARPA project aims to create a search engine that searches the more nefarious parts of the web in hope of helping law enforcement hunt down criminals participating in some of the more heinous crimes like human trafficking and the like. The aim of this engine is to be able to search out sites that are out of the reach of a traditional search engines. Very interesting read, and video.
    2. Read More @ http://thehackernews.com/2015/02/memex-deep-web-search-engine.html
  5. Anthem Breach May Have Started in April 2014

    1. Next, some interesting info on the “Anthem” breach. Analysis of the open source information related to the Anthem breach has indicated that the breach might have occurred as far as April 2014, significantly earlier than the time-frame disclosed by Anthem. Some very interesting information in this one.
    2. Read More @ http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
  6. Obama’s New Order Urges Companies to Share Cyber-Threat Info With the Government

    1. Today, President Obama signed a new Executive Order that would encourage sharing of threat intelligence between the private sector and the government. It’s mean to provide new standards for intel sharing in order to make it easier to share information about emerging security threats.
    2. Read More @ http://www.wired.com/2015/02/president-obama-signs-order-encourage-sharing-cyber-threat-information/
  7. China, Vietnam and PlugX Dominate APT Landscape

    1. According to a new Threat Report by Crowdstrike, 2014 APT threat landscape was dominated by China, and the PlugX malware family. This is hardly a surprise to anyone to be honest, but hey, good to see some evidence behind it as well. Good read.
    2. Read More @ http://www.infosecurity-magazine.com/news/china-vietnam-and-plugx-dominate
  8. VirusTotal Tackles False Positives with Whitelist Program

    1. Good news for any Virus Total users, myself included. It looks like Google is starting a whitelisting program that hopes to help reduce false positive rates in VT. Developers can submit code that can be cross-referenced against submitted samples and in case of false positives the AV that hit will be notified in order to correct it. Good to see Google going after this problem, if you ask me. We will see how well it works in practice.
    2. Read More @ http://www.infosecurity-magazine.com/news/virustotal-tackles-false-positives
  9. A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer

    1. Researches are looking to show a new method they claim will make software reverse engineering “near impossible” at the SyScan conference next month in Singapore. The system called HARES (Hardened Anti Reverse Engineering System) works by making sure the code is encrypted until the last possible moment in order to hamper reversing efforts. It’s an interesting read, though I am not entirely sure as to how effective, and/or practical it will actually be until it’s out and really tested. We hear claims of “impossible”, “unhackable” fairly regularly and they never really turn out to be so. Therefore, I remain skeptical until proven otherwise, but a fun read anyway.
    2. Read More @ http://www.wired.com/2015/02/crypto-trick-makes-software-nearly-impossible-reverse-engineer/?linkId=12340163
  10. Biter bitten as hacker leaks source code for popular exploit kit

    1. Last story of the week is one for the Exploit Kit fans out there. It looks like partial source code for the RIG Exploit Kit was leaked on underground forums as part of an apparent dispute between some of the people involved with the kit. There really is no honor among thieves, it looks like.
    2. Read More @ http://infosechotspot.com/browser/?onsurl=://packetstormsecurity.com/news/view/25099/Biter-Bitten-As-Hacker-Leaks-Source-Code-For-Popular-Exploit-Kit.html&onstitle=Biter%20Bitten%20As%20Hacker%20Leaks%20Source%20Code%20For%20Popular%20Exploit%20Kit&onsdesc=&onsimage=

Leave a Reply

Your email address will not be published. Required fields are marked *



Today is Friday
2018/02/23