Cool News Story Bro! Week of 03-06-2015

by Otakun
Categories: News
Comments: Leave a Comment

Hi Guys,

Hope you are having a good week. Not a terribly busy news week but still have some good stuff for you. Enjoy!

  1. Anthem Refuses To Let Inspector General Conduct Full Security Audit

    1. First story of the week is another related to the “Anthem” breach. It has come to light that Anthem had refused to allow an auditor from the Office of Personnel Management’s Office of the Inspector General (OIG) to conduct a security audit. Anthem allowed an audit in September 2013, but refused any subsequent ones. It seems like the opinion on whether this was the right move is split, and a “damned if you do, damned if you don’t” scenario for “Anthem”.  Either way, it brings more attention to them when they probably didn’t want any.
    2. Read More @ http://www.darkreading.com/anthem-refuses-to-let-inspector-general-conduct-full-security-audit/d/d-id/1319365
  2. Intuit Failed at ‘Know Your Customer’ Basics

    1. Next, a story by krebsonsecurity.com about the company behind “Turbo Tax”, Intuit, and some of their recent security troubles. We brought you in recent weeks about fraudulent  returns being filed for some of the “Turbo Tax” customers. Since then, Intuit has implemented additional security controls, but they don’t seem to go far enough, as they still seem to not be taking some of the basic measures like E-mail validation, etc. Important read if you plan to use “Turbo Tax” to file your returns, or are considering that as an option.
    2. Read More @ http://krebsonsecurity.com/2015/03/intuit-failed-at-know-your-customer-basics/
  3. Dridex Banking Trojan Spreading Via Macros in XML Files

    1. Next, another updated on the rather prolific Dridex banking trojan that has been getting quite a bit of attention in the past months. It looks like they added a new tactic to their bag of tricks, this time spreading via malicious XML attachments. This isn’t a massive departure from their other campaigns, but just an addition of .xml files as the infection vector, as they are hoping users will consider these innocuous.
    2. Read More @ http://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503
  4. Adobe launches bountyless bug hunt program on HackerOne

    1. This next story is an interesting one. It looks like Adobe is finally launching a bug bounty program, but there is a catch. Instead of a cash reward they are offering “reputation” rewards using the “HackerOne” platform. Essentially, this is suppose to increase the visibility, and the reputation of the researcher on the HackerOne platform making their submissions carry more weight than some of the lower ranked ones. Question is, is this enough? Considering that most big companies are offering cash rewards, and even those are only a fraction of what those exploits can go for on the underground markets. Time will tell, but to the skeptical among us this just seems like Adobe attempting to avoid paying researchers for their work.
    2. Read More @ https://nakedsecurity.sophos.com/2015/03/06/adobe-launches-bountyless-bug-hunt-program
  5.  Republicans’ “Internet Freedom Act” would wipe out net neutrality

    1. Next, a Net Neutrality related news article. Well, that didn’t take long, it looks like Republicans are already attempting to reverse the recent FCC decisions on Net Neutrality by introducing what they call the “Internet Freedom Act”, except it’s anything but. It would effectively reverse all of the FCC decisions. The good news is that the President has already said he would veto it, if it came that far but this does show that Republicans are already attempting to kill Net Neutrality regulations making it clear where their allegiances are.
    2. Read More @ http://arstechnica.com/business/2015/03/republicans-internet-freedom-act-would-wipe-out-net-neutrality/ 
  6. Credit Card Breach at Mandarin Oriental

    1. Next, another story by Krebs, this time in regards to another potential breach. This time it’s the “Mandarin Oriental Hotel Group”, that owns a number of high end hotels in the U.S. There is no confirmed breach, but they are investigating. We will bring you any additional stories on this one as details emerge.
    2. Read More @ http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/
  7. Alleged Anonymous hacker deported back to the U.S.

    1. A hacker supposedly associated with Anonymous is being deported to the U.S. He was investigated in regards to a number of sensitive government documents that were uploaded to a server of his during his time as a member of Anonymous. He is also being investigated on charges of child pornography, and if convicted could face up to 25 years in prison.
    2. Read More @ http://www.scmagazine.com/canada-deports-matt-dehart-back-to-the-us/article/401549/
  8. FREAK attack on TLS/SSL Flaw Affects Popular Domains and Browsers

    1. Next, we have disclosure of yet another TLS/SSL vulnerability, codenamed “FREAK” (Factoring RSA Export Keys). Vulnerability allows for MITM of SSL traffic by forcing a downgrade of encryption used in the SSL communication to a weaker, crackable cipher. However, it’s not an easy flaw to take advantage of, but is still significant as it is yet another in the string of vulnerabilities in SSL over the past year or so.
    2. Read More @ http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/freak-attack-on-tls-ssl-flaw-affects-popular-domains-and-browsers
  9.  57 arrested in nationwide cyber crime strike week

    1. Looks like it’s a bad week to be a cyber criminal in the U.K. The National Crime Agency (NCA), working with government and industry partners has made 57 arrests related to various cyber crimes committed against targets in and outside of the U.K. Charges include DDoS attacks, network intrusions, data theft, creation and spreading of malware, and various others.
    2. Read More @ http://www.nationalcrimeagency.gov.uk/news/news-listings/560-57-arrested-in-nationwide-cyber-crime-strike-week
  10. BEWARE! μTorrent Silently Installing Bitcoin Mining Software

    1. Our final story is for any user of the popular BitTorrent client, uTorrent. It looks like the latest version,
    2. Read More @ http://thehackernews.com/2015/03/beware-torrent-silently-installing.html

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Monday