Another news week be upon us, and we actually have some fairly surprising news this week so read on!
- First story of the week is an Exploit Kit related one, you know how much I love those. SANS has a story on Rig Exploit Kit and the changes in its traffic pattern. Always important to keep on top of these things to better be able to detect and deal with the Exploit Kits.
- Read More @ https://isc.sans.edu/diary/Rig+Exploit+Kit+Changes+Traffic+Patterns/19533
- Next, a rather interesting turn of events in the Silk Road investigation. It looks like two federal agents involved in the investigation were arrested and charged with attempting to steal Bitcoin seized in the Silk Road take down. They were also found to be attempting to sell information on the Silk Road investigation to the Silk Road founder. I have to admit this is pretty messed up, but at least they were caught and charged.
- Read More @ https://nakedsecurity.sophos.com/2015/03/31/federal-agents-charged-over-alleged-silk-road-bitcoin-theft
- Next, some important news on the privacy front. It looks like that in a recent court ruling the US Supreme Court has decided that GPS tracking does count as a “search” under the Fourth Amendment. This is an important decision that sets precedent for future cases when it comes to geolocation as a form of search.
- Read More @ https://nakedsecurity.sophos.com/2015/04/02/gps-tracking-counts-as-a-search-says-us-supreme-court
- Next, Krebs from KrebsOnSecurity.com has a really interesting write up for anyone interested in Credit Card fraud, and related attacks. This one looks at a specific type of attack called the “EMV Replay Attack”, and a new Crimeware kit on sale on underground markets that helps facilitate such attacks. Great read.
- Read More @ http://krebsonsecurity.com/2015/04/revolution-crimeware-emv-replay-attacks/
- Next, Obama signed a new Executive Order that would allow imposing sanctions on countries determined to be involved in damaging cyber attacks on the U.S. This is one of those things that makes me think “Yea, cool that they are thinking about this stuff, but I don’t see it doing much to deter such activities.” But, you got to start somewhere I suppose.
- Read More @ http://www.scmagazine.com/executive-order-lays-out-sanctions-for-foreign-attackers/article/406881/
- Next, a look at a new APT campaign dubbed “Volatile Cedar” that looks to have been active since 2012, and attributed to Lebanon. Not a common source of such things I would have to say, but it seems like most governments these days are engaging in cyber-espionage, so I suppose it’s not that surprising. Good read.
- Read More @ http://blog.checkpoint.com/2015/03/31/volatilecedar/
- Looks like going forward Google will not longer consider certificates issued by the CNNIC – China’s central Certificate Authority, after an investigation discovered that an intermediate authority “MCS” has issued unauthorized certificates for Google domains. Needless to say the CNNIC was not a fan of this decision by Google, but at the same time I can hardly fault Google in this case.
- Read More @ http://www.scmagazine.com/after-learning-of-unauthorized-certs-google-no-longer-trusts-cnnic/article/407107/
- I saved the best for last this week. The Phase II of the Code Review of the TrueCrypt source code has finally concluded, and the findings are positive. No major issues were found, and no presence of anything like a government backdoor or similar implements was found. What happens next is up in the air as TrueCrypt as a project is no longer active, but hope remains that someone will pick up the torch. For those using the latest stable version of TrueCrypt though, this is very good news. Full report is available at the link.
- Read More @ https://threatpost.com/audit-concludes-no-backdoors-in-truecrypt/111994