Time for another news week round up. Enjoy!
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
- First story of the week, courtesy of FireEye, is of a new APT campaign from group APT28, believed to be from Russia. This particular attack leverages the Adobe Flash vulnerability (CVE-2015-3043) and a Windows privilege escalation vulnerability (CVE-2015-1701). Detailed analysis by FireEye as always. Good read.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
- Next, some good news on the privacy front. A court in Germany has deemed AdBlock Plus legal, concluding that the users have the right to control what happens on their screen. This is a pretty important decision considering the increased debate over legitimacy of ad blocking software. Hopefully this serves as precedent going forward.
- Read More @ http://venturebeat.com/2015/04/21/german-court-rules-adblock-plus-is-legal/
- Next, a new bipartisan law was introduced that aims to soften penalties for certain hacking offenses that currently carry harsh penalties under the “Computer Fraud and Abuse Act”. This law aims to make the punishment more fitting of the crime, when it comes to hacking offenses. It’s named after Aaron Swartz, a hacktivist who took his own life in what many people believe to have been caused by stress caused by his own trial for hacking offenses.
- Read More @ http://thehill.com/policy/cybersecurity/239568-aarons-law-would-focus-punishments-on-malicious-hackers
- Next, another APT campaign analysis, this time brought to you by Kaspersky, takes a look at the “CozyDuke”, “OfficeMonkey” APT group. Great analysis as always.
- Read More @ https://securelist.com/blog/research/69731/the-cozyduke-apt/
- Next, a story for all the bug bounty hunters out there. Microsoft’s new Spartan browser was shown for the first time recently, and now they seem to want to make sure that there are no glaring security issues and are offering a bounty for anyone that is able to subvert the built in security controls. The bounty goes up to $15,000 and varies based on the criticality of the vulnerability and which mechanisms it is able to bypass.
- Read More @ http://thehackernews.com/2015/04/microsoft-project-spartan-browser-security.html
- Keeping up with the APT news this week, Pentagon announced that one of it’s unclassified networks was breached earlier this year by Russian hackers. Supposedly, the attack was detected and stopped quickly, and they warn that retaliatory attacks are not out of the question.
- Read More @ http://www.reuters.com/article/2015/04/23/us-usa-pentagon-cyber-idUSKBN0NE29E20150423
- This week, the U.S Department of Defense (DoD) unveiled its Cyber Strategy that will guide the development of their Cyber forces. It’s an interesting read, and if anything, good news for any qualified security professionals. Demand doesn’t seem to be going away anytime soon.
- Read More @ http://www.securityweek.com/department-defense-unveils-new-cyber-strategy