Another busy news week is upon us, got some interesting stuff as usual so let’s get going!
- First story of the week is about a few pieces of “Proof of Concept” malware that runs ont he GPU instead of the CPU. This gives it additional stealth capabilities as well as excellent computing power associated with today’s graphics cards. Even though this is merely a poc to show this is possible, it’s an interesting read.
- Read More @ http://thehackernews.com/2015/05/gpu-rootkit-linux-Keylogger.html
- Next, a privacy related story about a California women that was supposedly fired for uninstalled a tracking application from her company issued iPhone. The app supposedly kept track of her location 24/7, not just while on the clock, even if she closed the app. Pretty damn invasive if you ask me. I know I wouldn’t be comfortable with that level of tracking by my employer.
- Read More @ https://nakedsecurity.sophos.com/2015/05/13/woman-sues-employer-for-firing-her-after-she-disabled-24×7-monitoring-app
- Next, another fairly significant vulnerability has been discovered, this time it’s a Virtual Machine escape vulnerability. The bug is in the open source QEMU emulator software, in a virtual floppy disk controller software. While the bug is significant, I don’t necessarily believe it’s anywhere near as significant as something like HeartBleed, but it seems like these days every bug has to be the end of the world.
- Read More @ http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/
- Next, the obligatory Exploit Kit related story. This time it’s in regards to Angler Exploit Kit pushing a new, as of yet unknown, ransomware which seems to be a variant of “TeslaCrypt”. Ransomware is all the rage these days so be on the lookout and keep your files backed up.
- Read More @ https://threatpost.com/angler-exploit-kit-pushing-new-unnamed-ransomware/112751
- Next, some news from FireEye on a new APT campaign from the “APT17”, “DeputyDog” group. One of their recent campaigns used a fairly interesting obfuscation tactic, by leveraging Microsoft Technet for Command and Control traffic.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html
- Next, some news on the privacy end. The U.S House of Representatives has passed the “USA Freedom Act” which will curb some of the NSA metadata collection efforts, while also extending some of the provisions of the “Patriot Act”. So, mixed news on this one as extending any surveillance portions of the “Patriot Act” is a bad idea.
- Read More @ http://www.scmagazine.com/the-us-house-of-representatives-passes-the-usa-freedom-act/article/414587/
- More on APT based news, a Colorado based security firm has found evidence of the “APT28” group targeting the financial sector. APT28 are believed to be Russian based, and in course of an investigation they found evidence of malware and server infrastructure associated with the group targeting a financial firm.
- Read More @ http://www.scmagazine.com/cycyberespionage-group-apt28-expands-sights-beyond-govt-military-orgs/article/414586/
- Busy week for APT news, and we have another one. Kaspersky takes a look at the Naikon APT group, that mainly operates against targets in southeast Asia. They have been active for at least 5 years against targets in that region of the world. Fantastic read and analysis as always.
- Read More @ https://securelist.com/analysis/publications/69953/the-naikon-apt/