Another news week is here, and it’s the last one for the month and we got some good stuff as usual. So let’s not delay and get right into it.
- The first story of the week is a fun one. Apparently a new iOS bug has been discovered that allows you to crash an iPhone by sending a specific character string to another iPhone. The string is a combination of unicode characters that apparently the iPhone does not know how to handle, which causes it to crash and restart.
- Read More @ http://www.intego.com/mac-security-blog/crash-text-message-iphone/
- Next, more privacy news. This time, President Obama has asked the Senate to renew the phone recording program that is due to expire with one of the key provisions of “The Patriot Act”. This is fairly disappointing to see I have to say, considering the widespread opposition to the program, but Obama insists it’s bad for national security to discontinue the phone collection program. I have to strongly disagree.
- Read More @ http://apnews.myway.com/article/20150526/us–obama-nsa-surveillance-93f69ee917.html
- Next, a look at the recent trend in cybercrime of targeting health care information. Lately health records seem to be the preferred target for cybercriminals as the value of the information obtained exceeds data like credit cards exponentially. Recent rise in health care breaches illustrates that the focus to stealing health data is very much the case for cybercriminals and will only get worse going forward.
- Read More @ http://www.darkreading.com/risk/escalating-cyberattacks-threaten-us-healthcare-systems/a/d-id/1320582
- Next, a story by Kaspersky that takes a look at a new malware family named “Grabit” that has some interesting functionality and design decisions. Mainly, it seems to be very well armored in order to prevent easy analysis but also seems to not do much to hide certain parts of it like the C2 communication. Good analysis as always.
- Read More @ https://securelist.com/blog/research/70087/grabit-and-the-rats/
- Next, for the obligatory Exploit Kit news of the day, it looks like Angler is exploiting the recently patched Flash CVE-2015-3090. This was patched on May 11, so a fairly quick turnaround for including it in the Angler exploit list. Someone over there is burning the midnight oil getting these integrated.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html
- Yahoo seems to be in some hot water over intercepting user emails for the purpose of mining data and delivering targeted ads. A class action lawsuit has been approved in the matter, as if true, it violates a number of privacy laws in California.
- Read More @ https://nakedsecurity.sophos.com/2015/05/28/yahoo-to-face-class-action-lawsuit-over-email-spying-claims/
- Lastly, the infamous owner of the Silk Road marketplace, Ross Ulbricht has been convicted, and sentenced to life in prison for his involvement in drug trafficking through the Silk Road. Reactions to the sentencing have been mixed, as some believe it to be harsh, but at the same time, when you do something like this you take the risk that comes with it. Of course, attempting to have hits taken out on people didn’t help his case either.
- Read More @ http://www.securityweek.com/silk-road-mastermind-sentenced-life-prison