A bit later than usual on the news post but here it is. Got some good stuff so let’s not keep you waiting any longer.
- Tough day for Thawte, as news came out noting that they accidentally released a number of rogue certificates, including ones for Google. Apparently these were supposed to be used for internal testing only but they found their way outside the lab environment. This has since been addressed, but still a fairly big “oops” on their part.
- Read More @ tech.slashdot.org/story/15/09/19/2313220/symantec-subsidiary-thawte-issues-rogue-google-certificates
- Next, a story by Krebs that takes another look at the 2013 breach of “Target”. Apparently he has received the Internal Corporate Report on this particular incident and details some of the more interesting points to come out of it. Good read.
- Read More @ http://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/
- Next, some privacy news on the ever popular Smartphone Encryption debate that has been in the headlines for quite a while now. Obama Administration looked into 4 different ways to bypass smartphone encryption and concluded that they were all technically feasible solutions, but they would not proceed with implementation as they feared public blowback. Have to say I am a bit surprised they now start caring about public opinion on such matters.
- Read More @ https://www.washingtonpost.com/world/national-security/obama-administration-ponders-how-to-seek-access-to-encrypted-data/2015/09/23/107a811c-5b22-11e5-b38e-06883aacba64_story.html
- Next, some news on the APT front, and go figure China’s PLA is in the news again as the Naikon APT group has been tied tot he Chinese PLA. Shocking, I know…no wait, the other one, not shocking at all. Good read.
- Read More @ https://threatpost.com/naikon-apt-group-tied-to-chinas-pla-unit-78020/114798/
- Next, your obligatory Exploit Kit story. We really are covering all the bases this week. Looks like Forbes.com was used in a malvertising campaign that was redirecting users to Neutrino and Angler Exploit Kits. Seems like more and more fairly well known, high traffic sites are still falling victim to malicious ads.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/09/malvertising_attack.html
- Next, more information regarding the massive OPM breach. To make a really bad situation worse, recently it has been reported that part of the information stolen int he breach included 5.6 million fingerprints of federal employees. Just when you think it couldn’t get any worse.
- Read More @ http://thehackernews.com/2015/09/opm-hack-fingerprint.html
- Lenovo is in the news again, I bet you can guess why? Yep…installing spyware on their laptops again. This time their refurbished hardware has been found to contain intensive marketing software that sends user data directly back to Lenovo. You would think they would have learned by now, but I guess not.
- Read More @ http://thehackernews.com/2015/09/lenovo-laptop-virus.html
- Lastly, to close out with some good news on the privacy front, US court has ruled that your smartphone passcodes are protected by the Fifth Amendment, meaning that you should not have to hand them over to law enforcement if you so choose. This is a big win for privacy, now if only this would also extent to encryption on your PC.
- Read More @ https://nakedsecurity.sophos.com/2015/09/25/smartphone-passcodes-are-protected-by-the-fifth-amendment-says-us-court/