Hello again, it’s that time of the week so let’s get to the news!
- So this is a headline I never thought I would see. It looks like the Chinese government has actually made some arrests in regards to several hackers wanted by the U.S government. This is hot off the heels of the new agreement between U.S and China to ease off hacking each other, something that to be honest I just thought would be utterly pointless and not lead to any change so this is quite a surprise.
- Read More @ https://www.washingtonpost.com/world/national-security/in-a-first-chinese-hackers-are-arrested-at-the-behest-of-the-us-government/2015/10/09/0a7b0e46-6778-11e5-8325-a42b5a459b1e_story.html
- Next, more on the ongoing encryption debate. Since the Snowden revelations there has been a very public debate on governments thought on encryption, and more importantly their intentions to backdoor and bypass encryption mechanisms in name of law enforcement. This applied as well to the idea of corporate entities forcing companies to decrypt the data they have on customers at government request. For now it looks like the White House has backed away from trying to force companies to do so through legal means. Good news for now, though I doubt this particular debate is over.
- Read More @ http://thehackernews.com/2015/10/Obama-Encryption-Policy.html
- Next, a new flash zero-day has been seen being exploited in the wild. Flash CVE 2015-7645 has been seen being used in the “Pawn Storm” campaign targeting Foreign Affairs Ministers. It’s been a bit since we have seen Flash and Java 0-days in the news on a consistent basis but they always pop up eventually.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
- Next, another week, another breach. This time it’s the “Dow Jones & Company” firm that disclosed a potential breach that they say affects only about 3500 customers. However, it also seems like the attackers might have had access to their systems as far back as August 2012. Curious to see the full details on this one.
- Read More @ https://threatpost.com/dow-jones-company-latest-financial-firm-hit-with-data-breach/115002/
- Generally we don’t have too many stories on mobile devices but this one was interested. 3 researchers from University of Cambridge have been doing some research on the security of Android devices and have found it to be woefully inadequate. About 85% of the devices assessed were deemed insecure. For full details read on.
- Read More @ https://threatpost.com/researchers-find-85-percent-of-android-devices-insecure/115030/
- We knew through the Snowden leaks that NSA has circumvented security built into encrypted communication channels like SSH, VPN, SSL…but we did not quite have the exact means of how they did so. In a recent presentations two security researchers have presented their theory of how this was most likely done. Good read for anyone interested in the topic.
- Read More @ http://thehackernews.com/2015/10/nsa-crack-encryption.html