Welcome to the first news post for December. Hope you had a great Thanksgiving, for those who celebrate. But now let’s see what news we have in store for this week.
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
- First, an APT themed story by FireEye taking a look at an “Unnamed” Chinese Based APT group whose latest campaign is using Dropbox for Command and Control, and is targeting Hong Kong based media outlets. Good info on the malware and the campaign itself.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
- Next, some news on the privacy front. An article takes a look at some of the details behind the “National Security Letter” program, essentially a way for the FBI to collect vast amounts of data without a warrant. Generally the details of the “NSL” have been a secret but finally some information has been revealed on what this allows the agency to do.
- Read More @ yro.slashdot.org/story/15/12/01/1359214/revealed-what-info-the-fbi-can-collect-with-a-national-security-letter
- Next, it looks like we have a new player in the Point of Sale Malware family, named “Pro PoS”. This is a lightweight yet very powerful piece of PoS malware. It has a number of interesting features including a polymorphic engine, and TOR integration.
- Read More @ http://thehackernews.com/2015/12/point-of-sale-system-malware.html
- So it seems like the Department of Homeland Security has a program where it offers Penetration Testing service to American companies in order to improve their cyber defense capabilities. The program is called (NCATS) – National Cybersecurity Assessment and Technical Services. Brian Krebs has gathered information on the program that so far has been fairly under the radar.
- Read More @ http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/
- Next, the inevitable news of another breach arises. This time the toy maker VTech was breached and information on 5 million customers has been taken. Information taken ranges from e-mail to security questions.
- Read More @ https://threatpost.com/data-on-5-million-users-compromised-in-breach-at-toy-maker-vtech/115495/
- Next, a bit more news on the privacy front, and the news is good. As of November 30th the NSA Bulk Phone Surveillance program is officially over, as the agency is no longer allowed to collect such records. Hooray for privacy!
- Read More @ http://thehackernews.com/2015/11/nsa-phone-surveillance.html
- In an effort to crack down on sale of counterfeit goods “US Immigration and Customs Enforcement’s” (ICE) and law enforcement from as many as 27 countries shut down 37,000 sites selling counterfeit goods. Good news.
- Read More @ https://nakedsecurity.sophos.com/2015/12/02/37000-websites-selling-counterfeit-goods-taken-down-in-global-effort/
Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools
- Next, a detailed view of an operation “Black Atlas” targetting PoS systems worldwide. Operations seems to have gone into full swing in order to target retailers on Thanksgiving. Good read.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools/
- China, in a move that surprises no one has again claimed that the Office of Personnel Management breach was not done by the Chinese government, but by Chinese criminal gangs.
- Read More @ http://thehackernews.com/2015/12/china-hacker-opm-breach.html
- Two years after the breach, Target has reached a settlement with the banks over the breach for $39 million. Honestly I thought it would be more than this given the scope of the breach.
- Read More @ https://nakedsecurity.sophos.com/2015/12/04/target-settles-with-banks-for-39-million-after-epic-data-breach/
- The Sofacy APT group has some new tools up their sleeve. Kaspersky takes a loot at some of the updates to the Sofacy campaign. Good read.
- Read More @ https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/