Cool News Story Bro! Week of 12-04-2015

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys,

Welcome to the first news post for December. Hope you had a great Thanksgiving, for those who celebrate. But now let’s see what news we have in store for this week.

  1. China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets

    1. First, an APT themed story by FireEye taking a look at an “Unnamed” Chinese Based APT group whose latest campaign is using Dropbox for Command and Control, and is targeting Hong Kong based media outlets. Good info on the malware and the campaign itself.
    2. Read More @ https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
  2. Revealed: What Info the FBI Can Collect With a National Security Letter

    1. Next, some news on the privacy front. An article takes a look at some of the details behind the “National Security Letter” program, essentially a way for the FBI to collect vast amounts of data without a warrant. Generally the details of the “NSL” have been a secret but finally some information has been revealed on what this allows the agency to do.
    2. Read More @ yro.slashdot.org/story/15/12/01/1359214/revealed-what-info-the-fbi-can-collect-with-a-national-security-letter
  3. Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas

    1. Next, it looks like we have a new player in the Point of Sale Malware family, named “Pro PoS”. This is a lightweight yet very powerful piece of PoS malware. It has a number of interesting features including a polymorphic engine, and TOR integration.
    2. Read More @ http://thehackernews.com/2015/12/point-of-sale-system-malware.html
  4. DHS Giving Firms Free Penetration Tests

    1. So it seems like the Department of Homeland Security has a program where it offers Penetration Testing service to American companies in order to improve their cyber defense capabilities. The program is called (NCATS) – National Cybersecurity Assessment and Technical Services. Brian Krebs has gathered information on the program that so far has been fairly under the radar.
    2. Read More @ http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/
  5. Data on 5 Million Users Compromised in Breach at Toy Maker VTech

    1. Next, the inevitable news of another breach arises. This time the toy maker VTech was breached and information on 5 million customers has been taken. Information taken ranges from e-mail to security questions.
    2. Read More @ https://threatpost.com/data-on-5-million-users-compromised-in-breach-at-toy-maker-vtech/115495/
  6. Today NSA has Stopped its Bulk Phone Surveillance Program

    1. Next, a bit more news on the privacy front, and the news is good. As of November 30th the NSA Bulk Phone Surveillance program is officially over, as the agency is no longer allowed to collect such records. Hooray for privacy!
    2. Read More @ http://thehackernews.com/2015/11/nsa-phone-surveillance.html
  7. 37,000 websites selling counterfeit goods taken down in global effort

    1. In an effort to crack down on sale of counterfeit goods “US Immigration and Customs Enforcement’s” (ICE)  and law enforcement from as many as 27 countries shut down 37,000 sites selling counterfeit goods. Good news.
    2. Read More @ https://nakedsecurity.sophos.com/2015/12/02/37000-websites-selling-counterfeit-goods-taken-down-in-global-effort/
  8. Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools

    1. Next, a detailed view of an operation “Black Atlas” targetting PoS systems worldwide. Operations seems to have gone into full swing in order to target retailers on Thanksgiving. Good read.
    2. Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools/
  9. China — OPM Hack was not State-Sponsored; Blames Chinese Criminal Gangs

    1. China, in a move that surprises no one has again claimed that the Office of Personnel Management breach was not done by the Chinese government, but by Chinese criminal gangs.
    2. Read More @ http://thehackernews.com/2015/12/china-hacker-opm-breach.html
  10. Target settles with banks for $39 million after epic data breach

    1. Two years after the breach, Target has reached a settlement with the banks over the breach for $39 million. Honestly I thought it would be more than this given the scope of the breach.
    2. Read More @ https://nakedsecurity.sophos.com/2015/12/04/target-settles-with-banks-for-39-million-after-epic-data-breach/
  11. Relentless Sofacy APT Attacks Armed With Zero Days, New Backdoors

    1. The Sofacy APT group has some new tools up their sleeve. Kaspersky takes a loot at some of the updates to the Sofacy campaign. Good read.
    2. Read More @ https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/
– Otakun –

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Monday