Cool News Story Bro! Week of 12-18-2015

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys,

It’s that time of the week, so let’s get going. News away!

  1. Google Bans Symantec Root Certificates

    1. Google will be distrusting the Symantec Root Certificates in the coming weeks as they claim it no longer complies with the “CA/Browser Forum’s Baseline Requirements”. Google feels the certificate can no longer be trusted and will be distrusting it across Chrome and Android products.
    2. Read More @ https://googleonlinesecurity.blogspot.jp/2015/12/proactive-measures-in-digital.html
  2. FBI director renews push for back doors, urging vendors to change business models

    1. Next, another story for the encryption backdoors debate. This time the FBI director is reiterating his stance that technology products should have a backdoor, they just shouldn’t be called a backdoor. Makes sense right? Yea, I didn’t think so either.
    2. Read More @ http://www.networkworld.com/article/3014057/security/fbi-director-renews-push-for-back-doors-urging-vendors-to-change-business-models.html
  3. Uncovering Active PowerShell Data Stealing Campaigns

    1. Next, an interesting analysis of of some data stealing campaigns using PowerShell scripts for their data stealing methods. FireEye provides a good breakdown on how the campaign works, tools used, etc. and it shows how use of PowerShell is increasing in malicious attacks.
    2. Read More @ https://www.fireeye.com/blog/threat-research/2015/12/uncovering_activepower.html
  4. LATENTBOT: Trace Me If You Can

    1. Next, another interesting article by FireEye, this time showing an analysis of a new, highly obfuscated bot called “Latentbot”. This both has been in operation since 2013, though leaving very few traces. Really good read.
    2. Read More @ https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
  5. Critical Remote Root Zero-Day In FireEye Appliances

    1. To keep going with FireEye related news, this time a not so flattering one for them though as Google’s project zero has discovered a critical remote zero-day in FireEye appliances that basically allows for complete compromise of the FireEye appliance through a specially crafted Java Archive file (JAR). FireEye has patched this already though they are getting quite a bit of flack from the security community for what they deem is a poor hardening effort for their own devices.
    2. Read More @ http://www.darknet.org.uk/2015/12/critical-remote-root-zero-day-fireeye-appliances/
  6. Path traversal flaw reported in Kaspersky Anti-Virus

    1. Next, a vulnerability has been discovered in Kaspersky Anti-Virus that can allow an attacker to view files on the victim’s system through a path traversal vulnerability in the “Virtual Keyboard” application included in Kaspersky Anti Virus products.
    2. Read More @ http://www.scmagazine.com/kaspersky-anti-virus-has-path-traversal-flaw/article/460379/
  7. Juniper Finds Backdoor that Decrypts VPN Traffic

    1. Keeping with the theme of big vendors and vulnerabilities, Juniper has found a backdoor in their NetScreenOS product that allows for the VPN traffic to be decrypted. It also allows for admin access to the device as well. Juniper did not comment on how they think this code was inserted, but there is some speculation that it could be related to the NSA backdoors mentioned in the Snowden leaks.
    2. Read More @ https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/
  8. J.P. Morgan, Bank of America, Citibank And Wells Fargo Spending $1.5 Billion To Battle Cyber Crime

    1. Next, an interesting Forbes article on the security budgets of some of the largest American banks. Combined Chase, BOA, and Citibank, and Wells Fargo are spending $1.5 billion on cybersecurity.Which does illustrate how much of a threat they believe to be out there, when it comes to cyber crime. In some cases, some of these budgets are double over the previous year’s spending. This is good news as weekly stories of breaches show that this will only continue to occur and the only way to fight it is to take security seriously.
    2. Read More @ http://www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/
  9. UK Man Arrested in Connection with VTech Breach

    1. Recently we brought you several stories regarding the Toy Maker VTech breach. This week comes the news that a 21 year old UK man was arrested on suspicion of committing the VTech breach. Investigation is still ongoing.
    2. Read More @ http://www.infosecurity-magazine.com/news/uk-man-arrested-connection-with?utm_source=twitterfeed&utm_medium=twitter


– Otakun –


Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Monday