It’s that time of the week, so let’s get going. News away!
- Google will be distrusting the Symantec Root Certificates in the coming weeks as they claim it no longer complies with the “CA/Browser Forum’s Baseline Requirements”. Google feels the certificate can no longer be trusted and will be distrusting it across Chrome and Android products.
- Read More @ https://googleonlinesecurity.blogspot.jp/2015/12/proactive-measures-in-digital.html
- Next, another story for the encryption backdoors debate. This time the FBI director is reiterating his stance that technology products should have a backdoor, they just shouldn’t be called a backdoor. Makes sense right? Yea, I didn’t think so either.
- Read More @ http://www.networkworld.com/article/3014057/security/fbi-director-renews-push-for-back-doors-urging-vendors-to-change-business-models.html
- Next, an interesting analysis of of some data stealing campaigns using PowerShell scripts for their data stealing methods. FireEye provides a good breakdown on how the campaign works, tools used, etc. and it shows how use of PowerShell is increasing in malicious attacks.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/12/uncovering_activepower.html
- Next, another interesting article by FireEye, this time showing an analysis of a new, highly obfuscated bot called “Latentbot”. This both has been in operation since 2013, though leaving very few traces. Really good read.
- Read More @ https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
- To keep going with FireEye related news, this time a not so flattering one for them though as Google’s project zero has discovered a critical remote zero-day in FireEye appliances that basically allows for complete compromise of the FireEye appliance through a specially crafted Java Archive file (JAR). FireEye has patched this already though they are getting quite a bit of flack from the security community for what they deem is a poor hardening effort for their own devices.
- Read More @ http://www.darknet.org.uk/2015/12/critical-remote-root-zero-day-fireeye-appliances/
- Next, a vulnerability has been discovered in Kaspersky Anti-Virus that can allow an attacker to view files on the victim’s system through a path traversal vulnerability in the “Virtual Keyboard” application included in Kaspersky Anti Virus products.
- Read More @ http://www.scmagazine.com/kaspersky-anti-virus-has-path-traversal-flaw/article/460379/
- Keeping with the theme of big vendors and vulnerabilities, Juniper has found a backdoor in their NetScreenOS product that allows for the VPN traffic to be decrypted. It also allows for admin access to the device as well. Juniper did not comment on how they think this code was inserted, but there is some speculation that it could be related to the NSA backdoors mentioned in the Snowden leaks.
- Read More @ https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/
- Next, an interesting Forbes article on the security budgets of some of the largest American banks. Combined Chase, BOA, and Citibank, and Wells Fargo are spending $1.5 billion on cybersecurity.Which does illustrate how much of a threat they believe to be out there, when it comes to cyber crime. In some cases, some of these budgets are double over the previous year’s spending. This is good news as weekly stories of breaches show that this will only continue to occur and the only way to fight it is to take security seriously.
- Read More @ http://www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/
- Recently we brought you several stories regarding the Toy Maker VTech breach. This week comes the news that a 21 year old UK man was arrested on suspicion of committing the VTech breach. Investigation is still ongoing.
- Read More @ http://www.infosecurity-magazine.com/news/uk-man-arrested-connection-with?utm_source=twitterfeed&utm_medium=twitter