It’s that time of the week again, good stuff in the pipeline as usual….so let’s do it!
- First story of the week is another one that puts Chinese privacy practices into a negative light. This time major Chinese ISPs have been caught red handed injecting ads and malware into web pages, and going as far as redirecting user traffic in order to benefit ad companies and the ISP itself. Israeli researchers have detailed the practice in their research.
- Read More @ http://thehackernews.com/2016/02/china-hacker-malware.html
- Next, a good write up as usual from Kaspersky on the “ATMZombie” banking Trojan targeting Israel. Really good read.
- Read More @ https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/
- Next, a look into the Brazillian Credit Card fraud activities. It looks like now that some crooks are offering a new card verification service, meant to validate stolen card numbers. Basically, the service does this by doing very small transactions in order to make sure the card numbers are legit. It then maintains a list to separate the good from the bad.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/card-verification-now-offered-as-a-service-by-brazilian-cybercriminals/
- So, it looks like SnapChat had a bit of a security snafu, as it fell pray to a spear phishing attack that ended up resulting in loss of payroll data. A phisher impersonated the CEO and requested Payroll Information from the Payroll Department, and they ended up providing it, even though it was not actually the company CEO. Company has since apologized and said it would redouble their training in order to prevent this from occurring again.
- Read More @ https://nakedsecurity.sophos.com/2016/02/29/snapchat-snared-by-phishers-impersonating-ceo-employee-data-swiped/
- Next, and arguably the biggest news this week is about yet another attack on SSL, called “DROWN” that takes advantage of weaknesses in SSLv2 to put millions of websites at risk. Granted SSLv2 has been known to be vulnerable for a long time, it is still supported by many sites for legacy reasons.
- Read More @ http://thehackernews.com/2016/03/drown-attack-openssl-vulnerability.html
- So it looks like Wendy’s has finally confirmed that the company was breached, in their preliminary 2015 annual report.While they are saying that they don’t know the extent of the breach they did confirm that a breach did occur and Card data was compromised. Initial news of a potential breach surfaced in January, but has not been officially confirmed until now. In a correspondence with Krebs on Security, Credit Union representatives have stated that a number of fraudulent transactions have occurred and that the cards were used at Wendy’s.
- Read More @ http://krebsonsecurity.com/2016/03/credit-unions-feeling-pinch-in-wendys-breach/
- Next comes the news of a new bug bounty program, and this time it’s by the federal government called “Hack The Pentagon”. Program is only for “vetted” hackers and it begins in April. Good news I suppose.
- Read More @ http://www.npr.org/sections/thetwo-way/2016/03/02/468887190/u-s-announces-hack-the-pentagon-bug-bounty-program
- In a report by Akamai, it looks like DDoS attacks are rising, but their profile is changing. It’s not exactly surprising, though good to see some proof.
- Read More @ https://nakedsecurity.sophos.com/2016/03/02/ddos-attacks-are-soaring-says-new-report/
- This next one is interesting, though expected. It looks like the security talent shortage is affecting the bad guys as much as the good guys. Tough time for all those enterprising crooks. You just can’t find good talent anymore, tsk tsk.
- Read More @ news.slashdot.org/story/16/03/01/2144211/security-talent-shortage-hits-cybercrime-groups-too
- So, it looks like Apple is facing a fight on encryption in France as well as at home. Potentially, they are facing a million dollar fine for every iPhone they refuse to unlock.
- Read More @ http://thehackernews.com/2016/03/france-apple-iPhone-unlock.html