2016/06/25

Cool News Story Bro! Week of 06-24-2016

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hi Guys!

Busy news week this week so let’s get right down to it. Got a few webcasts for you this time around as well, enjoy!

News Stories:

  1. Attackers Used Nearly One Million IPs to Brute-Force a Financial Institution 

    1. First story of the week is about a fairly massive Brute-Force attempt targeting a Financial Institution and a Media company. Attackers used over a million different IPs and two botnets in a massive brute force attack resulting in something like 800 million login attempts.
    2. Read More @ http://news.softpedia.com/news/attackers-used-nearly-one-million-ips-to-brute-force-a-financial-institution-505413.shtml
  2. Ransomware that’s 100% pure JavaScript, no download required

    1. Next, more ransomware news but this one is rather interesting as it’s written entirely in JavaScript. The end result is the same as all other ransomware, but having it be a purely JS variant we found it notable and worth mentioning.
    2. Read More @ https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
  3. Russian bill requires encryption backdoors in all messenger apps

    1. Next, switching gears to privacy news, a new bill in Russia, if passed, will force encryption backdoors in all messaging apps. This has been a highly debated topic for a while now and let’s face it, it’s not surprising that Russia would act in favor of this.
    2. Read More @ http://www.dailydot.com/politics/encryption-backdoor-russia-fsb/
  4. Citing Attack, GoToMyPC Resets All Passwords

    1. Next, news of a password re-use attack on GoToMyPC, a remote desktop software, that resulted in the company requiring a password reset for all of it’s users. The attack seems to be reusing credentials obtained from other leaks, and breaches.
    2. Read More @ http://krebsonsecurity.com/2016/06/citing-attack-gotomypc-resets-all-passwords/
  5. Dept. of Justice Makes Plea for Mass Surveillance, Hacking

    1. More on the privacy front, the DOJ is pushing for a change that would greatly expand law enforcement agencies ability to remotely hack computers around the globe. The proposed change is an amendment to Rule 41 of the Federal Rules of Criminal Procedure. Many privacy advocate groups like the EFF are fighting against this change, citing privacy issues.
    2. Read More @ https://threatpost.com/dept-of-justice-makes-plea-for-mass-surveillance-hacking/118792/
  6. Senate rejects FBI bid for warrantless access to internet browsing histories

    1. Keeping up with the theme, the Senate has narrowly rejected an FBI bid for warrantless access to things like internet browsing histories. This request would have expended FBI’s access granted to them by the National Security Letters, which already don’t requite a warrant. Looks like this might be up for a re-vote, but the downsides are clear and many tech companies like Google and Microsoft are fighting this.
    2. Read More @ http://www.zdnet.com/article/senate-rejects-fbi-bid-for-warrantless-access-to-internet-browsing-histories/
  7. 138 security flaws in US defense websites uncovered in Hack the Pentagon

    1. The Department of Defense pilot bug bounty program “Hack The Pentagon” has ended and it seems like it’s been rather successful. 138 security flaws were reported that had bounties paid out with the highest individual bug bounty paying out $3,500. One participant collected $15,000 for multiple bug submissions.
    2. Read More @ https://nakedsecurity.sophos.com/2016/06/21/138-security-flaws-in-us-defense-websites-uncovered-in-hack-the-pentagon/
  8. Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

    1. Next, another look at the shortage of security experts, and some of the ways we can address this need through user education. Things like teaching secure coding practices to new software developers. Interesting read.
    2. Read More @ http://www.veracode.com/blog/2016/06/until-we-prioritize-security-training-we-will-remain-step-behind-cybercriminals
  9. 154 million voter records exposed, including gun ownership, Facebook profiles and more

    1. A researcher with MacKeeper has discovered a massive voter database containing 154 million voter records. The researcher has since contacted the company responsible and the situation was addressed but needless to say this was a rather careless mistake that allowed this to happen in the first place.
    2. Read More @ https://nakedsecurity.sophos.com/2016/06/23/154-million-voter-records-exposed-including-gun-ownership-facebook-profiles-and-more/
  10. Necurs Botnet is Back, Updated With Smarter Locky Variant

    1. Next, looks like the Necurs botnet is back after taking a month off, loaded with the newer varient of Locky, as well as the Dridex banking trojan. Necurs is one of the biggest botnets out there, so this will inevitably lead to a new wave of SPAM, as well as realted infections.
    2. Read More @ https://threatpost.com/necurs-botnet-is-back-updated-with-smarter-locky-variant/118883/

Webcasts:

  1. Addressing the Cyber Security Skills Shortage

    • First webcast for today, from FireEye,  looks at the Cyber Security Skills shortage, and how some of these concerns can be addressed through things like:
      • The challenge of staying ahead of the attackers with a skills gap
      • How ROI on security tools will reduce without the adequate skilled workforce
      • Adopting an adaptive defense model and the tools and techniques required
      • Benefits of partnering with a threat management organization
      • Lessons leared from building a SOC
    • Watch @ https://www.brighttalk.com/webcast/10703/199045
  2. An Analytical Approach to APT

    • Next, another webcast from FireEye, this time taking an in depth look at APT activity, and what we can learn. Great watch. Points covered include:
      • How are attackers changing the tools, techniques, and procedures that they use?
      • What can organizations do to guard against the threats of today and prepare for the threats of tomorrow?
      • How can taking an analytical approach to APT benefit your organization and improve its security posture?
    • Watch @ https://www.brighttalk.com/webcast/10703/196159
Otakun
– Otakun –

Leave a Reply

Your email address will not be published. Required fields are marked *



Today is Friday
2018/02/23