Cool News Story Bro! Week of 07-29-2016

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hey Guys!

Welcome to another hot and humid summer edition of the news recap. Let’s see what we got in store for the week!

News Stories:

  1. Yahoo Ordered to Show How It Recovered ‘Deleted’ Emails

    1. First, an interesting story involving Yahoo, and their ability to recover “Deleted” emails. Something the company said, it is not able to actually do. A trial in the U.K utilized a “deleted” email as evidence in a conviction, and the Courts are asking Yahoo to explain how it was able to do what it claimed it cannot.
    2. Read More @ http://www.pcmag.com/news/346396/yahoo-ordered-to-show-how-it-recovered-deleted-emails
  2. Cybersecurity company executives plead guilty to hacking rival firm

    1. Five employees of Quadsys, a U.K cyber security product re-seller have been arrested under the suspicion of hacking a rival firm in order to obtain data on things like pricing, and customer data. Not a smart move.
    2. Read More @ http://www.zdnet.com/article/cybersecurity-firm-staff-plead-guilty-to-hacking-rival-firm/
  3. As expected, Verizon says it will buy Yahoo for $4.83 billion

    1. So this is not really a security related story, but it’s a big one so I felt the need to include it. Verizon is set to buy Yahoo for $4.83 billion. Considering that Yahoo was valued at $128B at one point, being sold for not even 5 shows just how far the company has fallen over the years.
    2. Read More @ http://www.recode.net/2016/7/25/12269882/as-expected-verizon-says-it-will-buy-yahoo-for-4-83-billion
  4. PornHub Hack Earns Researchers $22,000

    1. A trio of German researchers has earned a $22,000 bug bounty for a PornHub hack (PHP vulnerability) that allowed for accessing the site’s user data, and remote code execution on the PornHub servers. Not bad at all.
    2. Read More @ https://threatpost.com/pornhub-hack-earns-researchers-22000/119450/
  5. Trump Calls for Russia to Cyber-Invade the United States To Find Clinton’s “Missing” Emails

    1. This next one, I wish was made up folks. Republican Presidential Nominee Donald Trump has called on Russia to hack the U.S government again, in order to find the “missing” email’s of his Democratic rival Hilary Clinton. Considering that his campaign has been riddled with stupid declarations this shouldn’t be surprising, and yet here we are. This man could be elected president, folks.
    2. Read More @ http://gawker.com/trump-calls-for-russia-to-cyber-invade-the-united-state-1784388928
  6. Using VPN in the UAE? You’ll Be Fined Up To $545,000 If Get Caught!

    1. Next, some bad news for privacy in the UAE. A new law is making it illegal to use a VPN service in the UAE, even if traveling. Breaking the law could cost you both jailtime and a hefty fine, in the area of $545,000. Scary.
    2. Read More @ http://thehackernews.com/2016/07/vpn-is-illegal-in-uae.html
  7. Xen patches critical guest privilege escalation bug

    1. A critical privilege escalation vulnerability has been found in the Xen Hypervisor that allows for guest OS escape and for the ability to take control of the HostOS itself. The vulnerability has been patched already.
    2. Read More @ http://www.itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869
  8. 5 Failsafe Techniques For Interviewing Security Candidates

    1. Next, something a bit different. an article on different “failsafe” techniques for interviewing security candidates. Having been on both sides of the interview table, I can tell you that there are definitely right and wrong ways to do this. Needless to say, the typical interview process doesn’t necessarily work too well here, and a change in approach is needed to find the right people and not get stuck with those making you regret your hiring decision.
    2. Read More @ http://www.darkreading.com/vulnerabilities—threats/5-failsafe-techniques-for-interviewing-security-candidates/a/d-id/1326360?_mc=RSS_DR_EDT
  9. Hacker Downloads Vine’s Entire Source Code

    1. Next, another bug bounty story, paid out to a researcher for finding a vulnerability in Vine, that allowed him to download the entire source code. The core of the issue was an insecure “Docker” setup. The vulnerability has been fixed by Twitter since.
    2. Read More @ http://news.softpedia.com/news/hacker-downloads-vine-s-entire-source-code-506560.shtml
  10. Intel Security Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware

    1. Next, some good news on the ransomware front. Intel Security, Kaspersky, Europol, and Dutch Law Enforcement have teamed up in order to take down  the shade Ransomware. Better yet, they have also gained access to the encryption keys used, allowing them to develop decryption tools for the victims. Great news.
    2. Read More @ https://blogs.mcafee.com/mcafee-labs/intel-security-teams-industry-law-enforcement-thwart-shade-ransomware/
  11. Patchwork Cyber-Espionage Group Evolves to Target Enterprises

    1. Next, some APT related news. The “Patchwork” APT group seems to have evolved and started targeting private corporations. The “India” based group seems to have kept the same TTPs, but has shifted targets.
    2. Read More @ http://news.softpedia.com/news/patchwork-cyber-espionage-group-evolves-to-target-enterprises-506623.shtml
  12. Kimpton Hotels investigates potential payment card breach

    1. It wouldn’t be a news week without news of another potential PoS breach, and it’s again another hotel chain. This time it’s the Kimpton Hotels that is investigating a potential breach after suspicious patterns emerged in the Credit Cards used at the hotel. Details are still not available though this is all too familiar of a story.
    2. Read More @ http://www.scmagazine.com/possible-payment-card-breach-affecting-kimpton-hotels/article/511980/
  13. We want you! Organizations see huge hole in cybersecurity staffing needs

    1. Lastly, another article talking about the cybersecurity skills shortage, and this one is backed up by a survey conducted by Intel. Preaching to the choir folks.
    2. Read More @ http://www.scmagazine.com/we-want-you-organizations-see-huge-hole-in-cybersecurity-staffing-needs/article/512853/
– Otakun –

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Monday