A pretty juice news week this week. Some pretty high profile stuff, so I hope you enjoy !
- Our first story this week is also arguably the biggest one. It looks like the NSA was hacked, as a group calling themselves “The Shadow Brokers” released the tools and files using by the so called “Equation Group”, which was strongly linked to the U.S government. The early analysis of the files and the tools released indicate this is legitimate. Some of the more interesting data includes the exploits for a number of Firewalls including Cisco, Fortinet, and Juniper. The group is also holding a second trove of data as well, but are auctioning them for a million bitcoin, which translates to about half a billion dollars. So that auction seems to be in jest more than anything. This however, is an embarrassing blow to the NSA, and it will be interesting to see what else comes out of this.
- Read More @ http://thehackernews.com/2016/08/nsa-hacking-tools.html
- Next, to follow up on the above. The awesome folks at Kaspersky took a look at some of the files in the NSA leak and made a likely connection to the Equation Group based on the unique implementation of the RC5/RC6 crypto. Great read as always.
- Read More @ https://securelist.com/blog/incidents/75812/the-equation-giveaway/
- And the last NSA leak related story for this week, definitively links the leaked files to the NSA, through some previously unavailable to the public documents released by Snowden. Read on for the details.
- Read More @ https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
- Next, another week, another PoS related breach. Keeping with the recent hotel theme, Westin, Marriott, and Sheraton join the list of victims. Initial breach seems to have occurred around March 2015. There isn’t a ton of details available at the moment, but needless to say not great news for anyone frequenting those hotels.
- Read More @ https://threatpost.com/westin-marriott-sheraton-hotels-hit-by-payment-card-malware/119879/
- Next, some good news to mix things up a bit. Microsoft, in a somewhat unexpected move, has Open Sourced the PowerShell scripting language under the MIT license. They also released a alpha version of PowerShell on Linux as well. Pretty cool, if you ask me.
- Read More @ http://thehackernews.com/2016/08/microsoft-powershell-linux.html
- Next, another PoS breach, and this time it’s the Eddie Bauer store chain in U.S and Canada that has had ALL of it’s stores infected, going back to January 2nd of this year. As usual Krebs is on point with the news.
- Read More @ https://krebsonsecurity.com/2016/08/malware-infected-all-eddie-bauer-stores-in-u-s-canada/
- It looks like a number of government email accounts were targeted in an e-mail based attack. Essentially attempting to DOS the target inbox by filling it up with newsletter subscriptions and the like. The person behind the attack is unknown, but it looks like Krebs, who broke the news, was also added to the list. Been a while since I saw an attack like this make the newx.
- Read More @ http://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/
- Next, another look at the all familiar story of the “talent shortage” in the security space. Hardly news at this point, but this looks at a recent Kaspersky report that highlights this issue and some of the other costs associated with it.
- Read More @ http://www.itsecurityguru.org/2016/08/16/the-real-cost-of-the-it-security-talent-shortage-200-per-cent-premium-on-recovery-costs