Apologies for a slightly late news update. It’s been a bit of a slow news week but we still got a few things for you and an interesting podcast as well. Enjoy.
- First, a great post by FireEye on a new ATM Malware called “Ripper” that was just use in a 12 million Baht theft in Thailand. The malware itself has some new tricks, which makes it interesting, so please give it a read.
- Read More @ https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
- A while back news of Ashley Madison (“dating” website) breach and massive leak of customer data was made public, and now more details have emerged as part of an official investigation into the security of the site itself. The results of the investigation highlighted a number of rather large failings on the part of ALM Media when it comes to their security. Not the least of which was a fake “security certification” listed on their website, basically there to mislead users into thinking the website is secure. If they are willing to do things like that, it’s hardly a surprise that their actual security was fairly awful for a website that possess so much personal informati0n.
- Read More @ http://www.infosecurity-magazine.com/news/ashley-madison-failed
- The New York Times, Moscow branch was targeted by a cyber attack possibly from the same hackers that are responsible for the attack on the DNC. The FBI is currently investigating the source of the attack, even though the attack seems to have not succeeded.
- Read More @ www.infosecurity-magazine.com/news/new-york-times-targeted-in-hack
- Next, United Airlines has made some changes to its website aimed at helping improve account security of their users, though how successful they will be is yet to be seen. Krebs takes a closer look at the changes implemented, and also provides some insight into why these changes were implemented as well as a video showing off some of these changes.
- Read More @ http://krebsonsecurity.com/2016/08/united-airlines-sets-minimum-bar-on-security/
- Next, another look at the data leaked as part of the NSA Breach, this time highlighting the weaknesses in Network Infrastructure devices, and how these became the focus of some of these very advanced attacks, like the ones used by the “Equation Group” and the like. Essentially, asking the manufacturers to step up their game when it comes to securing their devices.
- Read More @ http://www.darkreading.com/endpoint/the-secret-behind-the-nsa-breach-network-infrastructure-is-the-next-target/a/d-id/1326729?_mc=sm_dr&hootPostID=6c36c7180b132d1c4132f4883648e676
- This weeks webcast is a good one. Courtesy of FireEye, this one focuses on providing some useful advice for SOC analysts on hunting (aka, looking for potential threats, etc.). They demonstrate a number of good places to look, tools to use, and ways to analyze said data. Check it out.
- Watch @ https://www.brighttalk.com/webcast/10703/218901