It’s that time of the week again, and another news round up coming your way. Hope you enjoy !
- First story of the week is of 2 newly discovered vulnerabilities in MySQL. A Polish researcher discovered the two vulnerabilities CVE-2016-6662 and CVE-2016-6663, that when exploited could allow for full control of the database. As of this time, Oracle has not patched the vulnerabilities yet.
- Read More @ http://thehackernews.com/2016/09/hack-mysql-database.html
- Next, some Snowden news. Mainly, that the ACLU is organizing a campaign to convince President Obama to pardon him. This campaign coincides with the release of the movie by the same name. I am skeptical that this will actually happen, even though I believe it should. Still, glad to see ACLU is doing this.
- Read More @ http://fusion.net/story/346043/aclu-pardon-campaign-obama-edward-snowden/
- Next, another story on the privacy front. This one looks at the FBI’s near future plans to gain the authority to conduct mass hacking without a search warrant, through an amendment to Rule 41 of the Federal Rules of Criminal Procedure. Senator Ron Wyden, is currently proposing a bill to prevent this change from taking effect. Let’s hope this change is stopped before it’s too late. Last thing FBI needs is more surveillance powers.
- Read More @ https://blog.torproject.org/blog/fbis-quiet-plan-begin-mass-hacking
- Going in directly from the above story, a Federal Judge has rules that the FBI hack of a suspect’s computer is considered a search, and therefore would require a warrant. This issue was brought up in regards to the arrest made regarding the “Child Porn Trafficking” website PlayPen, that was shut down by the FBI, however one of the suspects is arguing the evidence should be dropped because it was obtained through an unauthorized search.
- Read More @ http://www.slate.com/blogs/future_tense/2016/09/12/federal_judge_rules_fbi_can_t_hack_someone_s_computer_without_warrant.html?linkId=28667255
- So, next, a survey found some interesting results in regards to security certifications. Primarily, that they are highly valued by recruiters, but that they aren’t verified that consistently. However, the reason I wanted to include this is because it includes a list of what certifications are considered valuable, and it’s quite depressing to see that CISSP, and CEH, are highly prized and are in the same ballpark as something like GSEC. Personally, while I think that security certifications can be valuable, generally the CISSP is something I feel should not be discussed in the same breath as anything from a great source of training like SANS.
- Read More @ http://www.darkreading.com/careers-and-people/security-certifications-highly-valued-but-not-always-verified/d/d-id/1326882
- Next, our obligatory story from Krebs on Security, and this time it’s a great write up on some of the changes in the ransomware landscape. As usual, great research, and very informative article. Give it a read.
- Read More @ http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive/
- Next, some updates on the recent changes to the Dridex banking trojan. Largest ones being the ability to target Cryptowallets, and also the new techniques to make analysis and reverse engineering efforts more difficult.
- Read More @ http://www.scmagazine.com/new-cryptocurrency-targeting-and-detection-evade-features-in-dridex/article/521743/
- Next, the first CISO for the US Federal Government has been appointed, as part of the Cybersecurity National Action Plan (CNAP), which aims to improve the security of the federal government and the country as a whole.
- Read More @ www.infosecurity-magazine.com/news/us-appoints-first-ever-ciso
- Lastly, alleged hacker Lauri Love, accused of hacking several high profile U.S government organizations looks to have lost the extradition case, as the U.K court has ruled that he can be extradited. The decision will be appealed, as it’s not a straightforward case due to the fact that Love suffers from Asperger’s Syndrome. Argument from his side are claiming that the extradition would be an abuse of his human rights.
- Read More @ www.infosecurity-magazine.com/news/alleged-hacker-lauri-love/