It’s that time of the week, so let’s get to it.
- First story of the day is of another breach. This time it’s the phone hacking company “Cellebrite” that has had 900GB of data leak. The Israeli company provides things like forensic products for smartphones, to governments and law enforcement agencies.
- Read More @ http://motherboard.vice.com/read/hacker-steals-900-gb-of-cellebrite-data
- Next, a great write up on the “EyePyramid” attacks that targeted Italy, by Kaspersky. While the campaign and the malware doesn’t seem to be terribly complex, it’s an interesting read.
- Read More @ https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/
- Next, a link to a FireEye report on APT28, the hacking group believed to be backed by the Russian government, as well as the one most likely to be behind the election hacking.
- Read More @ https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html
- A 21 year old student is facing a potential prison time of up to 10 years for creating and selling the “Limitless Keylogger” that he developed while in high school. Since then the tool has been supported and updated and used on upwards of 16,000 victims.
- Read More @ http://thehackernews.com/2017/01/limitless-keylogger-pro.html
- Next, in Exploit Kit news, it looks like the new update to the Sundown Exploit Kit includes a cryptocurrency miner as well. However, the researchers note that it has been implemented in a very careless way, leading them to believe it’s the authors attempting to utilize and open source tool in the EK.
- Read More @ https://www.scmagazine.com/new-sundown-ek-iteration-delivering-a-cryptocurrency-miner/article/630493/
- Next, something a bit different. A read on how to encourage, and promote cybersecurity awareness. User education, or lack there of, is one of the biggest reasons companies get breached. The simplest way to break into any company is through the human element. This article looks at some of the ways to improve security awareness and good steps to take to developing a good program.
- Read More @ https://www.infosecurity-magazine.com/opinions/encourage-employees-practice/?utm_source=dlvr.it&utm_medium=twitter
- Last story of the week is a good one. GoDaddy has been forced to revoke 9000 SSL certs, due to improper domain validation when issuing the certificates.
- Read More @ www.infosecurity-magazine.com/news/godaddy-revokes-9000-ssl-certs