A take on the security news, week 35

Sat 30 August 2014

A take on the security news, week 35 / 2014. I summarize some of the news that I considered noteworthy related to information security this week.

Monday:

NSS Cyber Resiliance Report

Its not about the 98% you catch, its about the 2 percent you miss. Bob Walder and Chris Morales of NSS Labs published an 11.page long report that is worth reading. The report contains finding and recommendations.


https://www.nsslabs.com/system/files/public-report/files/Cyber%20Resilience_0.pdf

NIST Releases Guidance on SSH Key Management

Described as an wake-up call for organizations that use Secure Shell. Amongst the recommendations in the NISTIR 7966 draft is to always use public key authentication, and full management of the public / private keys.

http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf

Hackers attacking Sony PSN and Blizzard Battle.net

Attacks on popular gaming services are not breaking news these days. PSN and Battle.net were some of the services that got DDOSed this week. What makes this incident differ from the normal was that the hackers also made a bomb-threat against an American Airlines plane (which carried the Sony Online president).

http://www.forbes.com/sites/insertcoin/2014/08/24/sony-online-entertainment-presidents-flight-diverted-by-psn-hackers-bomb-threat/


http://thehackernews.com/2014/08/sony-playstation-network-taken-down-by_24.html

New information-leakage weakness found in Android

Researchers discover shared-memory as an attack vector on Android systems. The vulnerability is named the "UI-Inference attack" and exploits that one application can get the state of another application thorugh shared-memory. The researchers points out the possibility that this weakness also affects other mobile operatingsystems.

http://arstechnica.com/security/2014/08/android-attack-improves-timing-allows-data-theft/

http://www.cnet.com/news/researchers-find-way-to-hack-gmail-with-92-percent-success-rate/

Sensitive information about 25 000 US government employees stolen

Not a single week without a databreach and someone stealing information.

http://www.theverge.com/2014/8/23/6059803/cyber-attack-reveals-data-on-department-of-homeland-security-workers

Tuesday:

European automobile businesses fall prey to Carbon Grabber

Dont click on link in emails! Please, stop doing that!

http://www.symantec.com/connect/blogs/european-automobile-businesses-fall-prey-carbon-grabber

http://www.computerworld.com/article/2598560/malware-vulnerabilities/attack-targets-auto-industry-firms-in-europe.html

New and funny ways to use NTP for DDOSing, and how to avoid it

The link also contains some background information about how NTP works, and why its so practical to use for amplification attacks.

https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks

2014 U.S. State of Cybercrime Survey

Evaluated survey responses from more than 500 executives of US businesses, law enforcement services, and government agencies.

http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=298318

Wednesday:

Massive cyber attack on oil and energy industry in Norway

Its said that the goal was to install keyloggers on machines inside the targeted businesses. NSM (norwegian national security agency) said that the attack-vector was malicious e-mails with pretty links that you can click on.

http://nakedsecurity.sophos.com/2014/08/28/massive-cyber-attack-on-oil-and-energy-industry-in-norway/

Thursday:

Chrome update 37 contains 50 different (many high and critical) bugfixes

http://googlechromereleases.blogspot.com.au/2014/08/stable-channel-update_26.html

Malware ads served on java.com, tzm.com and photobucket.com

By using the angler exploit kit, attackers installed malicius ad on various high-profile sites.

http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/

The Unknown Threat in Sweden – KPMG Study

An average organization generates 43 security incidents a day, with an average of 2 new infected hosts a day. More fun findings about the threat landscape in Sweden can be found in the KPMG study below.

http://www.fireeye.com/blog/technical/2014/08/the-unknown-threat-in-sweden-kpmg-study.html

Russian Hackers Said to Loot Gigabytes of Big Bank Data

JP Morgan was attacked by russian hackers, which succeeded stealing customer data.

http://www.bloomberg.com/news/2014-08-28/russian-hackers-said-to-loot-gigabytes-of-big-bank-data.html

More Router Backdoors: Netcore / Netis Routers use hard coded password on UDP/53x13

Almost all Netcore / Netis routers have port 53x13 open on UDP with hardcoded password. To make it even easier to exploit, the port is reachable from the WAN.

The dd-wrt / tomato support for the affected devices are limited at best, so the only alternative to fix this vulnerability is to replace the device.

http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/

Friday:

Firefox 32 To Introduce SSL Cert Pinning

At least! Now I can tell my browser that I dont trust the Hong Kong post office.

http://monica-at-mozilla.blogspot.de/2014/08/firefox-32-supports-public-key-pinning.html

https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#Implementation_status

97,000 Bugzilla email addresses and passwords exposed in another Mozilla leak

http://nakedsecurity.sophos.com/2014/08/29/97000-bugzilla-email-addresses-and-passwords-exposed-in-another-mozilla-leak/

http://bugzillaupdate.wordpress.com/2014/08/27/landfill-bugzilla-org-disclosure/

Tagged as : security ssl ssh

Comments

Tagged as : security ssl ssh