A selection of this week’s more interesting vulnerability disclosures and cyber security news.
Information leaks are becoming more covert from government methods up to the bad guys. Often they are only found after a mistake is made and all hell breaks as people jump in looking for who, what and where the leaks are. We may only hear after when a huge data dump occurs after a long creep around a victim’s network yields a bounty for the hacker, but even so, they don’t necessarily apply to the big boys. All this malware wrapped up in fake or spam email we see every single day can so easily let them in. Talking with friends recently who underwent a pentest found, and this surprised me, that it was the management who seemed the most guilty of falling for a spearphishing email, the lower level staff actually asked questions if their email was valid.
Perhaps this difference is due to the fear that the lower level staff would get the sack if they were the ones to let the hackers in and so are more cautious? Maybe. Keep an eye on all suspicious and out of context email or conversations (social engineering). You just never know. Oh, and don’t go plugging in any USB sticks you happen to find in the street – so many do.
- NewSat network breach ‘most corrupted’ Oz spooks had seen: report (The Register)
- Meet USBee, the malware that uses USB drives to covertly jump airgaps (ArsTechnica)
- Chinese CA hands guy base certificates for Github, Florida uni (The Register)
- Kelihos Botnet Triples in Size Overnight (SecurityWeek)
- RIPPER ATM Malware Linked to Thailand Heist (SecurityWeek)
- German Man Behind IRC-Controlled WordPress Botnet Catalin Cimpanu reports
- FTC Warns Travelers About Cybersecurity Risks of Rental Cars (Dark Reading)
- Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts (ArsTechnica)
- Adobe ices ColdFusion server admin password, file hack hole (The Register)
- Lightspeed PoS vendor breached, sensitive database tapped (The Register)
- Google crushes 33 Chrome bugs, pays boffins more than $56k (The Register)
- Google won’t own up to a major security flaw, researcher says (Yahoo! Security)