September 15, Softpedia – (International) Twitch chat malware spreads, wipes dry Steam accounts. Researchers at F-Secure identified a piece of malware known as Eskimo that is being spread through a fake raffle invitation in Twitch.tv’s chat feature. The page used for the fake raffle sign-up drops the Windows binary that can take screenshots as well as take control of the client for gaming service Steam to add friends, trade or sell items, and buy items if funds are available. Source: http://news.softpedia.com/news/Twitch-Chat-Malware-Spreads-Wipes-Dry-Steam-Accounts-458857.shtml
September 15, Help Net Security – (International) Freenode suffers breach, asks users to change their passwords. IRC network Freenode notified users that it experienced a security breach September 13 and advised all users to change their passwords as a precaution. Source: http://www.net-security.org/secworld.php?id=17362
September 15, Securityweek – (International) Vulnerabilities found in website of Google-owned Nest. A security researcher identified and reported several security vulnerabilities in the Web site of home automation company Nest, including a file upload vulnerability that could allow attackers to upload a shell and gain access to personal and financial details of Nest customers. Google stated that the issue was addressed by restricting access to the affected domain and redirecting visitors to a different domain. Source: http://www.securityweek.com/vulnerabilities-found-website-google-owned-nest
September 12, Threatpost – (International) Four vulnerabilities patched in IntegraXor SCADA. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory September 11 advising users of Ecava Sdn Bhd’s IntegraXor supervisory control and data acquisition (SCADA) server software to patch their systems after four remotely exploitable vulnerabilities were discovered. The software is primarily used for industrial automation in firms managing railways, sewage systems, telecommunications, and heavy engineering. Source: http://threatpost.com/four-vulnerabilities-patched-in-integraxor-scada-server
September 15, Help Net Security – (International) Dragonfly malware targeting pharmaceutical companies. Belden and RedHat Cyber researchers determined the Dragonfly (Havrex) malware is likely targeting pharmaceutical companies after findings uncovered that the malware contained an Industrial Protocol Scanner module that searched for devices often found in consumer packaged goods industries and that the Dragonfly attack is similar in nature to the Epic Turla campaign, among other findings. Source: http://www.net-security.org/malware_news.php?id=2865
I was at a Gartner conference a couple of weeks ago where the speaker said something to the effect of:
The speed of business applications is going to continue to increase. Where it may have been normal to spend months creating an application that would have a lifespan of years, we now need to spend weeks creating applications that will have a lifespan of months.
So far so good, I’m seeing this.
As a byproduct of this speed requirement, the business is going to procure, write and deploy its own applications. IT needs to disengage from this process.
This, in their mind, flows across multiple delivery platforms:
- In the cloud where Shadow IT will become normal business IT.
- For Mobility where users will buy their own apps or just use native apps rather than counting on IT-provided apps
- For internally developed apps where businesses will need to work directly with developers in order to get the kind of speed and agility they demand.
- For desktops where users demand new applications faster than IT can provide.
And with that, I beg to differ.
Applications provide the business value of technology. It’s natural and quite productive to make sure that you have the best applications available to support your business goals.
So, is it possible to make applications a business problem and relegate IT to providing an infrastructure platform? In a word, no.
One of the coolest parts of my job is the variety of IT organizations I get to work with. Some of these organizations have a very small and manageable application footprint. Some of them are the opposite case with application counts well above ten thousand. One organization we work with develops so many internal applications that they will proudly tell you that they have more developers in their organization than Microsoft.
September 11, InformationWeek Dark Reading – Home Depot Breach May Not Be Related to BlackPOS Target. New analysis of the malware earlier identified as a BlackPOS variant leads some researchers to believe tha they are two different malware families entirely. Source
September 11, Softpedia – (International) Zemot malware dropper strain delivered via Asprox botnet and exploit kits. Microsoft researchers analyzed the Zemot malware dropper, a variant of Upatre, and observed that it has been distributed through the Asprox (also known as Kuluoz) spam botnet and via exploit kits including Magnitude and Nuclear Pack. Once it infects a system the dropper can then deliver click fraud malware and was recently observed to distribute information-stealing malware including Rovnix, Tesch, and Viknok. Source
September 11, The Register – (International) TorrentLocker unpicked: Crypto coding shocker defeats extortionists. Researchers with Nixu found that the encryption used by the TorrentLocker ransomware to encrypt victims’ files can be defeated if a user has an original copy of the encrypted version of a file over 2MB in size by applying XOR between the encrypted and unencrypted files. Source
September 11, Help Net Security – (International) Massive Gmail credential leak is not result of a breach. Google investigated a dump of Gmail credentials posted online and found that the credentials were not the result of a breach and that less than 2 percent of the credentials might have worked. Users were advised to change their passwords, use strong passwords, and enable two-factor authentication if possible as a precaution. Source
September 10, Threatpost – (International) Details disclosed for critical vulnerability patched in Webmin. A researcher with the University of Texas published details on a critical vulnerability in Webmin that was patched in May, showing that the vulnerability could have been used by unauthenticated users to delete files stored on the server. Source
September 10, Threatpost – (International) Apache warns of Tomcat remote code execution vulnerability. The Apache Software Foundation warned users of some older versions of Apache Tomcat that they are vulnerable under limited circumstances to a vulnerability that could allow an attacker to upload malicious JavaServer Pages (JSP) to a server, trigger the execution of the JSP, and then execute arbitrary commands on the server. The vulnerability affects versions 7.0.0 to 7.0.39 and users were advised to update their installations. Source
September 11, Help Net Security – (International) Chinese attack groups operate in parallel in cyber espionage campaigns: FireEye. Researchers with FireEye discovered two cyberespionage campaigns originating in two regions of China that appear to share several commonalities including using the same custom backdoors and remote access trojans (RATs). One campaign dubbed Moafee targets various military, government, and defense industry entities while the second known as DragonOK targets high-tech and manufacturing companies in Taiwan and Japan. Source: http://www.securityweek.com/chinese-attack-groups-operate-parallel-cyber-espionage-campaigns-fireeye
September 11, Help Net Security – (International) Researchers find malicious extension in Chrome Web Store. Trend Micro researchers identified several malicious extensions inside the Chrome Web Store, including one spread via a Facebook scam campaign that allows attackers to post statuses, send messages, and take other actions using a victim’s Facebook account. Source: http://www.net-security.org/malware_news.php?id=2863
September 9, Softpedia – (International) Malvertising on YouTube and Amazon delivers sophisticated malware. Researchers with Cisco’s Talos Security Research identified a malvertising campaign dubbed Kyle & Stan that began in May and is currently affecting Windows and Mac users on popular Web sites such as Amazon and YouTube. The campaign inserts malicious ads that serve various forms of spyware, adware, and browser hijacking malware and uses unique configuration files and encryption to attempt to avoid detection. Source: http://news.softpedia.com/news/Malvertising-On-YouTube-and-Amazon-Delivers-Sophisticated-Malware-458211.shtml
September 9, Softpedia – (International) Dyre banking trojan targets Salesforce customers. Customer relationship management (CRM) provider Salesforce found that the Dyre banking malware (also known as Dyreza) has been used against some of its customers but found no evidence that any were impacted. The malware uses man-in-the-middle (MitM) attacks to steal credentials and Salesforce advised its users to ensure that their systems were protected against the malware. Source: http://news.softpedia.com/news/Dyre-Banking-Trojan-Targets-Salesforce-Customers-458185.shtml
September 9, V3.co.uk – (International) Hackers going Nuclear following Blackhole takedown. A Zscaler ThreatLabz researcher identified a campaign utilizing the Nuclear Exploit Kit and compromised sites including SocialBlade.com, AskMen.com, and Facebook survey scam pages to attempt to infect users’ systems. The researcher reported that the Nuclear Exploit Kit has become increasingly popular in the last 3 months following the arrest of the alleged creator of the Blackhole Exploit Kit. Source: http://www.v3.co.uk/v3-uk/news/2364131/hackers-going-nuclear-following-blackhole-takedown
September 8, Threatpost – (International) New timing attack could de-anonymize Google users. Mavenlink identified and reported an issue in Google accounts that could be used by an attacker in specific circumstances to identify when a particular user visits a site by sharing a Google document with the user’s address. Google acknowledged the issue but stated it would not address the issue because the risk presented was judged to be low and only usable in limited circumstances. Source: http://threatpost.com/new-timing-attack-could-de-anonymize-google-users
September 9, IDG News Service – (International) Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates. Adobe Systems released a critical security update for its Flash Player software, closing 12 security issues, 9 of which could lead to remote code execution. The company also delayed planned patches for Reader and Acrobat by 1 week due to issues identified during testing. Source: http://www.networkworld.com/article/2604961/adobe-fixes-critical-flaws-in-flash-player-delays-reader-and-acrobat-updates.html
September 9, Network World – (International) September Patch Tuesday: Microsoft closes door on IE zero day attacks. Microsoft released its monthly Patch Tuesday round of updates for September, with 4 bulletins closing 42 vulnerabilities in various Microsoft products. One bulletin for the Internet Explorer browser closes 37 vulnerabilities, 1 of which was a critical Internet Explorer zero-day vulnerability. Source: http://www.networkworld.com/article/2604465/microsoft-subnet/september-patch-tuesday-microsoft-closes-door-on-ie-zero-day-attacks.html
September 9, The Register – (International) Use home networking kit? DDoS bot is BACK…and it has EVOLVED. A researcher identified a new variant of the Lightaidra router-to-router malware that targets consumer-grade cable and DSL modems using default passwords in order to use them in distributed denial of service (DDoS) attacks. The new variant is able to reconfigure victims’ firewalls and requires Linux to be running on targeted devices in order to infect them. Source: http://www.theregister.co.uk/2014/09/09/linux_modem_bot/
September 9, Softpedia – (International) Apple beefs up security, sends iCloud access alert. Apple announced September 5 that within 2 weeks it would implement new security policies for its iCloud service following attacks that leaked personal photos belonging to celebrities. Some features have already been implemented, such as a notification when an iCloud account is accessed via a Web browser. Source: http://news.softpedia.com/news/Apple-Beefs-Up-Security-Sends-iCloud-Access-Alert-458282.shtml
September 9, The Register – (International) Phishing miscreants are THWARTING secure-sleuths with AES crypto. Researchers with Symantec identified what they believe was the first use of AES encryption to disguise fraudulent Web sites designed to steal users’ login credentials. The use of AES encryption allows attackers to make the analysis of phishing sites more difficult without affecting how the sites appear and function to users. Source: http://www.theregister.co.uk/2014/09/09/phishing_scam_uses_aes_crypto_to_hide/
September 9, Securityweek – (International) Vendor fixes vulnerabilities in wireless traffic sensors. Sensys Networks, a company that manufactures sensor devices used in wireless traffic control systems, announced September 5 that it released software updates for its products to address security vulnerabilities and protect systems against attacks caused by lack of encryption or sufficient authentication methods. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory stating that the issues affect Sensys Networks VSN240-F and VSN240-T systems and advised operators to update their software installations. Source: http://www.securityweek.com/vendor-fixes-vulnerabilities-wireless-traffic-sensors