Week in review: Linux systems ensnared in DDoS botnet and Home Depot breach

Here’s an overview of some of last week’s most interesting news, podcasts, and articles:

IT security is a matter of accountability
The CEO has always had responsibility for the overall growth and health of his or her organization. Bottom-line issues such as manufacturing and marketing, for example, were traditionally within their remit. However, in the digital age security has become a fundamental bottom-line issue. Invariably, the cost of investing in adequate IT security measures is lower than the cost of recovering from a breach.

eBook: User Mode Linux
With User Mode Linux you can create virtual Linux machines within a Linux computer and use them to safely test and debug applications, network services, and even kernels. You can try out new distributions, experiment with buggy software, and even test security. The author covers everything from getting started through running enterprise-class User Mode Linux servers.

New BlackPOS variant masquerades as AV service
Unlike previous versions, which registered themselves as a system service used by the target company, Memlog disguises itself as an installed service of known AV vendor software in order to avoid detection.

Expert international cybercrime taskforce tackles online crime
Hosted at the European Cybercrime Centre (EC3) at Europol, the Joint Cybercrime Action Taskforce (J-CAT), which is being piloted for six months, will coordinate international investigations with partners working side-by-side to take action against key cybercrime threats and top targets, such as underground forums and malware, including banking Trojans.

Tox: Open-source, P2P Skype alternative
If you like the convenience of Skype, but you are worried about government surveillance and don’t trust Microsoft to keep you safe against it, Tox might be just the thing for you.

Namecheap accounts brute-forced by CyberVor gang?
California-based domain registrar and web hosting firm Namecheap has been targeted by hackers, the company’s VP of hosting Matt Russell warned last Monday, and said that the attackers are using username and password data gathered from third party sites to brute-force their way into their customers’ accounts.

How PCI DSS 3.0 impacts business owners
PCI DSS 3.0 went into effect in 2014, and introduced new rules and a clarified direction for the guidelines. Among the most important things for a merchant to know about the PCI DSS is that it’s constantly evolving, so staying current is an important responsibility.

Semalt botnet hijacked nearly 300k computers
The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.

Big Data is big noise
Big Data was supposed to be the solution to all our security problems, but this spotlight on intruders turned out to be a mess of white noise. Hiding comfortably in that noise, however, are legitimate indicators that point to valid network threats, such as suspicious user behavior.

iCloud wasn’t hacked, says Apple
It seems that the celebrities in question fell victim to targeted phishing and social engineering.

Linux systems infiltrated and controlled in a DDoS botnet
Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals.

Lessons learned from running 95 bug bounty programs
In this podcast recorded at Black Hat USA 2014, Casey Ellis, Founder and CEO of Bugcrowd, talks about the lessons they’ve learned after running 95 bug bounty programs as well as the different types of researchers that take part in their programs.

OS X version of Windows backdoor spotted
The XSLCmd backdoor for OS X was first spotted when it was submitted to VirusTotal on August 10, 2014, and not one of the AV solutions it uses detected it as malicious.

5 tips for security behavior management programs
Improving user security behavior is not impossible; but it does require a change in approach.

Twitter launches bug bounty program
Set up through the security response and bug bounty platform HackerOne, the program offers a minimum of $140 per threat. The maximum reward amount has not been defined.

Network vulnerabilities IT admins can use to protect their network
In this post, we will try to see networks the way attackers see them — through their vulnerabilities — and turn these around into guides for how IT administrators should protect their network.

Mounting evidence points towards Home Depot breach
Still officially unconfirmed, a Home Depot hack looks increasingly likely to have happened.

Give up on complex passwords, says Microsoft
The Internet is full of advice on how users should go about choosing strong passwords, and on what schemes web admins should implement to make them do so and what protection mechanisms should be used to protect those accounts, but according to a group of researchers from Microsoft and the Carleton University in Canada, there is little available guidance that is actually supported by clear, solid evidence.

9 ways to protect data on your smartphone
If you want to enjoy the full versatility of your smartphone but don’t want your private moments, financial information or cellulite splashed all over the internet, follow these nine recommendations from Catalin Cosoi, Chief Security Strategist at Bitdefender.

Malicious and risky apps on Android and iOS
In this podcast recorded at Black Hat USA 2014, Mike Raggo, Security Evangelist at MobileIron, talks about the risky behavior of certain apps downloaded from Google Play or the App Store.

HealthCare.gov breach affected test server, not users
The breach happened in July and was discovered on August 25 during a scheduled security scan. The nature of the malware that the attackers planted on the server and the fact that it remained idle helped it stay under the radar for so long.

Researchers compile list of Android apps that allow MitM attacks
Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to Man-in-the-Middle attacks if they use them on insecure and open networks.

Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free online university-level courses, he was excited. But being also a computer scientist, he didn’t resist analyzing and poking around the platform that enables the teachers to teach and the course-takers to learn, and he found some issues that can be exploited to compromise the privacy of the student.




Share this