Week in review: POODLE bug, Microsoft patches a slew of 0-days exploited in the wild

Here’s an overview of some of last week’s most interesting news and articles:

Identifying deceptive behavior in user-generated content
In this interview, JT Buser, Manager of Authenticity and Fraud at Bazaarvoice, talks about challenges involved in identifying deceptive behavior in user-generated content as well as interesting techniques he’s seen scammers use. Bazaarvoice is a network that connects brands and retailers to the people. Each month, more than 500 million people view and share opinions, questions and experiences tens of millions of products in the Bazaarvoice network.

Malicious YouTube ads lead to exploits, ransomware
In the last few months, Trend Micro researchers have been following a malvertising campaign that ended up affecting almost exclusively US users at the beat of more than 113,000 per month. In the latest stage of the campaign, the criminals behind this campaign have concentrated their efforts on Youtube visitors, and have succeeded in making the ads appear on extremely popular videos.

Companies still rely on outdated methods to keep secure
Despite increasingly sophisticated attacks and rising complexity in the technological and regulatory landscapes, companies still typically rely on outdated methods to keep data secure, according to new research from Frost & Sullivan.

HP to revoke certificate that was used to signed malware
HP has announced to its customers that it will soon revoke a specific private digital certificate that they used to sign some software components that ship with some of its older products, because the certificate has also been used to sign malicious software.

EU Commission and data industry to master Big Data
The European Commission and Europe’s data industry have committed to invest €2.5 billion in a public-private partnership (PPP) that aims to strengthen the data sector and put Europe at the forefront of the global data race.

Kmart confirms month-old data breach, payment card data stolen
The breach was discovered on October 9 by Kmart’s Information Technology team, and the company immediately hired a “leading IT security firm” to help in the investigation.

Dropbox wasn’t hacked, says leaked credentials are from unrelated services
Dropbox has denied that they have been hacked, and that the login credentials leaked by a unknown individual on Pastebin are those of Dropbox users.

Russian espionage group used Windows 0-day to target NATO, EU
In this month’s Patch Tuesday, Microsoft released a wide variety of patches, and among them is one for the SandWorm zero-day vulnerability that has been used in a cyber-espionage campaign targeting NATO, the European Union, Ukrainian and Polish government organizations, and European companies in the telecommunications and energy sectors, as well as two more 0-days actively used by attackers.

Building an Information Security Awareness Program
Are information security awareness programs a good thing or a complete waste of time? The debate around this question has been going on for a while and both sides have had some good arguments (and some bad, too). The authors of this book believe the former, and with this tome aim to show you how to build a security awareness program from the ground up.

Detecting cyber attacks in a mobile and BYOD organization
Many organizations understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices. This application note sets out to explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a flexible and high efficacy solution for detecting any phase of an ongoing attack on mobile devices regardless of device type, operating system or applications installed.

Flawed reused code opens zero-day in Cyanogenmod
An unnamed security researcher says that Cyanogenmod, the popular Android-based mobile OS, sports a zero-day vulnerability that can be misused to target users with Man-in-the-Middle attacks.

Leaked Snapchat images came from third-party server
Snapchat is a mobile photo messaging app that allows users to send pictures that “self-destruct” a few moments after being viewed, and is especially popular with those who think it perfect for sending pictures of a delicate and private nature. Unfortunately, the app’s internal API has been reverse-engineering and publicly released a little over a year ago, and since then used by a number of mobile apps to allow recipients to make a copy of the photos in question before Snapchat makes them disappear.

GFI Software redesigns WebMonitor 2015
GFI Software announced GFI WebMonitor 2015, the latest version of the company’s Web filter, management and security solution for businesses.

POODLE vulnerability: The end of life of SSL 3.0
There is a critical security vulnerability in SSL 3.0 which allows attackers to calculate the plaintext of encrypted connections, and it will likely spell the end of the use of this particular SSL version.

4 million UPnP devices may be vulnerable to attack
Akamai has observed the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including routers, media servers, web cams, smart TVs and printers.

Lessons learned developing Lynis, an open source security auditing tool
When you’ve been developing a tool for several years, you’re bound to learn a few things along the way.

Cyber security coalition aims to change the game against malware
Novetta Solutions announced it is leading a cyber security coalition developed to interdict malware used by advanced threat groups, and to remediate the adverse impact of professional cyber espionage groups and other threat actors. The group includes Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity and other industry leaders.

Kit: Essentials of virtualization
The Essentials of Virtualization brings together the latest in information, coverage of important developments, and expert commentary to help with your virtualization related decisions. The kit contents will help you get the most out of your virtualization research.

New OpenSSL updates fix POODLE, DoS bugs
The OpenSSL Project has pushed out new releases of the popular eponymous open-source cryptographic library, which fix four serious vulnerabilities, including the POODLE (Padding Oracle On Downgraded Legacy Encryption) problem.

Easily exploitable Drupal bug can lead to total site compromise
Admins of sites that run Drupal 7 are advised to update to the latest version of the platform – version 7.32 – because it fixes a critical SQL injection vulnerability that can ultimately lead to site hijacking and data theft.

How security-wary retailers can prepare for the holiday season
Retailers are beside themselves with worry as the spate of data breaches among them continues. With Black Friday approaching, what can retailers still do to protect themselves from these cybercrooks?

Targeted attack protection via network topology alteration
Lateral movement in a target network allows the attackers information they can then use to their advantage. They are now aware of existing security weak points, firewall rule setting flaws, and the wrong security equipment deployment. They also now have the latest network topology, password sets, and security policies. They can use this new-found knowledge even after their attempts have been discovered.

Beware of Ebola-themed phishing, malware campaigns and hoaxes
US-CERT released an advisory warning users about email scams and cyber campaigns using the Ebola virus disease as a theme. Another, less immediate danger are online hoaxes.




Share this