Week in review: Critical Drupal 7 vulnerability, cloud myths, Ebola scams

Here’s an overview of some of last week’s most interesting news and articles:

Tor exit node found patching downloaded binaries with malware
A researcher has spotted a Tor exit node located in Russia which instead of delivering the software requested by users untouched, was adding malicious code to the binaries in question – code that made their computers open a port to send HTTP requests to and receive commands from a remote server.

Explaining infosec magic to kids
A technical understanding of their digital lives is a crucial life lesson for today’s young generation.

Mobile carriers fined $10M for making private user info accessible via Google search
The FCC intends to fine TerraCom, Inc. and YourTel America, Inc. $10 million for several violations of laws protecting the privacy of phone customers’ personal information.

Code Red: A global initiative for fighting government surveillance
Code Red will concentrate on supporting and giving advice to human rights and privacy groups around the world, but will also “seek to establish a protection network for rights defenders who are increasingly exposed to aggressive personal retribution by state authorities.”

APWG launches global cybercrime reporting program
The Anti-Phishing Working Group (APWG) announced the establishment of an open-access cybercrime reporting program to speed the collection and redistribution of cybercrime machine-event data to anti-virus vendors, security companies, investigators and responders.

Automation is the key to successful policy implementation
Organizations today are facing increased pressure to collect and store massive amounts of data. With this explosion of data collection and the influx of information flooding inboxes, enterprise collaboration systems, and interactive gateways, previously effective approaches to monitoring and regulation of electronic data are becoming impractical.

ScanBox keylogging framework lurking on disparate watering holes
Watering hole attacks are usually associated with cyber espionage efforts and are booby-trapped with exploit kits that deliver malware onto the visitors’ vulnerable computers. But exploit kits are not the only danger lurking on those sites.

BYOD Policy Guidebook
This policy guidebook was created to help guide you through the questions to ask and provide some best practices to consider when establishing your own BYOD policies.

Top 10 cloud myths
Cloud computing is uniquely susceptible to the perils of myths due to the nature, confusion and hype surrounding it. These myths slow things down, impede innovation and induce fear, thus distracting from real progress, innovation and outcomes.

Crooks use stolen magnetic payment card info to make fraudulent chip-enabled transactions
US banks and card issuers are finally planning to make the switch from the magnetic strip payment card system to the chip and PIN one. The change is coming slowly, and most banks have yet to issue chip-based payment cards to its customers. But, curiously enough, some of them have already been fleeced via fraudulent chip-enabled transactions coming from Brazil.

Belgacom shares more details about alleged GCHQ breach
The company’s head of security and information management Fabrice Clement has shared some more technical details about the attack, about the company’s concentrated efforts to clean up their compromised systems, and about the economic consequences of the breach.

Russian-based cyber spies going after military, intelligence targets
FireEye today released a comprehensive intelligence report that assesses that an advanced persistent threat (APT) group may be sponsored by the Russian government.

US ICS operators under attack by crims wielding BlackEnergy malware
ICS-CERT has determined that users of HMI products from various vendors have been targeted in this campaign, including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.

Fixing the broken windows of software security
We can fix software security issues only by making sure we use libraries and frameworks that don’t allow classes of vulnerability to exist. Of course, that’s easier said than done.

Fake “Online Ebola Alert Tool” delivers Trojan, unwanted apps
Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.

IT is losing the battle on security in the cloud
Research indicates that while organizations are increasingly using cloud computing resources, IT staff is having trouble controlling the management and security of data in the cloud.

Samsung users could be locked out of their devices by attackers
A zero-day flaw in Samsung’s Find My Mobile system that can be extremely easily exploited to remotely lock a target’s phone has been uncovered by programmer and researcher Mohamed Abdelbaset.

White House network breach was likely nation-sponsored
The White House has confirmed that the unclassified Executive Office of the President network has been breached by unknown hackers.

Android dialler hides, resists attempts to remove it
A malicious dialler disguised as an application for adults could become a big problem for Android users, as the malware systematically removes traces of itself from the phone and makes deinstallation impossible through normal means.

Post Snowden, most users have changed Internet habits
On the heels of Edward Snowden’s advice to switch from Dropbox, Facebook and Google to services that place a high priority on security and privacy, F-Secure is releasing survey results that show that many people are willing to do just that.

NIST Guide to Cyber Threat Information Sharing open for comments
The purpose of this publication is to assist organizations in establishing, participating in, and maintaining information sharing relationships throughout the incident response life cycle.

Orgs choose network performance over security
An alarming number of organizations are disabling advanced firewall features in order to avoid significant network performance degradation.

Photo gallery: McAfee FOCUS 14
Help Net Security attended McAfee’s Annual Security Conference FOCUS 14 that has been held this week at The Venetian and the Palazzo Congress Center in Las Vegas. Here’s a peek into what’s been going on.

Assume your Drupal 7 site has been compromised
Administrators of sites that run Drupal 7, and have not yet updated to version 7.32 or have done so later than 7 hours after the public revelation of the highly critical SQL injection vulnerability (CVE-2014-3704) on October 15, are advised to consider their site as potentially compromised and proceed to fix the issue.

CurrentC mobile payment system hacked, user info stolen
CurrentC, the mobile payment service backed by the Merchant Customer Exchange (MCX), has suffered a data breach.

Open source Knock Knock tool reveals OS X malware
At this year’s Virus Bulletin conference held last month in Seattle, security researcher Patrick Wardle spoke about methods of malware persistence on Mac OS X. He also presented a tool he made himself, and which shows users all the different persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on their OS X machine.

The security threat of unsanctioned file sharing
Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies and place company data in jeopardy.

Things that freak out IT security pros
Ghosts and zombies aren’t the only things coming back from the dead this Halloween.

Pirate Bay co-founder sentenced for hacking CSC servers
Warg and his 21-year-old Danish accomplice of whom only the initials are known have been both found guilty by a Danish court.




Share this