Week in review: Komodia SSL-busting code found in other software, critical Samba flaw, and black hole routing

Here’s an overview of some of last week’s most interesting news and articles:

Is the Internet hiding a crime wave?
The U.S. crime rate continues to fall, according to the latest FBI’s release based on Uniform Crime Reporting from police departments, but researchers say those numbers, which have been on a downward slide since the 1990s, don’t tell the whole story.

Citizenfour awarded Oscar for Best Documentary
Most of the material for the documentary film that chronicles how Edward Snowden went about contacting Poitras and reporter Glen Greenwald, shared and explained the documents he exfiltrated from the NSA, and successfully avoided being extradited to the US, has been recorded in Hong Kong in June 2013, when the two reporters and The Guardian’s Ewen MacAskill first met with Snowden in person.

96% say ISO 27001 is important for improving security defenses
Already established as international best practice, the information security management standard ISO 27001 has become an effective weapon in the fight against cyber crime. It is therefore unsurprising that 96% of respondents to a new survey say that ISO 27001 plays an important role in improving their company’s cyber security defenses.

Flaw makes Cisco routing hardware vulnerable to DoS attacks
The good news is that there are no recorded instances of the vulnerability being exploited in the wild (the flaw was discovered during internal testing), and that the company has already pushed out a patch.

Superfish not the only app using Komodia’s SSL-busting code
Matt Richard, a Threats Researcher on the Facebook Security Team, shared the results of a project they started with researchers from Carnegie Mellon University to measure how prevalent SSL MITM was in the wild, and has pointed out that there are a dozen other software applications using the Komodia library, and that many of them appear to be suspicious.

Continuous Diagnostics and Mitigation capability requirements need re-prioritization
There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures.

3 million strong RAMNIT botnet taken down
RAMNIT spread malware via seemingly trustworthy links sent out on phishing emails or social networking websites. If users running Windows clicked on the links, the malware would be installed, infecting the computer. Infected computers would then be under the control of criminals, enabling them to access personal or banking information, steal passwords and disable antivirus protection.

Internet of Things adoption is gaining momentum
The declining costs of sensors, connectivity and processing power has made IoT a more viable proposition to a broader set of organizations. Changing regulatory requirements across a number of industries are also making an impact.

Google ups efforts to protect users against unwanted software
Google is looking to minimize its users’ exposure to potentially unwanted software, and to that end they have announced a few changes.

Critical Samba flaw allows unauthorized remote code execution
Samba, the popular free software that allows file and print sharing between computers running Windows and those running Unix or Linux, has been found sporting a critical flaw that can be exploited by an attacker to run programs as an administrator.

Black hole routing: Not a silver bullet for DDoS protection
As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

Aggressive adware in Google Play apps
Bitdefender has discovered 10 Google Play apps that have been packed full of aggressive adware. These either subscribe users to premium-rate numbers using scareware messages or install additional apps that incorporate even more ads.

Researchers create automated signature compiler for exploit detection
A trio of researchers from Microsoft and University of Erlangen-Nuremberg have created Kizzle, a compiler for generating signatures for detecting exploit kits delivering JavaScript to browsers.

Gemalto says NSA and GCHQ intrusions “probably happened”
The company noted that they, as a digital security company, experience a lot of attacks and that looking back at the period covered by Snowden’s documents, there were two “particularly sophisticated intrusions” that could have been effected by the intelligence agencies.

How safe are Android-based children’s tablets?
Looking for an Android-based tablet for your child but don’t know which one to choose? If you are concerned about the security of your child’s data – as you should be – and about the device’s protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.

Anthem breach affects millions of non-Anthem customers
Anthem, the second-largest health insurer in the United States, which has reported a massive data breach earlier this month, has finally come out with a more definite number of affected individuals: 78.8 million. But if you think that if you weren’t an Anthem customer your data is safe, you might want to check again, as between 8.8 million to 18.8 million of the persons whose data was stolen were actually not Anthem customers.

Over a million WP sites at risk of hijacking due to plugin bug
Users who run their websites on the popular WordPress CMS and are also using the WP-Slimstat web analytics plugin should update as soon as possible.

Compromised cPanel “Account Suspended” pages redirect to exploit kit
All Internet users have, at least once in their lives, seen a legitimate cPanel “Account Suspended” page, but a recently discovered malware delivery campaign has been using this familiar sight to hide the fact that an exploit kit is exploiting vulnerabilities in the visitors’ computers and delivering malware to them on the sly.

Google scraps Pwnium, invites researchers to submit Chrome bugs year-round
Google is scrapping its annual Pwnium hacking competition which has been held for four years in a row at the CanSecWest conference in Vancouver, Canada, but that doesn’t mean that security researchers can’t send their Chrome and Chrome OS exploits to Google and collect a monetary reward.

Lenovo.com hijacking made possible by compromise of Webnic registrar
Lenovo simply can’t catch a break. After the massive negative attention it received for their ill-advised decision to ship some of its notebooks with pre-installed adware that also uses MITM SSL certificates, for a short time on Wednesday their main domain – Lenovo.com – has been hijacked and effectively defaced by the hacker collective Lizard Squad.

Cisco, Apple, Citrix products no longer welcome on Chinese government systems
A slew of US tech companies have been dropped from China’s Ministry of Finance’s approved government procurement list, including Apple, McAfee, Citrix Systems and Cisco Systems.

Real MITM attacks enabled by Komodia’s software might have already happened
EFF researchers Joseph Bonneau and Jeremy Gillula have shared the results of their search of the database compiled from the input collected via Firefox’ Decentralized SSL Observatory feature, and these results show that MITM attacks taking advantage of software using Komodia’s encryption libraries have probably been executed in the wild.

Security framework for governments deploying the cloud
ENISA released a framework structured into four phases, nine security activities and fourteen steps that details the set of actions Member States should follow to define and implement a secure Gov Cloud. In addition the model is empirically validated, through the analysis of four Gov Cloud case studies – Estonia, Greece, Spain and UK – serving also as examples to implementation.

Cyber attackers like to impersonate IT workers
Mandiant, the (apparent) go-to firm for the forensic investigation of high-profile breaches, has released its annual M-Trends report, which shows that the threat landscape is more complex than ever.

Critical vulnerabilities affecting SAP business critical apps
Onapsis released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software. Included in the security advisories are three high risk vulnerabilities, one of which allows unauthenticated users to overwrite business data, and two medium risk vulnerabilities.