Week in review: APT wars, 18-year-old bug endangers Windows users, and main sources of data breaches

Here’s an overview of some of last week’s most interesting news and articles:


Simda botnet taken down in global operation
The Simda botnet, believed to have infected more than 770,000 computers worldwide, has been targeted in a global operation.

Attackers can easily crack Belkin routers’ WPS PINs
A considerable number of routers manufactured by US-based Belkin use a flawed method for creating PINs for Wi-Fi Protected Setup (WPS), making them easily discoverable by attackers, a researcher has found.

US prohibits Intel to export chips for Chinese supercomputers
US chip maker Intel has been prohibited by the US Department of Commerce to export chips needed to upgrade Chinese supercomputers.

CoinVault ransomware: Retrieve data without paying the criminals
Victims of the CoinVault ransomware have a chance to retrieve their data without having to pay the criminals, thanks to a repository of decryption keys and a decryption application made available online by Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Netherlands’ police.

TV5Monde makes new security blunders in wake of hack
As the network struggles to recover and improve security measures, and as the investigation into how the attackers managed to pull this off continues, an interview aired just a day after the attack demonstrated how easy it sometimes can be for attackers to get a hold on passwords needed to hijack online accounts.

The key challenges to timely incident response
According to the IT and security professionals surveyed by ESG, better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff.

Attackers use deceptive tactics to dominate corporate networks
Cyber attackers are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them.

18-year-old bug can be exploited to steal credentials of Windows users
A new technique for exploiting an 18-year-old bug in Windows Server Message Block (SMB), which would allow attackers to intercept user credentials, had been uncovered by Cylance researcher Brian Wallace.

Main sources of data breaches: Phishing, RAM scrapers, web app insecurity
US telecom giant Verizon has published its 2015 Data Breach Investigations Report, which is based on an analysis of nearly 80,000 security incidents, including more than 2,100 confirmed data breaches, that affected organizations in 60 countries.

Misconfigured DNS servers may leak domain info, warns US-CERT
US-CERT is urging administrators of Domain Name System servers to check whether their machines are misconfigured to respond to global Asynchronous Transfer Full Range (AXFR) requests and thus leak potentially sensitive information.

Lack of skilled infosec pros creates high-risk environments
82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business.

New trend in cybercriminal activity: APT wars
Kaspersky Lab has recorded a rare and unusual example of one cybercriminal attacking another.

How can defenders gain advantage in the 0day market?
According to MIT, Harvard, and HackerOne researchers, the answer is not throwing more money at bug hunters, but incentivize them to find the the same vulnerabilities that the offense researchers have found. In short, to increase “bug collision.”

Google blocks Java plugin in new Chrome by default
Google has released Chrome 42 to the stable channel, and among the changes announced is one that will automatically block Oracle’s Java plugin and other plugins that use the old NPAPI (Netscape Plugin API).

TeslaCrypt ransomware pushed by several exploit kits
Aside from the usual assortment of file types that ransomware usually targets, TeslaCrypt also encrypts file types associated with video games and game related software, as well as iTunes-related files.

PCI DSS 3.1 released
The PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision includes minor updates and clarifications, and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk.

New Java vulnerabilities remotely executable without login
It is extremely important that enterprises urgently patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs since 14 vulnerabilities addressed in this security update are remotely exploitable over a network without authentication — which are the most serious kind of threats.

Dropbox launches bug bounty, will also pay for previously reported bugs
Dropbox is the latest company to officially announce a bug bounty program set up through the HackerOne platform.

HSBC Finance Corporation confirms data breach
A breach notification letter sent to the New Hampshire Attorney General’s Office by the HSBC Finance Corporation has revealed that sensitive mortgage information of customers of a number of its subsidiaries has been potentially compromised.

D-Link’s failed patch for DIR-890L router adds a new hole
Prolific hacker Craig Heffner, who has a particular interest in hacking embedded devices, has recently documented the existence of a command injection bug in the firmware of D-Link’s DIR-890L router.

Internet of Everything attack surface grows
Unauthorized, BYOD, vulnerable Internet of Things (IoT) devices, and a rapidly expanding market of low-cost, plug-and-play, cyber espionage devices represent an emerging threat vector and nefarious counterpart to the IoT: the Internet of Evil ThingsTM (IoET).

1 in 4 employees enable cloud attacks
While businesses are clearly embracing the power of cloud applications with each organization collaborating with an average of 865 other organizations – internal users, external collaborators and third-party apps are dramatically increasing the threat surface for new cloud cyberattacks.

Exploit for crashing Minecraft servers made public
After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it.

Attackers actively downing Microsoft’s IIS web servers
Attackers are actively exploiting a DoS vulnerability (CVE-2015-1635) affecting Microsoft’s Internet Information Services (IIS) extensible web server, SANS ISC CTO Johannes Ullrich warns, and urges administrators to close the hole as soon as possible.




Share this