Week in review: Emergency patches for actively exploited flaws, HTML5 can be used to hide malware

Here’s an overview of some of last week’s most interesting news, reviews and articles:


First Java zero-day in two years exploited by Pawn Storm hackers
The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The bug has been fixed by Oracle on Wednesday.

NowSecure Lab cloud: Mobile app assessment environment
NowSecure Lab is mobile app security assessment environment that comes in two versions – as a standalone, on-premise solution, and a “lighter” cloud offering. The cloud version is now in open beta and you can see that the team behind it is actively upgrading functionalities.

Adobe patches Hacking Team Flash zero-days
At the moment, patching Flash Player is most important, as exploit code for the two zero-days it patches has been leaked online, and one of them is actively leveraged by the popular Angler exploit kit.

Identifying the five principal methods of network attacks
A new Intel Security study, which surveyed IT decision makers in European-based companies, found that within UK companies, sales staff are the most exposed to online attacks. This is thanks to their frequent online contact with non-staff members.

Flawed Android backup mechanism can lead to injected malicious apps
A flaw (CVE-2014-7952) in Android’s backup/restore mechanism can be exploited by knowledgeable developers to “respawn” malicious apps on phones, and make them gain top-level access and potentially dangerous permissions that they didn’t have before.

Mobile SSL failures: More common than they should be
Anthony Trummer, a Staff Information Security Engineer at LinkedIn, points out the most common mistakes organizations make when implementing SSL/TLS, and gives instructions on how to avoid them.

3 ways to stop insider threats in your organization
Mitigating insider threat is critical to keeping your organization from becoming the next cautionary tale of poor informational security practices. With that in mind, here are three key strategies to limit insider threat in your organization.

The soaring cost of malware containment
Organizations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable, according to a new report from The Ponemon Institute.

Duke APT group adds low-profile SeaDuke Trojan to their malware arsenal
Various researchers and companies have been tracking the group’s campaigns for several years, as they attacked multiple government entities and institutions in Europe and the US.

65,000+ Land Rovers recalled due to software bug
Jaguar Land Rover has announced that owners of Range Rover and Range Rover Sport vehicles manufactured since 2013 will have to visit car dealers and get their car’s software updated.

Germany’s new cyber-security law aimed at securing critical infrastructure
German institutions and businesses that fall in the “critical infrastructure” category will have to implement new information security measures, as defined by the new IT security law passed on Friday by the German Bundesrat (the country’s “Federal Council”).

High severity Internet Explorer 11 vulnerability identified after Hacking Team breach
After analyzing the leaked data from last week’s attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11, which impacts a fully patched IE 11 web browser on both Windows 7 and Windows 8.1.

The difficult task of meeting compliance needs
When looking at compliance needs there are several areas that organizations focus on and often have trouble complying with. Implementing several solutions to help can become expensive, but implementing a single sign-on (SSO) solution can help an organization easily meet a number of compliance needs.

Researchers prove HTML5 can be used to hide malware
A group of Italian researchers have come up with new obfuscation techniques that can be used to dupe malware detection systems and allow malicious actors to execute successful drive-by download attacks.

Hacking Team spyware survives on target systems with help of UEFI BIOS rootkit
How did Hacking Team make sure that its Remote Control System (RCS) spyware will remain on targets’ computers even if they reinstall their OS, format their hard drives or install a new hard disk? The answer is: by using a UEFI BIOS rootkit.

Global action takes down Darkode cybercriminal forum
Law enforcement and judicial authorities worldwide have taken down the most prolific English-speaking cybercriminal forum to date: Darkode.

Why enterprise security priorities don’t address the most serious threats
As enterprises continue to struggle with online attacks and data leaks, many are asking one common question: What are we doing wrong?

Is this the death knell for the RC4 encryption algorithm?
It has been known for quite some time that the RC4 cryptographic cypher – used in popular Internet protocols such as TLS and HTTPS – is vulnerable to attack, but two security researchers from University of Leuven have hopefully put the final nail in that particular coffin.

Hacking Team used fake app hosted on Google Play to install its spyware on Android devices
The massive Hacking Team data leak includes the source code of a fake Android news app and instructions on how to use it, Trend Micro researchers have found.

Unsharing in the sharing economy
Data must be shared for business to happen, and it cannot be quarantined into a single firewalled network. Businesses that are tuning into the benefits of connectedness and personalization are able to do this because they are also learning how to unshare. It’s something of an abstract concept but it’s also an interesting way of talking about what people are after – they want to share without losing control over their data.

Nearly all websites have serious security vulnerabilities
A new Acunetix report on 5,500 companies comprising 15,000 website and network scans, performed on over 1.9 million files, finds nearly half of the web applications scanned contained a high security vulnerability such as XSS or SQL Injection, while almost 4 in 5 web applications were affected by a ‘medium security’ vulnerability.

Understanding PCI compliance fines: Who is in charge of enforcing PCI?
If your business stores, processes, or transmits data from payment cards, then you are subject to the requirements of the PCI DSS. This set of security controls is designed to help merchants combat data theft, protecting both consumers and merchants’ own reputations. When a business fails to satisfy those rules, they can be subject to significant financial penalties. But who exactly is in charge of enforcing PCI?

The arsenal of SMS scammers, spammers and fraudsters
Illicit commercial activity online has manifested into all things mobile.

Google Safe Browsing to start blocking sites with ads leading to unwanted software
Ad networks that don’t vet carefully what ads they serve will be the next “victims” of Google’s Safe Browsing service.




Share this