Week in review: Tools for detecting Hacking Team spyware, vulnerable Smart Home Hubs, and the most sophisticated Android malware ever exposed

Week in review: Tools for detecting Hacking Team spyware, vulnerable Smart Home Hubs, and the most sophisticated Android malware ever exposed

Here’s an overview of some of last week’s most interesting news and articles:


The NYSE system crash was an infosec incident
As security professionals, we often spend most of our time thinking about the “C” and “I” in the CIA triad. After all, these are the “sexy” aspects of infosec. Who doesn’t want to protect their organization from malicious hackers on nefarious insider attackers? However, the third attribute, the “A,” is just as important, if not more so. What good are our data and information systems if they’re not available to access?

UK High Court declares emergency surveillance bill unlawful
DRIPA is an emergency legislation signed into law in July 2014, and its main goal was to allow UK security services to continue to have access to customers’ phone and internet records, after that possibility was shot down by the Court of Justice of the European Union.

Ashley Madison hacked, info of 37 million users stolen
Popular online cheating site Ashley Madison has been hacked, and personal information and financial records of 37 million of its users has apparently been compromised by the attackers, who go by the name The Impact Team.

Free tools for detecting Hacking Team malware in your systems
Worried that you might have been targeted with Hacking Team spyware, but don’t know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system.

Hacking Team’s RCS Android: The most sophisticated Android malware ever exposed
After having revealed one of the ways that the company used to deliver its spyware on Android devices (fake app hosted on Google Play), Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed.

Reflections on virtualization security and the VENOM vulnerability
In this podcast recorded at Infosecurity Europe 2015, Wolfgang Kandek, CTO at Qualys, talks about the benefits, challenges and security implications of virtualization. He also discusses VENOM, a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.

Hackers hit UCLA Health, access medical files of 4.5 million patients
UCLA Health, the administrative structure which governs the University of California, Los Angeles (UCLA) hospitals, has suffered a data breach, and personal and medical information of over 4.5 million patients has likely been accessed and possibly stolen by the attackers.

How gamers can help improve critical software security
There’s now a game where sophisticated gamers can help improve security of the country’s critical software.

Microsoft plugs another Windows zero-day with emergency patch
The bug is found in the Microsoft OpenType Font Driver, and can be exploited by tricking users into opening a specially crafted document or visiting an untrusted webpage that contains embedded OpenType fonts.

Proposed Wassenaar pact changes will harm cyber defenders instead of attackers
The comment period for the proposed amendments to the Wassenaar Arrangement regarding “cybersecurity items” has ended, and the overwhelming majority of the 150+ comments submitted are negative.

How to apply threat intelligence feeds to remediate threats
The increasing number of threat intelligence companies is indicative of a growing market and proof that companies want threat intelligence.

It’s official: The average DDoS attack size is increasing
New global DDoS attack data from Arbor Networks shows strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective.

600TB of data exposed due to misconfigured MongoDB instances
Nearly 30,000 instances of MongoDB on the Internet don’t have any authorization enabled, i.e. are easily accessible to unauthorized users.

Google helps Adobe improve Flash security
Adobe has been dealt a heavy blow after the Hacking Team data dump produced three Flash Player zero-day exploits and they begun being exploited in the wild.

Passwords are not treated as critical to security
Considering the cyber world we live in, it’s time to ask whether passwords can still be considered a reliable security component – and if so, how should they be used?

Test your defensive and offensive skills in the eCSI Hacker Playground
BalaBit and Silent Signal today announced that registration is now open for the eCSI Hacker Playground. The hacker challenge is a global online competition, specially designed for the Black Hat USA 2015 conference in Las Vegas. The competition starts at 12:00 am PT on July 31 and lasts until 12:00 am on August 9.

Smartwatches: A new and open frontier for attack
HP found that 100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.

How experts stay safe online and what non-experts can learn from them
Google researchers have asked 231 security experts and 294 web-users who aren’t security experts about their security best practices, and the list of top ones for each group differs considerably.

Bug in OS X Yosemite allows attackers to gain root access
Security researcher Stefan Esser has revealed the existence of a privilege escalation vulnerability affecting OS X 10.10 (Yosemite), and has provided a working proof of concept local exploit that installs a root shell on the target machine.

OpenSSH bug enables attackers to brute-force their way into poorly configured servers
A vulnerability in the popular secure remote access software OpenSSH can be exploited by attackers to try to brute-force their way into the connection and access Internet-facing computers and/or servers.

The challenges of implementing tokenization in a medium-sized enterprise
Organizations handling SSN and other PII should secure all sensitive data across all data silos, but medium-sized enterprises in particular face the following challenges: in-house resources with limited budget for IT security, less flexibility to customize security and IT solutions, extensive use of cloud services, and so on.

The Internet of Things is unavoidable, securing it should be a priority
Those working in the security industry know that they can’t stand in the way of progress, even if the end result can be dangerous.

Security flaws discovered in popular Smart Home Hubs
In order to understand the risks associated with Smart Home Hubs, Tripwire carried out a security analysis on three top-selling devices: Mios Vera, Wink Hub, and the SmartThings Hub.

Why cloud business continuity is critical for your organization
Business continuity, the ability of a company to continue or quickly restart operations following a systems outage, tends to be a topic overlooked by business leaders. Many see it as a responsibility of their IT teams, and think no more of it. However, this is a dangerous abrogation of responsibility, as any CEO who has suffered through a prolonged systems outage can vouch for.




Share this