Week in review: Sextortion, Firefox 0-day, and next level red teaming

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

McAfee Labs predicts 14 security developments for 2017
Ransomware attacks will decrease in volume and effectiveness in the second half of 2017, the company’s experts believe.

Actively exploited Firefox, Tor Browser 0-day patched, update now!
Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users. The exploit code has been made public, and cyber criminals are likely to start using it soon – if they aren’t already.

Gooligan Android malware used to breach a million Google accounts
The new malware campaign, named Gooligan, roots Android devices and steals email addresses and authentication tokens stored on them. With this information, attackers can access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

Organized sextortion led four British men to suicide​
Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims.

SAMRi10: Windows 10 hardening tool for thwarting network recon
Microsoft researchers Itai Grady and Tal Be’ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced “Samaritan”).

Next level red teaming: Working behind enemy lines
The term “hacker” calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon. This is the story about one such person.

Protecting smart hospitals: A few recommendations
The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats.

Network security: A team sport for SMBs
Soccer, often regarded as the world’s most popular sport, is a similar universal phenomenon – one that lends itself well as a lens to see how SMB teams can work together to mitigate security risks.

Did Tesco Bank attackers guess victims’ payment card details?
A group of researchers from Newcastle University have discovered a practical and easy way for attackers to quickly guess individuals’ Visa payment card info needed to perform fraudulent card-not-present transactions.

AirDroid app opens millions of Android users to device compromise
Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through malicious updates.

San Francisco transport system ransomware attacker also extorted other US-based businesses
According to an unnamed security researcher who managed to hack the attacker’s email account, a number of US-based manufacturing and construction firms have been hit before the SFMTA, and at least one of them paid the ransom.

Massive cybercrime infrastructure demolished
The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone.

Insecure pacemakers can be easily hacked
A group of researchers has discovered that it’s not that difficult for a “weak adversary” with limited resources and capabilities to fiddle with or even shut down a variety of insecure pacemakers and Implantable Cardioverter Defibrillators (ICDs), putting the lives of the individuals who use them in jeopardy.

65% of social engineering attacks compromised employee credentials
Social engineering is having a notable impact on organizations across a range of industrial sectors in the US.

Europol terrorism investigations data found exposed online
700 pages of confidential dossiers, which included details about terrorism investigations in Europe, have been found exposed on the Internet by the reporters of Dutch TV documentary programme Zembla.

Node.js Foundation to oversee the Node.js Security Project
The Node.js Security Project will become a part of the Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform.

Seal the integrity of your logs with Waterfall BlackBox
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how, in order to keep log repositories more secure than the attacked network, Waterfall developed the BlackBox.

Five step approach to address data breaches, increase online trust
The Internet Society is urging organisations to change their stance and follow five recommendations to reduce the number and impact of data breaches globally.

Deutsche Telekom confirms malware attack on its routers
The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers.

New infosec products of the week​: December 2, 2016
A rundown of infosec products released last week.

Share this
You are reading
web

Week in review: Sextortion, Firefox 0-day, and next level red teaming