Week in review: Vulnerable encryption, Mac backdoor, Flash Player 0day exploited in the wild

Here’s an overview of some of last week’s most interesting news and articles:

Vulnerability in code library allows attackers to work out private RSA keys
Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. This private key could be then misused to impersonate its legitimate owner, decrypt sensitive messages, forge signatures (e.g. for software releases) and more.

Almost half of non-IT and data pros don’t understand blockchain
A survey of over 200 board level UK executives has found that while over half of businesses sampled are planning blockchain initiatives, less than 1 in 10 believe they have the required skill sets in place within their organisations. At the same time, more than 40 per cent of non-IT/data senior executives admit to not fully understanding blockchain technology.

MacOS Proton backdoor delivered via Trojanized media player app
A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found.

Adobe releases emergency fix for Flash Player zero-day exploited in the wild
Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International.

EU MEPs want stronger privacy rules for Internet-enabled communication services
With 31 votes for, 24 against and one abstention, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has backed new privacy protections for EU citizens.

WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic
WPA2, a protocol that secures modern protected Wi-Fi networks, sports serious weaknesses that can allow attackers to read and capture information that users believe to be encrypted (e.g. passwords, payment card numbers, etc.).

Another KRACK in the network perimeter
When a high profile vulnerability surfaces that is as far reaching as KRACK, a WPA2 encryption attack to hijack Wi-Fi networks, it’s common to respond impulsively. “Why are people using outdated technologies?” or “Why aren’t people patching their software?” While easy to blame the protocols and the people involved, it gets us nowhere. Every breach gets the same treatment. If we’re ever going to get out of this infinite loop, we need a fundamentally different perspective on corporate security architectures that completely breaks from tradition.

Millions download botnet-building malware from Google Play
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices.

The complex digital life of the modern family: Online safety and privacy concerns
The National Cyber Security Alliance (NCSA) conducted a study to better understand teens and parents’ attitudes, concerns and knowledge base about online safety and privacy and how they view their own responsibility to keep themselves safe while on the Internet.

Using a robust platform for cyber threat analysis training
As more intelligence teams become established with the aim to fortify networks and reduce the liabilities and risks associated with data breaches, the need for trained threat analysts is increasing. Yet, there are very few that can represent their findings in a manner that is helpful to decision-makers. To correct this, organisations need to train cyber threat analysts using a technique that builds on the use on a threat intelligence platform (TIP) as a key tool in conveying the tradecraft of cybersecurity threat intelligence.

Business suffers as over-zealous security tools block legitimate work
Most security teams utilise a ‘prohibition approach’ – i.e. restricting user access to websites and applications – a tactic which is hampering productivity and innovation while creating major frustration for users, according to research conducted by Vanson Bourne.

Digital transformation and the loss of security control
Unpatched web infrastructure and de-centralised web management practices are leaving UK organisations vulnerable to cyber-attacks and high profile data breaches. New RiskIQ research reveals a loss of control amongst the FT30, expanding their digital attack surface and opening doors to cyber criminals.

Cisco plugs WPA2 holes, critical Cloud Services Platform flaw
Cisco has released updates to address vulnerabilities in a wide variety of its products. Among these are updates fixing the WPA2 vulnerabilities that can be exploited in the newly unveiled KRACK attacks, as well as a critical vulnerability affecting the company’s Cloud Services Platform.

Google wants bug hunters to probe popular Android apps for bugs
Currently in scope are all of Google’s apps available on Google Play, as well as the Alibaba, Dropbox, Duolingo, Headspace, Line, Snapchat, Mail.Ru, and Tinder apps.

Android DoubleLocker ransomware encrypts data, changes device PIN
DoubleLocker is distributed mostly through compromised Web sites, masked as a Adobe Flash Player update.

Enterprise container security: There’s room for improvement
With companies such as Facebook, Netflix and Google heralding the use of containers for their agility, portability, and cost benefits – enterprises are following suit. But the introduction of new processes and changes to infrastructure require a significant shift in focus.

The pervasive risk of vulnerable open source components
Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers.

New infosec products of the week​: October 20, 2017
A rundown of infosec products released last week.