Week in review: Self-healing malware, Patch Tuesday postponed, RSA Conference 2017

Here’s an overview of some of last week’s most interesting news and articles:

RSA Conference 2017 coverage
Check out what you missed at the infosec event of the year.

Banks around the world targeted in watering hole attacks
The January attacks against Polish financial institutions through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle, elements of which are slowly coming to light.

Hacker breached 60+ unis, govt agencies via SQL injection
According to a report by Recorded Future, the hacker uses a proprietary SQLi tool to gain access to the targets’ databases and then sells access to them to other cyber crooks.

Magento-based online shops hit with self-healing malware
Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code.

Security skills gap? What security skills gap?
Not every country has the same level of demand for cybersecurity professionals, and not every country suffers from the same severity of skills shortage; nor are all fields within cybersecurity in equally short supply

Secure messaging app Wickr opens core crypto protocol to review
Wickr, the San Francisco-based company that’s behind the secure ephemeral messaging app of the same name, has published the core crypto protocol powering both the personal and the business versions of the app.

Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of major operating systems and browsers by exploiting a common feature of computer microprocessors.

Russian-speaking cybercriminals created over 75% of all crypto ransomware
An analysis of the Russian-speaking ransomware underground, conducted by the company’s researchers, showed that the increase in crypto ransomware attacks observed in recent years is the result of a very flexible and user-friendly underground ecosystem, allowing criminals to launch crypto ransomware attack campaigns with almost any level of computer skills and financial resources.

Microsoft postpones Patch Tuesday
Patch Tuesday is the day when most system administrators sit down and perform critical patching of the systems under their control – or at least begin testing the updates and patches released by Microsoft, and planning their deployment.

Five ways to prevent data leaks
Any business running multiple cloud-based apps runs a high risk of exposure through data leakage. Here are five ways to keep data protected and secure this year.

PacketTotal: Free online tool for analyzing packet captures
PacketTotal is meant to provide security analysts and researchers with useful information in a matter of minutes.

Metadata: The secret data trail
Every phone call, text message, even activated cell phones, leaves a trail of data across a network. In many cases this data is aggregated with other data and metadata including social media, web browsing, app data, GPS, shared pictures and other associated data to provide greater context. This data can then be used to fight crime and terrorism, or in the wrong hands, it can be used to facilitate a cyber attack.

Yahoo notifies more users of malicious account activity
Yahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords.

XAgentOSX Mac malware linked to Russian hacking group
Researchers have discovered and analyzed a new piece of Mac malware that is believed to be used by the Sofacy (aka Fancy Bear, aka Pawn Storm, aka APT28) hacking group.

Source: Help Net Security – News @ February 19, 2017 at 11:44AM

0
Share