Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
How Online Crime Gets Online and Stays Online: Bulletproof Hosting Services
In understanding online crime it’s easy to overlook the most critical piece that enables it in the first place. The entities that give online criminals their online presence are the linchpin: if criminals can’t get and stay online, there is no online crime – enter bulletproof hosters.
Google and Mozilla Disabled Flash Over Security Concerns
Mozilla’s Firefox and Google’s Chrome browsers blocked old versions of Adobe Flash Player animation software — often used to play online videos — following news reports that hackers were using a security bug to take over peoples’ computers.
Hacking Team Spyware Was Preloaded with UEFI BIOS Rootkit to Hide Itself
Trend Micro security researchers found that the Hacking Team uses a UEFI BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems, even if the reinstall the Operating System, reformat or by a new hard disk, are implanted after Microsoft Windows is up and running.
Federal Cybersecurity Incidents Have Increased More than 1,000% Since 2006
Cybersecurity incidents in the federal government have skyrocketed by more than 1,000% in recent years, according to a report from the Government Accountability Office.
Pawn Storm: The First Java Zero-Day Attack in 2 Years Targeted NATO & US Defense Organizations
This latest Pawn Storm attack is being carried out using a new, unpatched vulnerability against Oracle’s Java, making this the first known zero-day attack against Java since 2013. The campaign focused on high-profile, sensitive targets, including a NATO member and a U.S. defense organization.
Reputation Control + Cybersecurity Hurt In OPM Hack
The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.
Adobe, MS, and Oracle Push Critical Security Fixes
In response to the multiple vulnerabilities recently discovered, this Patch Tuesday included more than just Microsoft Windows. Adobe has released a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Oracle also issued a critical patch update that plugs more than two dozen security holes in Java.
Pawn Storm C&C Redirects to Trend Micro IP Address
Our monitoring of Operation Pawn Storm has led us to an interesting finding: the domain we previously reported hosting the Java 0-day used in the latest Pawn Storm campaign was modified to now lead to a Trend Micro IP address.
New GamaPoS Malware Piggybacks on Andromeda Botnet and Spreads in 13 US States
We discovered GamaPoS, a new breed of point-of-sale (PoS) threat currently spreading across the United States and Canada through the Andromeda botnet. GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems.
Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.