Information Security News
The Adobe Flash zero-day exploit that spyware developer Hacking Team made available to customers worked successfully against even the advanced defenses found in Google's Chrome browser, researchers said Friday. They also noted that it was used to infect computer users multiple times before it was leaked.
Google developers patched the underlying Flash vulnerability in Chrome on Tuesday (for proof, use enter about:version in the address bar and note the Flash version), and Adobe published a general fix a day later.
The leak of the previously unknown exploit resulting from the devastating hack of Hacking Team last weekend and exploit kits available on the black market quickly added attack code to use the flaw. It allows attackers to surreptitiously install malware on targets' computers, and there's evidence that before last weekend's breach, Hacking Team customers used the Flash zero-day against live targets.
In a statement, Katherine Archuleta wrote that it was “best for me to step aside” from leading the agency charged with managing federal employees. She had been in the position for just over two years.
This is quite a reversal for the OPM boss. Speaking before a Senate hearing on June 23, Archuleta said, "I'm as angry as you are that this is happening... I am dedicated to ensuring that OPM does everything in its power to protect the federal workforce and to ensure that our systems will have the best cyber security posture the government can provide.”
If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens of thousands of dollars in just a matter of weeks.
After Hacking Team, the Italian spyware vendor, was itself hacked and 400GB of its internal data released onto BitTorrent, Ars reviewed internal e-mails from the company. The chain of e-mails that follow offer a rare look into exactly how new security vulnerabilities get sold to companies and governments around the globe.
The Moscow vendor’s first e-mail, dated October 13, 2013, was short and to the point:
Posted by InfoSec News on Jul 10http://www.rollingstone.com/music/news/madonna-phone-hacker-sentenced-to-14-months-in-jail-20150709
Posted by InfoSec News on Jul 10http://www.networkworld.com/article/2946040/security0/gao-early-look-at-feds-einstein-3-security-weapon-finds-challenges.html
Posted by InfoSec News on Jul 10http://www.wired.com/2015/07/senator-sasse-washington-still-isnt-taking-opm-breach-seriously/
Posted by InfoSec News on Jul 10http://www.theregister.co.uk/2015/07/09/caspar_bowden_dies_cancer_battle/
Posted by InfoSec News on Jul 10http://www.forbes.com/sites/insertcoin/2015/07/09/lizard-squad-hacker-who-shut-down-psn-xbox-live-and-an-airplane-will-face-no-jail-time/
Posted by InfoSec News on Jul 10http://krebsonsecurity.com/2015/07/credit-card-breach-at-a-zoo-near-you/
Posted by InfoSec News on Jul 10http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274