Information Security News
Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.
In an attack that ended early Friday morning, visitors to Last.fm, The Times of Israel, and The Jerusalem Post ran the risk of their computers becoming infected as Zedo redirected visitors' systems to malicious servers. Because the advertisements hosted on Zedo's servers were distributed through Google's Doubleclick, the attack reached millions of potential victims, Jerome Segura, senior security researcher at Malwarebytes Labs, told Ars.
Distributing malware through legitimate advertising networks, a technique known as "malvertising," has become an increasingly popular way to compromise the systems of consumers and workers alike.
by Sean Gallagher
When Home Depot suffered a breach of transaction data that exposed as many as 52 million credit card transactions earlier this year, the company reportedly suffered from lax computer and network security measures for years. Apparently, the company wasn’t helped much by its selection of a security architect either. Ricky Joe Mitchell was hired by Home Depot in 2012, and in March of 2013, he was promoted to the position of Senior Architect for IT Security at Home Depot, in charge of the entire company’s security architecture. In May of 2014, Mitchell was convicted of sabotaging the network of his former employer.
When Mitchell learned he was going to be fired in June of 2012 from the oil and gas company EnerVest Operating, he “remotely accessed EnerVest’s computer systems and reset the company’s network servers to factory settings, essentially eliminating access to all the company’s data and applications for its eastern United States operations,” a Department of Justice spokesperson wrote in a release on his conviction. “Before his access to EnerVest’s offices could be terminated, Mitchell entered the office after business hours, disconnected critical pieces of…network equipment, and disabled the equipment’s cooling system.” As a result of his actions, the company permanently lost some of its data and spent hundreds of thousands of dollars repairing equipment and recovering historical data. It took a month to bring the company’s office back online, costing the company as much as $1 million in lost business.
And that wasn’t the first time he used technology for revenge. Mitchell’s previous legal troubles resulting from malicious use of his technical skills dates back to when he was a high school junior. In 1996, at the age of 17, Mitchell—who then went by the handle “RickDogg” in online forums—planted viruses in his high school’s computer system. He was suspended for three days from Capital High School for planting 108 computer viruses “to disk space… assigned to another student on the Capital High School computer system,” according to a school district memo obtained by the Charleston Gazette. He then posted threats to students whom he blamed for reporting him. Mitchell was expelled from the school and sued to be re-instated. The case eventually went to the West Virginia Supreme Court.
I just receive a pretty "plausible looking" e-mail claiming to originate from Logmein.com. The e-mail passed the first "gut check".
Of course, the .zip attachment did set off some alarm bells, in particular as it unzipped to a .scr (Screen Saver).
According to VirusTotal, AV detection is almost non-existant at this point:
LogmeIn does publish a SPF record, and the e-mail did not originate from a valid LogmeIn mail sender, so it should be easy to descriminate against these emails using a standard spam filter.
Haven't upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOS's core graphics library. An exploit is now available for this vulnerability.
NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it.
The author claims that the exploit is "compleatly reliable and portable on iOS 7.1.x". The exploit comes in the form of a malformed PDF, which would usually be delivered as an image inside an HTML page.
Posted by InfoSec News on Sep 22http://www.nextgov.com/cybersecurity/2014/09/white-house-cyber-czar-being-called-total-n00b-just-comes-territory/94652/
Posted by InfoSec News on Sep 22http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/
Posted by InfoSec News on Sep 22http://www.timesofisrael.com/israel-ramps-up-cyber-defense-with-new-national-body/
Posted by InfoSec News on Sep 22http://www.healthcareitnews.com/news/developers-want-mhealth-HIPAA-security-talks
Posted by InfoSec News on Sep 22http://venturebeat.com/2014/09/18/the-greatest-john-mcafee-email-ever/