Weekly Infosec News Brief 7-13 August

Malvertising Attacks Via Major Sites and Advertising Providers Persist

Dynamic web advertisements containing malicious code are continuing to show up on major, reputable sites and advertising networks. The latest such attack announced involved malicious advertisements distributed through Yahoo's advertising network beginning in late July. In many ways, such malvertising attacks are becoming as big a threat as phishing attacks. The targeting capabilities of web advertising networks enable attackers to use such networks to aim their malware campaigns at users based on common attributes such as income, purchasing interests, etc. Proactive protection against exploits is the best solution, as well as limiting exposure to common web-based vulnerabilities such as Flash-based advertisements.
http://www.scmagazine.com/hackers-spread-malware-via-yahoo-ads/article/437075/
http://www.scmagazine.com/drudge-report-other-high-traffic-websites-delivered-malware-over-three-week-period/article/438761/
http://www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/


 Microsoft "Patch Tuesday" Fixes Include Patches for Five Critical Flaws

Microsoft released a total of twelve bulletins last Tuesday, with fixes for a total of 56 different vulnerabilities. Five of these were critical vulnerabilities. The most significant was MS15-094, which relates to a number of memory handling flaws in Internet Explorer. The patch affects all versions of Windows, including Windows 10, which is interesting in that the new "Edge" browser that replaced Internet Explorer on Windows 10. The other notable bulletin is MS15-098, which also affects all supported Windows versions. This bulletin relates to a flaw in Windows Journal which leads to a denial of service vulnerability which can lead to data loss.
https://technet.microsoft.com/en-us/library/security/ms15-sep.aspx
http://www.zdnet.com/article/september-2015-patch-tuesday/


Department of Energy Network Infiltrated 159 Times in Four Years

A Freedom of Information Act request by USA Today showed that the Department of Energy's systems were compromised 159 times during a 48-month period from 2010 to 2014. The 159 successful infiltrations resulted from approximately 1,131 targeted attacks. The details of what access may have been gained or what information may have been obtained are unknown. The interesting lesson is the difficulty in keeping a determined adversary out even when you know your network is targeted, and the importance of post-exploit detection and remediation. To some extent, detecting 159 successful intrusions is a success story, in that most successful intrusions are still never detected by the affected organization, but instead by outside parties. What is your organization's strategy for detecting and remediating compromises?
http://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/
http://www.computerworld.com/article/2983029/data-security/reports-of-attacks-on-the-dept-of-energy-raise-alarms.html


DHS Advises Agencies to Engage Outside Experts in Fighting Intrusions, Outsource Data Centers

Ann Barron-DiCamillo, director of the US Computer Emergency Readiness Team discussed measures that federal agencies should take to deal with intrusions at the NextGov Prime conference last Wednesday. She noted that agency personnel often deal with compromised hosts in a way that is either ineffective at removing intrusions or destroys vital evidence -- or both. Former DHS CIO Richard Spires, speaking at the same event, advocated that federal agencies should move quickly to close all their in-house data centers and move their servers to FedRAMP-approved hosting providers due to the agencies' inability to maintain security in their data centers. If large federal agencies with large IT and infosec budgets are best off outsourcing these types of requirements, what is your organization's plan for dealing with intrusions and securely hosting applications?
http://www.nextgov.com/cybersecurity/2015/09/dhs-heres-why-agencies-should-not-try-boot-hackers-themselves/120647/?oref=ng-HPtopstory

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more