HackDig : Dig high-quality web security articles for hackers

ITsecurity Daily Briefing: 08/18/2014

2014-08-19 04:10
ITsecurity Daily Briefing: 08/18/2014

The ITsecurity daily security briefing: Thursday August 18, 2014.

NewsPapers/ReportsWebThingsEventsM&AAlerts

line

News

Hillary Clinton’s phone ‘hacked by German intelligence’
“Hillary Clinton’s phone was hacked during her time as US Secretary of State, German media reports. Allegations are set to question US-German relations just months after the Merkel hacking scandal.”
DW (Deutsche Welle):
http://www.dw.de/hillary-clintons-phone-hacked-by-german-intelligence/a-17857728

Dirty tricks at centre of credit union snooping
“Sensitive personal data, including addresses and job details, was handed over by the Department of Social Protection after just one phone call from private investigators pretending to be State officials.”
Independent.ie:
http://www.independent.ie/irish-news/dirty-tricks-at-centre-of-credit-union-snooping-30512927.html

Yara 3.0.0 released
“YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.”
Yara:
http://plusvic.github.io/yara/

PIC website hacked
“The website of [South African] government-owned Public Investment Corporation’s (PIC) – which has more than R1.6 trillion under its management – has been hacked.” The hacker describes himself as ‘J4r: Gov’s Attacker’, and ‘Moroccan Haxor0.
Business Tech:
http://businesstech.co.za/news/government/65996/pic-website-hacked/

Browlock: ransomware delivered from adult sites
Type: browser blocking rather than file encrypting. Use Task Manager to terminate the browser process. Victims mostly in US, UK and Europe.
F-Secure:
http://www.f-secure.com/weblog/archives/00002735.html

Nearly one-quarter UK workers willing to pay for privacy
Silent Circle poll: “…found that 88% of UK workers believe their calls and texts are being listened to, versus 72% of Germans. When asked if they’d buy a phone, or subscribe to a service, that protected calls/texts from eavesdroppers, a third of Germans (33%) would happily sign up with almost a quarter of Brits (23%) willing to exchange cash for privacy.”
Via press release:
Silent Circle – https://www.silentcircle.com/

That Blackphone hack at DefCon…
“This hack is not applicable in real-world situations,” Case told Threatpost. “You would have to find the super rare Blackphone user who doesn’t update, doesn’t encrypt, steal their phone, beat their PIN out of them, then have the know-how and tools to exploit it.”
Threatpost:
http://threatpost.com/fog-lifts-on-rooted-blackphone-merry-go-round

BREAKING Bitcoin Price Collapse
“The price of Bitcoin is down 9.15% this morning and is trading at $477.88… There was a fun trade in Bitcoin, but that was it. In the EPJ Daily Alert, I advised a buy at aprox. $40 and a sell at aprox. $700. Now, I woudn’t go near the thing, even for a short-term trade.”
Economic Policy Journal:
http://www.economicpolicyjournal.com/2014/08/breaking-bitcoin-price-collapse.html

Microsoft pulls Patch Tuesday kernel update – MS14-045 can cause Blue Screen of Death
“Microsoft has pulled one of its August 2014 Patch Tuesday updates. MS14-045, which fixes various security holes in the Windows kernel, can cause a Blue Screen of Death (BSoD), thus forcing a reboot.”
Naked Security:
http://nakedsecurity.sophos.com/2014/08/18/microsoft-pulls-patch-tuesday-kernel-update-ms14-045-can-cause-blue-screen-of-death/

line

Whitepapers and Reports

Schrodinger’s Cat Video and the Death of Clear-Text
An analysis of commercial spying software (eg FinFisher and RCS/DaVinci) and how it is used by national intelligence agencies.
Citizen Lab:
https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/

Trend Micro analysis of Q2 2014
Examines trends and techniques in cyber attacks and looks at the coming threat from and to the Internet of Everything.
Trend Micro:
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-turning-the-tables-on-cyber-attacks.pdf

Combating Account Takeover: Why banks and credit unions need a new strategy to fight fraud
“How to implement a proactive and robust fraud prevention strategy that aggressively fights to stop ATO [account takeover] attacks.”
PhishLabs:
http://info.phishlabs.com/new-strategy-fight-ato

Web Server Attack Investigation – Installing a Bot and Reverse Shell via a PHP Vulnerability
“With Windows malware getting so much attention nowadays, it’s easy to forget that attackers also target other OS platforms. Let’s take a look at a recent attempt to install an IRC bot written in Perl by exploiting a vulnerability in PHP…”
InfoSec Handlers Diary Blog:
https://isc.sans.edu/diary/Web+Server+Attack+Investigation+-+Installing+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543

line

Webcasts and Webinars

line

Events

line

Mergers and Acquisitions

line

Alerts

CSRF vulnrability on fiverr.com
“Fiverr recently raised $30 million in a third round of institutional funding to continue supporting the new version of its marketplace, but the company ignored the advance warning of the critical bug reported responsibly by a vulnerability hunter and fails to patch up their website before his public release.”
The Hacker News:
http://thehackernews.com/2014/08/hacking-fiverrcom-accounts_16.html


Source: /41028180-gnifeirb-yliad-ytirucesti/80/4102/ku.oc.ytirucesti

Read:12291 | Comments:0 | Tags:News account takeover Bitcoin Blackphone Browlock BSOD Clint

“ITsecurity Daily Briefing: 08/18/2014”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools