Zero Day Weekly: Hacking Team, Lizard Squad, OpenSSL patch, OPM director won't resign
Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending July 10, 2015. Covers enterprise, controversies, reports and more.
- All U.S. flights on United Airlines were grounded for about two hours early on July 8 due to what the airline calls a "network connectivity issue" that kept airplanes out of the skies. The outage was reported by the airline to the FAA, which led to a stop that grounded the airline's mainline jets; an estimated 4,900 flights were impacted by the problem worldwide.
- A malicious version of BatteryBot Pro App for Android was found on Google Play this week. The rogue app is designed to conduct ad fraud, send SMS messages to premium rate numbers, and download additional threats. BatteryBot is an application that monitors the battery of Android devices, and is installed on between 100,000 and 500,000 user devices.
- A key Lizard Squad member has been convicted of 50,700 charges related to computer crimes this week, according to Finnish newspaper Kaleva. Julius "zeekill" Kivimaki, 17, recieved a two-year suspended sentence and must undergo monitoring of his online activities, according to Finnish media. He will not go to prison.
'Stealing Lastpass Passwords With Clickjacking' https://t.co/nHuyX3vafK < cool attack, and patches are 'mostly' available
-- Jeremiah Grossman (@jeremiahg) July 9, 2015
- Some PDF files shown to Google are not the web pages seen by users. Although Google takes steps to prevent black hat search engine optimization (SEO) tactics, researchers with Sophos have observed an effective technique involving PDF files that could be used to promote potentially malicious websites.
- TerraCom and YourTel America failed to adequately protect the personal information of more than 300,000 customers, the FCC said. The mobile and telecom service providers will pay a combined US$3.5 million after the U.S. Federal Communications Commission found that they were storing customers' personal data on unprotected servers accessible over the Internet.
- Another day, another OpenSSL patch: The latest OpenSSL security hole (which allows attackers to impersonate any trusted server) isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.
OPM director says she is "committed" to doing the work to repair breach. Says she's not resigning.
-- Shane Harris (@shaneharris) July 9, 2015
- OPM has been hit by a second breach, leading to the theft of more than 21 million individuals' records. The figure confirmed Thursday by OPM is in addition to the previous breach, and the total figure now stands at almost 26 million individuals affected by the two breaches. The two attacks are separate, but related. It has been reported that OPM's director has no technology, cybersecurity or crisis management experience -- and stated this week that she will not resign. Update: She quit this morning.
- US presidential candidate Hillary Clinton has accused China of "trying to hack into everything that doesn't move in America" and stealing government information, in strongly worded comments likely to irk Beijing. Clinton, a former secretary of state, pulled no punches in remarks to Democratic supporters at a campaign event in New Hampshire.
- The director of the FBI called for a "robust" debate on encryption on Monday. FBI chief James Comey (again) warned that the increasing use of strong encryption will make it harder for law enforcement to access email or other digital conversations. Interestingly, he added, "It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption. Those are decisions Americans should make ... "
DEADLINE for public comment on @BISgov's proposed 'cyber rule' is 20th July; checklist here : http://t.co/FV01JvcF6V pic.twitter.com/Ir6EO1s0U9
-- marasawr (@marasawr) July 9, 2015
- The attackers that targeted Apple, Facebook, Microsoft, and Twitter two years ago in a series of high-profile hacks are still active. The gang, which Symantec calls Butterfly, is not-state sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical and commodities sectors. Twitter, Facebook, Apple and Microsoft are among the companies who have publicly acknowledged attacks. The hacking group, motivated by financial gain, is thought to target companies on request, and "ought to be taken seriously by corporations," said the research.
- The New York Stock Exchange abruptly halted trading of all securities just after 8:30AM PT/11:30AM ET on Wednesday, prompting widespread speculation online that it had been hacked. The halt was part of two malfunctions the NYSE incurred that day. Such an event is not unprecedented. For example, nearly two summers ago Nasdaq halted trading abruptly due to technical difficulties.
- Over the weekend, the Hacking Team spyware firm was the victim of a cyberattack, and Monday was publicly dismantled online by hackers around the world. Hacking Team's chief marketing officer spoke with press Tuesday, saying it was a "sophisticated attack" and that "There is no evidence in those files we are doing anything illegal, and I would argue, 'unethical'." What has been found in the company's client list files, mostly comprised of countries with egregious human rights abuses is exactly the opposite.
HackingTeam had a Wassenaar export license. This control _cannot_ work to curb what you want it to curb. http://t.co/SRBXOXK8m6
-- the grugq (@thegrugq) July 10, 2015