Zero Day Weekly: Dyre warnings, LOT doubts, OPM fallout, Facebook swipes Yahoo CISO
A collection of notable security news items for the week ending June 26, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending June 26, 2015. Covers enterprise, controversies, reports and more.
On Thursday, Newsweek published what they claim is an exclusive story centered on Chinese hackers that have penetrated an untold number of FBI personnel files in a data breach with "potentially dangerous national security implications." One security reporter is adamant that Newsweek got it wrong.
On Tuesday, Symantec released a whitepaper on the Dyre malware banking trojan and its impact on the financial fraud landscape, noting that the malware targets all three major browsers (Internet Explorer, Firefox, and Chrome), and that it has been configured to target customers at more than 1,000 banks and other firms around the globe -- making it the financial trojan of choice among cybercriminals.
The owner and co-creator of the Blackshades remote administration tool (RAT) was sentenced to 57 months in prison on Tuesday, according to an FBI release. The malware was sold to thousands worldwide and used to infect more than half a million people.
I enjoyed your new post "Why the latest breach means you need a product exactly like mine."
Phil Zimmermann spoke to Tech Republic on encryption, privacy, and avoiding a surveillance state in Defending the last missing pixels. Since writing the PGP encryption software in the 1990s, Phil Zimmermann has been a key figure in the internet privacy debate. With that argument heating up again, his perspective is more relevant than ever.
Eighteen months after his arrest, a Turkish national accused of masterminding a worldwide string of ATM heists netting as much as $55 million (once described as the world's "number two hacker") has been sent to the US to face trial. Ercan Findikoğlu (aka "Segate" and "Predator") faces as much as 247 years in prison.
Government officials from China and the United States have agreed to establish a code of conduct outlining "appropriate behavior" in cyberspace. US Secretary of State John Kerry told reporters Wednesday that the two countries must cooperate to address cybersecurity concerns. The announcement followed two days of discussions in Washington where representatives from both governments gathered for the annual China-U.S. Strategic and Economic Dialogue.
Facebook has filled a void in its executive suite by luring over an executive from Yahoo. Yahoo's now-former CISO Alex Stamos announced appropriately enough via his Facebook page on Wednesday that he has been hired by the social network as its new chief security officer.
Don't roll your own crypto. If somebody passes you an algorithm you're not familiar with: Just Say No! pic.twitter.com/9fCkpiz3ue
Kaspersky Lab targeted by NSA, GCHQ in 2008: From information in documents obtained by The Intercept, it was reported this week that The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab.
Cloud access security app provider Elastica is partnering up with Cisco and Telstra to expand its footprint into Australia. Elastica will leverage its newly signed strategic alliance with Telstra and recently announced reseller agreement with Cisco to provide customers with access to its cloud security broker solutions.
Microsoft's Enterprise Mobility Suite - a subscription service bundle consisting of Azure Active Directory Premium, Azure Rights Management and Intune - is getting a new addition: Advanced Threat Analytics. Except not just yet: The blog post announcing the addition, perhaps posted pre-emptively, was taken down June 23.