Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending June 26, 2015. Covers enterprise, controversies, reports and more.
- Around 1,400 passengers of the Polish airline LOT were grounded at Warsaw's Chopin airport on Sunday. LOT claimed it was the target of a cyberattack -- but questions later surfaced about whether the airline was actually attacked or something less sinister was going on.
- On Thursday, Newsweek published what they claim is an exclusive story centered on Chinese hackers that have penetrated an untold number of FBI personnel files in a data breach with "potentially dangerous national security implications." One security reporter is adamant that Newsweek got it wrong.
- On Tuesday, Symantec released a whitepaper on the Dyre malware banking trojan and its impact on the financial fraud landscape, noting that the malware targets all three major browsers (Internet Explorer, Firefox, and Chrome), and that it has been configured to target customers at more than 1,000 banks and other firms around the globe -- making it the financial trojan of choice among cybercriminals.
- The owner and co-creator of the Blackshades remote administration tool (RAT) was sentenced to 57 months in prison on Tuesday, according to an FBI release. The malware was sold to thousands worldwide and used to infect more than half a million people.
I enjoyed your new post "Why the latest breach means you need a product exactly like mine."
-- adam shostack (@adamshostack) June 25, 2015
- Phil Zimmermann spoke to Tech Republic on encryption, privacy, and avoiding a surveillance state in Defending the last missing pixels. Since writing the PGP encryption software in the 1990s, Phil Zimmermann has been a key figure in the internet privacy debate. With that argument heating up again, his perspective is more relevant than ever.
- After the Office of Personnel Management (OPM) break-in, which lead to millions of federal employees personnel records being stolen, the OPM informed employees of a credit and identity protection plan for them. These notices were quickly duplicated by a hacker and used to sent phishing e-mails. It's now understood that the personal data of 18 million current, former, and prospective federal employees was stolen in the attack.
PLEASE oppose ICANN stripping away WHOIS privacy - it's one of the best protections people have against getting doxed http://t.co/bDSb2JL9Rt
-- Crash Override (@CrashOverrideNW) June 24, 2015
- Leaked government credentials were discovered to be abundant on the public web: In an analysis of 660,000 pieces of information collected from 17 different paste sites, including the popular Pastebin site, intelligence firm Recorded Future found login credentials for 89 unique domains possibly belonging to government agencies that had been posted over a one-year period ending Nov. 3 2014.
- Eighteen months after his arrest, a Turkish national accused of masterminding a worldwide string of ATM heists netting as much as $55 million (once described as the world's "number two hacker") has been sent to the US to face trial. Ercan Findikoğlu (aka "Segate" and "Predator") faces as much as 247 years in prison.
- Government officials from China and the United States have agreed to establish a code of conduct outlining "appropriate behavior" in cyberspace. US Secretary of State John Kerry told reporters Wednesday that the two countries must cooperate to address cybersecurity concerns. The announcement followed two days of discussions in Washington where representatives from both governments gathered for the annual China-U.S. Strategic and Economic Dialogue.
- Facebook has filled a void in its executive suite by luring over an executive from Yahoo. Yahoo's now-former CISO Alex Stamos announced appropriately enough via his Facebook page on Wednesday that he has been hired by the social network as its new chief security officer.
Don't roll your own crypto. If somebody passes you an algorithm you're not familiar with: Just Say No! pic.twitter.com/9fCkpiz3ue
-- OpSec Animals (@opsecanimals) June 21, 2015
- Kaspersky Lab targeted by NSA, GCHQ in 2008: From information in documents obtained by The Intercept, it was reported this week that The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab.
- Cloud access security app provider Elastica is partnering up with Cisco and Telstra to expand its footprint into Australia. Elastica will leverage its newly signed strategic alliance with Telstra and recently announced reseller agreement with Cisco to provide customers with access to its cloud security broker solutions.
- This week, the Washington Post profiled legendary Boston-based hacker collective L0pht Heavy Industries, well-known for testifying before a Senate panel in 1998 to warn the U.S. government about cybersecurity dangers of the Internet and connected networks, and handily -- correctly -- predicted that the federal government had neither the skill nor the will to do anything about it.
- Microsoft's Enterprise Mobility Suite - a subscription service bundle consisting of Azure Active Directory Premium, Azure Rights Management and Intune - is getting a new addition: Advanced Threat Analytics. Except not just yet: The blog post announcing the addition, perhaps posted pre-emptively, was taken down June 23.