Energetic Bear APTs, Bugged Browsers, and Trojaned Extension
Another week, another pile of scary sounding security stories. But don’t freak out… If you know how to protect yourself, you can easily avoid most of these vulnerabilities and issues. Enjoy another episode of WatchGuard Security Week in Review for a quick recap of the Infosec news from the week, and what to do about it. .
Today’s show includes how shady advertisers are booby-trapping Chrome extensions, a speech recognition issue that might allow malicious websites to bug your browser, and news of a Russian APT campaign targeting the foreign energy sector. For all that and more, watch the video below, and don’t forget to peruse the Reference section for links to some extra security stories too!
Keep vigilant and have a great weekend!
(Episode Runtime: 9:31)
Direct YouTube Link: http://www.youtube.com/watch?v=c8N2c1q8TXc
Episode References:
- Google extension auto updates result in adware – The Guardian
- How to Geek’s list of shady extensions – HowtoGeek
- Chrome’s speech recognition can be used to bug your browser – Tal Ater Blog
- Video demonstrating Chrome bugging – YouTube
- Source code for “Chrome-is-listening” issue – Github
- Israeli university researcher discover Android VPN vulnerability – The Register
- Researchers discover the first Android bootkit trojan – 360 Technology
- Crowdstrike Global Threat Report highlights Energetic Bear – Crowdstrike
Extras:
- Vietnamese attackers target EFF – EFF
- Insider steals 20 million South Korean customer records with USB key – Mashable
- NSA’s Dishfire campaign collect millions of text messages – The Guardian
- 95% of ATMs use Windows XP… Uh Oh! – Digital Trends
- Russian teens associated with BlackPOS malware (but not necessarily Target attack) – TechWorld
- Ars Technica doubts an Internet of Things botnet – Ass Technica
- China says hackers took down the Internet, Experts say it was the Chinese censors– The Washington Post
- Facebook pays $33K bounty for a major RCE vulnerability – ThreatPost
- Obama’s Privacy Review board says NSA phone data collection is not legal – CNN
- SEA hacks Microsoft blog again! – BBC
- More Foscam Web IP camera vulnerabilities (sigh) – KrebsonSecurity
- Neiman Marcus releases some breach details, 1.1 million cards affected – Neiman Marcus
- New Snapchat verification feature hacked in 30 minutes – Business Insider
- Windows malware moves to Android phones – The Inquirer
- Researchers mass scan for the Sercomm backdoor – Quarks Lab
- Ask Snowden Twitter chat – FreeSnowden.is
- Recent Snowden interview – The New Yorker
- Famous hacker, Guccifer, suspect arrested – Phys.org
- Is the US’s crackdown on hackers the new “War on Drugs?” – Wired
- Microsoft aggressively removes botnet’s from your machine, including Tor service – NetworkWorld