Cross-Platform Bots, Deceitful Ransomware, and Oracle Exploits
Ok… I know all your minds are already on this weekend’s upcoming Super Bowl, and if you’re anything like my Seattle-based office, you’ve got that Seahawk 12ᵗʰ man spirit going on. But, before running off to your tailgate party, why not take a few minutes to catch up on this week’s information security news with our weekly Infosec video?
On today’s episode, I talk about some deceitful new ransomware, share news of how hackers hijacked another Twitter handle, warn of a cross-platform Java-based botnet, and share details about some serious unpatched Oracle vulnerabilities. If you want to learn about all that and more, plus get some tips for protecting your organization, click on the white triangle play button below. Of course, if you hate staring at my ugly mug, you can also read about all these stories in the reference section instead.
Have a great Super Bowl weekend and GO HAWKS!!
(Episode Runtime: 9:00)
Direct YouTube Link: http://www.youtube.com/watch?v=reKHxixBkDw
Episode References:
- Target-related Updates:
- Watch out for fraudulent $9.84 charges – USA Today
- Latest Target breach clues point to default password on popular server – KrebsonSecurity
- Michaels reports a similar credit card breach and theft – Bank Infosecurity
- Cryptorbit lies about decryption key – The Hacker News
- How hackers hijacked anotherx unique Twitter handle – The Next Web
- Cross-platform DDoS botnet affects Windows, Mac, and Linux computers – Securelist
- Researcher publicly discloses old unpatched Oracle Reports vulnerability – NetInfiltration
- Exploit code for Oracle Report flaw released – Github
- Metasploit module also out – Github
Extras:
- Angry birds get upset at the NSA and GCHQ – The Guardian
- Watch out for a trojaned FileZilla client – PC World
- How SEA uses phishing attackers to hijack CNN (and others) – Mashable
- Hasbro Toys server drive-by downloads – Threat Post
- Interesting new technology protects encrypted data; honey encryption – Gizmodo
- Another Spyeye attacker arrested and pleads guilty – The Inquirer
- Thunderbird update fixes security flaws –Threat Post
- High schoolers hack to change grades – LA Times
- Hackers-for-Hire arrested – CSO Online
- FBI owns the TorMail server, and can snoop on email – Wired
- Yahoo suffers an email hack, resets user passwords – E&T News
- “Chewbacca” hackers targeting Retailers – Business Insider
— Corey Nachreiner, CISSP (@SecAdept)
“How hackers hijacked another unique Twitter handle” was the most thrilling story from this review for me.There are so many educational and technical books/guides/brochures about protection methods and best practices (and some of them become “classic ITSec literature”) …but haven’t seen yet dedicated books (not short-list recommendations) regarding “how to resist social engineering”. Nowadays – such books should have “must-have” tag…