Target Chain of Trust Attack – WSWiR Episode 94

Flash 0day, DailyMotion Watering Hole, and New POS Malware

With Seattle celebrating our Super Bowl victory (Sea-Hawks!), it’s hard for locals to keep their minds on Information Security (Infosec), but criminal hackers don’t stop for American football. If you’ve been too busy to follow security news this week, let WatchGuard’s Friday video fill you in on the details, and help you with your defenses.

In today’s video, I cover an Adobe Flash 0day exploit that advanced attackers are leveraging in the wild, warn about a popular video site that has been turned into a FakeAV watering hole, give you the latest breaking update on the Target breach, and more. Watch the video below to learn the latest security news, and check out the Reference section if you’d like links to other security stories from the week.

Quick show note; I’ll be traveling in the UK next week, so will have to produce the next episode from the road. This also means the video may go live either early or later in the week than it normally does.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 10:04)

Direct YouTube Link: https://www.youtube.com/watch?v=aJMAyKpTaYI

Episode References:

• Next week’s Microsoft Patch Day to deliver five updates, two critical – Microsoft
• Adobe fixes zero day flaw discovered by Kaspersky – WGSC
• Kaspersky previews details about “The Mask” APT Campaign – Securelist
• Dailymotion still serving FakeAV three weeks later  – Threat Post
  • Details on Dailymotion watering hole attack – Invincea
• RSA warns of new POS trojan called Chewbacca  – RSA blog
• Attackers stole credentials from HVAC contractor to get into Target’s network – Krebs on Security
• My Help Net Security  article on Drive-by Downloads and Watering Hole attacks – Help Net Security
  • Also, my blog post intro to the Drive-by article – WGSC

Extras:

• Malicious PNG meta data used to serve iframes – Securi
• Anonymous going after animal abusers – Softpedia
• Recent Zeus variants learn new tricks – Network World
• Hackers targeting Sochi visitors – NBC News
  • Video of Sochi hacking – YouTube
  • However, others suggest it’s a misleading report – Gigamon
• Latest Chrome update warns if your browser is hijacked – Ars Technica
• Malware campaign seems to target cryptographers – PC World
• French company, Orange, suffers data breach – Digital Spy
  
• Bell Canada data breach, also affects Comcast – Help Net Security
• GCHQ DDoSed and served malware to Anonymous – Wired
• CDorked Linux server malware still active – Reverse Engineering Mac
• CBS broadcast their wifi password during Super Bowl; Oops – ZDnet
• New ransomware gets victims to mine Bitcoin – Techcrunch
• iOS vulnerability allows you to disable Find My Phone – Macrumors
• India alleges that Huawei hacked into telecoms – ZDNet
• Legal firm hit hard by Cryptolocker – ZDnet
• New ransomware gets victims to mine Bitcoin – Techcrunch

— Corey Nachreiner, CISSP (@SecAdept)