The Mask APT Campaign – WSWiR Episode 95

400Gb DDoS, More Bitcoin Attacks, and The Mask APT

If you’re looking for a quick synopsis of the latest information security news and advisories, our quick weekly video can provide it for you. This week’s episode was shot literally right before I had to run out to catch a plane, so please excuse the low quality webcam footage. 

Today’s episode includes a quick rundown of the week’s Microsoft and Adobe patches, news about the latest world record-breaking DDoS attack, some Bitcoin hijinks, and the details around a new cross-platform advanced attack campaign discovered by Kaspersky. Check out the video for all the details, and give the Reference section a peek for links to other infosec stories, including last minute news of a new Internet Explorer (IE) zero day attack.

Have a great weekend (and President’s Day for US readers), and be careful online.

(Episode Runtime: 8:20)

Direct YouTube Link: http://www.youtube.com/watch?v=W4JItAGJynY

Episode References:

• Microsoft and Adobe Patch Day
  • February Patch Day summary  – WGSC
  • Surprise Internet Explorer update – WGSC
  • Consolidated Windows alert – WGSC
  • Patch for Forefront Protection for Exchange – WGSC
  • Adobe Shockwave Player update – WGSC
  • Also, Last week’s 0day Flash update if you missed it – WGSC
• Cloudflare announces worlds larged NTP DDoS attack – Computer World
• Major Bitcoin wallets suffer DDoS attack – Wired
• Kaspersky’s Detailed report on “The Mask” APT [PDF]  – Securelist
  • Also a good news write-up summarizing The Mask details – Ars Technica
• UPDATE: Operation Snowman; new zero day IE exploit found in the wild – Fireeye

Extras:

• Latest Target breach update, how hackers got HVAC creds – Krebs on Security
• Another Bitcoin wallet theft (Coinbase) – Gizmodo
• Vulnerability found in popular asset tracking program – SC Magazine
• Instagram fixed a privacy flaw after six months – Business Insider
• Snapchat flaw leads to smoothie spam – Wired
• Snowden used a basic web spider or crawler to get data from NSA – NY Times
• Cryptolocker still bites; affects law firm – Tech World
• Authorities arrest criminal Bitcoin exchangers  – Krebs on Security

— Corey Nachreiner, CISSP (@SecAdept)

Share This: