Week in review: DDoS attack on ProtonMail, 0-days found in Samsung Galaxy S6 Edge

Here’s an overview of some of last week’s most interesting news, interviews and articles:


Surviving in the IoT world: Risks of smart home devices
Investigating some of the latest Internet-of-Things (IoT) products, Kaspersky Lab researchers have discovered serious threats to the connected home. These include a coffeemaker that exposes the homeowner’s Wi-Fi password, a baby video monitor that can be controlled by a malicious third-party, and a smartphone-controlled home security system that can be fooled by a magnet.

Crypto e-mail provider ProtonMail pays ransom to stop DDoS attack, attack continues
The attackers started by flooding the service’s IP addresses, then the datacenter in Switzerland where ProtonMain has their servers. The fact that other companies were affected is what spurred ProtonMail to pay the ransom to stop the attack.

Software-Defined Perimeter enables application-specific access control
The traditional perimeter has gone from “porous” to becoming a “sieve.” What can be done about this?

Four ways organizations can prevent PII from becoming black market public record
Personally Identifiable Information (PII) is worth 10 times more than credit card information on the black market, making it imperative to have strong policies and safeguards that protect personal data in place.

XcodeGhost gets updated, now hits also US users
The XcodeGhost threat is far from over, and iOS users are still in danger of unknowingly using apps infected with it, FireEye researchers have warned.

Crypto-ransomware encrypts files “offline”
Check Point researchers have recently analyzed a crypto-ransomware sample that demonstrated an alternative method of encrypting files and delivering the key (i.e., the information required to discover the right key) to the criminal behind the scheme.

Cyber operational readiness and a complex threat landscape
Mike Walls is the Managing Director, Security Operations and Analysis at EdgeWave. In this interview he discusses keeping pace with an increasingly complex threat landscape, cyber operational readiness, and the importance of the firewall in the modern security architecture.

Trojanized versions of 20,000 popular apps found secretly rooting Android devices
Lookout researchers have discovered some 20,000 apps that secretly root users’ phone and install themselves as system applications, which makes them able to access information on the device they usually wouldn’t have access to, and makes them nearly possible to remove.

Nearly 2,000 Vodafone UK customers’ accounts compromised, blocked
It seems likely that the attackers were testing out login credentials compromised in another breach, trying to find those that have been reused by customers.

Hacking Team pitches encryption-cracking tools to US law enforcement
Hacking Team, the Italian company that provides offensive intrusion and surveillance software to governments, intelligence and law enforcement agencies, is back in the saddle, knocking on the doors of US law enforcement.

Researchers can identify people through walls by using wireless signals
Researchers at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) have created a device that allows them to “see” what a person is doing and track his or her movement even if that person is located behind a wall, and does not hold or wear any other device that would enable tracking.

Open source KeeFarce tool loots encrypted passwords stored in KeePass
Denis Andzakovic, a hacker and researcher with New Zealand-based security consultancy Security-Assessment.com, has released the source code for KeeFarce, a tool that can export all information stored in the database of a user’s KeePass password manager.

A new, streamlined version of Cryptowall is doing rounds
Cryptowall 4 (although the number is not mentioned in the new, changed ransom note) is not drastically different from version 3. According to malware researcher Nathan Scott, it uses the same encryption, installation method, Decrypt Service site, communication method, C&C server, and ransom payment domains. What’s new, then?

Open source tool checks for vulnerabilities on Android devices
OEMs like Samsung and HTC run heavily customized versions of Android. Unfortunately, the OEM patch deployment infrastructure is disorganized and too often end users are left exposed for large periods of time.

Hard-hitting insights into global attacks targeting organizations
After collecting and analyzing data, based on a comprehensive review of incident response investigations conducted over the past three years on behalf of organizations across various industries, CrowdStrike is offering key takeaways on emerging trends in cyber intrusions and notable adversary tactics, techniques, and procedures (TTPs).

Researchers map out hard-to-kill, multi-layered spam botnet
A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems.

vBulletin, Foxit forums hacked, attacker exploited a zero-day flaw?
Last Monday, a vBulletin support manager has announced on the company’s forums that they are forcing a password reset for all of its customers.

11 zero-days uncovered in Samsung Galaxy S6 Edge
An internal contest between the North American and European members of Google’s Project Zero has resulted in the discovery of eleven high-impact zero-day flaws affecting Samsung’s popular Galaxy S6 Edge smartphone.

10% of enterprises have at least one compromised device
FireEye identified more than 4,000 infected apps on the App Store and mobile app risk management company Appthority found that almost every organization with at least 100 iOS devices had at least one infected device.

Sale of legitimate code-signing certs booms on darknet markets
In the underground cybercrime economy, many players have specialized in one or two skills and services. It should come as no surprise, then, that some have become experts at getting digital certificates from legitimate certificate authorities, which they go on to sell to those criminals willing to pay for them so they can sign their malware and make target machines “trust” it.

Firefox 42 is out, with many privacy and security improvements
Mozilla has released Firefox 42, and with it, a new feature that should increase user privacy online. It’s called Tracking Protection and it’s incorporated into the Private Browsing option.

90% of directors believe regulators should hold firms liable for hacks
A new Veracode and NYSE Governance Services survey of 276 board members reveals how cybersecurity-related corporate liability is being prioritized in the boardroom.

More about

Don't miss