[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
New malware in online banking causes problem in Japan
TROJ_WERDLOD, a new detected malware, has been causing problems in the country since December 2014. More than 400 systems were affected by the new malware.
According to Hitomi Kimura, a security specialist at TrendMicro, the malware can change two settings which allow information theft at the network level.
He wrote that the TROJ_WERDLOD harms users via spam mails with an attached .RTF document. The document said to be an invoice or bill from an online shopping site. If anyone opens the .RTF file, the user gets instruction to double-click the icon in the document in order to execute the TROJ_WERDLOD in the system.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=33f91ec353&e=20056c7556
Yoran’s list of security truisms touched on the themes of assuming one will be attacked and likely breached, authentication and visibility:
“As an industry, we are on a journey that will continue to evolve in the years to come through the efforts of all of us here today,” said RSA President Amit Yoran, speaking during a keynote at the RSA Security (News – Alert) Conference in San Francisco last week. “We have sailed off the map, my friends. Sitting here and awaiting instructions isn’t an option. And neither is what we’ve been doing – continuing to sail on with our existing maps, even though the world has changed.”
Yoran’s list of security truisms touched on the themes of assuming one will be attacked and likely breached, authentication and visibility:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5e52a2d4e8&e=20056c7556
China blames foreign malware for Internet outage
The unusual attack resulted in several users being redirected to one of two websites when browsing online.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=881eb57121&e=20056c7556
Oracle paltry patch opens MySQL man-in-the-middle diddle
Adam Goodman of Duo Security has found a vulnerability in the ‘vast majority’ of Oracle MySQL databases that allows SSL to be stripped, exposing sensitive data to man-in-the-middle attackers.
Goodman says Oracle attempted to sling a patch at the problem last year but did so only for some versions and further borked the effort by turning the SSL requirement off by default.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ea0b053b4f&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f0a314f852)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)