[From the desk of Paul Davis – his opinions and no-one else’s]
So obviously lots and lots of reports about Verizon’s new DBIR which you have probably seen, so Im not going to report any of it.
So onto the news:
With latest patches, Oracle signals no more free updates for Java 7
Oracle released patches for 98 security issues across a wide range of products, including 14 in Java. This marks the last free patch for Java 7, and users are being encouraged to upgrade to version 8. Three of the Java vulnerabilities patched Tuesday have the maximum severity score of 10 in the Common Vulnerability Scoring System (CVSS), which means that they can be exploited over the network without authentication and can lead to a full compromise of the system’s confidentiality and integrity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c66500e49a&e=20056c7556
NCR uses Android and a thin-client model to bring yesterday’s bank machines into the cloud era
NCR on Wednesday rolled out new software that will transform ATMs to use the cloud with Android and a thin-client model of computing. The result, it says, will be a big boost in security as well as dramatically lower costs.
Most of the world’s 2.2 million or so ATMs today are essentially thick-client PCs, and the vast majority of them — as much as 75 percent — run Windows XP, NCR says. It’s perhaps no wonder that security is an issue, yet banks typically must still administer updates manually to each ATM in their network.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=12d721a922&e=20056c7556
Adobe patches vulnerabilities in ColdFusion, Flex and Flash Player, including a zero-day flaw
The Flash Player updates, namely Flash Player 17.0.0.169 for Windows and Mac, Flash Player 11.2.202.457 for Linux and Flash Player Extended Support Release 13.0.0.281, address a total of 22 vulnerabilities, most of which are critical and can lead to remote code execution.
One of the flaws, tracked as CVE-2015-3043 in the Common Vulnerabilities and Exposures (CVE) database, has been known by attackers since before Adobe released its latest patches. This makes it a so-called zero-day vulnerability — a flaw for which a fix was not yet available when it began being exploited.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=de13e5f700&e=20056c7556
Jawbone to have AmEx payments in future fitness band
Fitness-band maker Jawbone and American Express plan to allow cardholders to buy goods using a future fitness band equipped with NFC, according to a report. Neither company would confirm the new product, said to be announced this week, according to the Wall Street Journal. The report said AmEx payments won’t be possible with the coming Jawbone UP3, but will appear on a future product.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=21d243d9e6&e=20056c7556
France’s govt wants emergency surveillance powers in case of exceptional threat
PARIS (AP) — French Prime Minister Manuel Valls called Monday for emergency government surveillance powers in case of an exceptional threat, a move prompted by the deadly Paris attacks earlier this year.
One of the most sensitive measures of the bill would allow intelligence services to vacuum up metadata, which would then be subject to analysis for potentially suspicious behavior. The metadata would be anonymous, but intelligence agents could follow-up with a request to the independent panel for deeper surveillance that could yield the identity of users.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=98dd416ed3&e=20056c7556
New Ransomware CrypVault Evades AV With Simple Batch Scripts
A new ransomware strain dubbed CRYPVAULT is being spread as an email attachment. It’s currently focusing on Eastern Europe and is making its way to Europe and America.
It’s a novel approach. In an attempt to bypass any and all endpoint protection, the user is social engineered to open an attached Javascript file. The phishing attack does not have an executable as a payload. Next, the malware uses the command box to run a batch file that encrypts the files. According to a post by Michael Marcos, threat response engineer with Trend Micro, CRYPVAULT encrypts the files and then makes them appear to the end-user as if they were quarantined, by giving them the .vault extension.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e0834d31b5&e=20056c7556
The Chronicles of the Hellsing APT: the Empire Strikes Back
One of the most active APT groups in Asia, and especially around the South China Sea area is “Naikon”. Naikon plays a key part in our story, but the focus of this report is on another threat actor entirely; one who came to our attention when they hit back at a Naikon attack. The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, and Nepal, hitting a variety of targets in a very opportunistic way.
The Hellsing APT group is currently active in the APAC region, hitting targets mainly in the South China Sea area, with a focus on Malaysia, the Philippines and Indonesia. The group has a relatively small footprint compared to massive operations such as “Equation”. Smaller groups can have the advantage of being able to stay under the radar for longer periods of time, which is what happened here.
The targeting of the Naikon group by the Hellsing APT is perhaps the most interesting part. In the past, we’ve seen APT groups accidentally hitting each other while stealing address books from victims and then mass-mailing everyone on each of these lists. But, considering the timing and origin of the attack, the current case seems more likely to be an APT-on-APT attack.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=966cf35a3e&e=20056c7556
FS-ISAC EXPANDS GLOBAL OPERATIONS: APPOINTS KRIS HERRIN SVP, GLOBAL BUSINESS SERVICES
Reston, VA — APRIL 15, 2015 — FS-ISAC, the Financial Services Information Sharing and Analysis Center today announced key developments to address the needs of nearly 5500 members and users in 45 countries around the world. FS-ISAC has experienced tremendous growth over the past 12 months with a 176% increase in dues paying members and a full 30% of membership revenue generated outside the United States. With the growth in global cyber crime over the past few years, FS-ISAC has dedicated additional resources to support both regional and cross-border sharing.
FS-ISAC also today announced a commitment to provide follow-the-sun security operations services for members. Leveraging a strategic partnership with IBM, the new Security Operations Center capability will help better align with regional and international support and time zone needs of members world-wide. Co-located within IBM’s Security Operations Center in Poland, the European security operations team enhances existing North America-based operations. Specifically the European SOC will enable member submissions to be processed and shared faster globally and provide a front line response to member inquiries and requests for assistance. Over the coming year, FS-ISAC will continue to look at additional SOC capabilities to support the needs of our member firms around the world.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ab91bd2349&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=74d4a9bb80)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)