A Week in Security (June 8 – 14)
Comments : Off
- The Bitcoin App That Could Create a Black Market for Leaked Data. “Whistleblowers like Chelsea Manning and Edward Snowden exposed classified information because they believed their leaks were in the public interest. The next secret-spiller might be motivated instead by something less magnanimous: money.” (Source: Wired)
- Targeted Attack Methodologies for Cybercrime. Our friends at Trend Micro released a whitepaper that discussed why cybercriminals adopt to certain methodolodies. They used two case studies to illustrate their points. (Source: TrendLabs Security Intelligence Blog)
- Red Button Flaw Exposes Major Vulnerability In Millions of Smart TVs. “Red Button” is a type of man-in-the-middle attack that captures incoming digital signals to smart TVs in order to inject a piece of code into it to serve a hacker’s malicious purpose. This can also be thought of as “a particularly insidious descendant of the signal injections of the early days of cable TV”. (Source: Forbes)
- TweetDeck Scammers Steal Twitter IDs Via OAuth. The vulnerability in question also led to the propagation of a single tweet, which contained a JavaScript (JS) command that lets TweetDeck automatically retweet it to victims’ followers. TweetDeck later reported that the security issue has been mitigated. (Source: Dark Reading)
- New Apple iOS to help fanbois thwart Wi-Fi network spies. Apple is on the offence (or is it defence?) after announcing that the new iOS 8 will make information collection challenging for marketers, advertisers and others who are after user data. (Source: The Register)
- World Cup Brazil 2014: How cybercriminals are looking to score. The 2014 FIFA World Cup officially began last week, and with it, the anticipation of encountering online threats banking on the popularity of this prestigious event. Our friends at Kaspersky Labs gave us a heads up on what these threats may be. (Source: Help Net Security)
- Chinese cyberspies targeting U.S, European defense, space sectors. Following Mandiant’s footsteps, researchers at CrowdStrike named another cyberespionage group or APT threat actor from China that was found to be after information from key industries in the U.S. and Europe. They’re dubbed as Putter Panda. (Source: CSO)