This Week In Security 18 (SpyEye, Ransomware Tools, Oracle, US DOE)

SpyEye

Hamza Bendelladj and Aleksandr Andreevich Panin have been sentenced to 15 and 9.5 years respectively for developing and distributing the SpyEye botnet. They are said to have caused $1B in damages around the globe and to have infected over 50 million computers.

Read more here

Mac Ransomware

Generic ransomware detection come to Mac OS X thanks to researcher Patrick Wardle from Synack. The tool continually monitors the filesystem looking for untrusted processes using encryption to rapidly encrypted files.

Read more here

Oracle Critical Update

136 vulnerability fixes in 46 products, 7 of which can be found in JavaSE, JavaSE Embedded, JRockit, Solaris and MySQL and had a criticality rating of 10 and allowed remote unauthorized exploitation.

Read more here

US Energy Bill includes Cyberattack Provisions

The Department of Energy DOE has been given the powers by the Senate to instruct the electric companies on how to proceed in the event of a cyber attack as well as granting funding for research in the field

Read more here

MIT Bug Bounty Program

After Uber and Hack the Pentagon, now MIT are offering Bug Bounties. Recently I watched a very interesting talk about the two sides of the coin with offering Bug Bounties, if the bugs are sparse then it can be extremely effective however if they are dense then it can be equally dangerous because from the moment of their discovery until the roll out of their patch there are lots of Zero Day issues waiting to happen. Lets hope they are sparse.

MIT Bug Bounty program is however only open to MIT affiliates, so that should at least reduce some of the risk.

Read more here

FBI iPhone Hack

On a similar line to the article above the FBI have paid some unknown third party over $1M for a hacking tool to access the iPhone of the San Bernardino shooters. This tool is essentially a zero-day bug that they paid a bounty for, previously the debate was related to if Apple should put a back door in their security, now the debate is the FBI justified paying bounties for vulnerabilities to access our data?

Read more here or here

Heathrow Drone

At London Heathrow a drone crashed into a landing Airbus without any injuries. The drone hasn’t been found but the pilot said an object he believed to be a drone hit the front of the plane.

Read more here

Be the first to comment on "This Week In Security 18 (SpyEye, Ransomware Tools, Oracle, US DOE)"

Leave a Reply

%d bloggers like this: