This Week In Security – Week 25

Control Flow Enforcement Technology

CET is security at the chip level to protect against the use of return, call and jump oriented programming (ROP, COP and JOP) techniques used by stealth exploit developers. Intel and Microsoft have worked together to come up with a solution to avoid these types of attacks in the future.

Read more here

Democratic National Commitee Hacked for Trump Dossier

Russian hackers Cozy Bear and Fancy Bear were identified as the hackers who were infiltrating the DNC systems. Cozy Bear is probably affiliated with Russian Military intelligence, they broke into the DMC’s computers and copied records from their database relating to the opposition candidate Donald Trump.

Read more here

Adobe Flash Advisory

A remote code execution vulnerability (CVE-2016-4171) first discovered in June 2016 is said to be being used in targeted attacks and for this reason Adobe have announced that they intended to release a patch this month on the 16th.

Read more here

Anonymous Attack ISIS with Porn

One of the members (WauchulaGhost) of Anonymous has been having fun with Islamic State members covering their twitter accounts with pornography and exposing their ip addresses.

Read more here

Contactless Card Cloner (Contactless Infusion X5)

A contactless card cloner is now available called Contactless Infusion X5 that is capable of reading 15 cards per second at a distance of 8cm distance. So someone could hyperthetically be stood next to you and steal a copy of your wallet. It costs 500 GBP and claims to be able to extract your card number, expiry date, the owners name, address and a list of the last few transactions. Although the UK Card Associations claims this not to be the case, there is continuing speculation on the ease with which card fraud can take place with the contactless system. Personally I would prefer to have the possibility to opt out when something is less secure rather than have it forced upon me, banks please take note.

Read more here

Dark Reading Mid Year Attack Report for 2016

Dark Reading have released their mid year report detailing the biggest attacks of 2016. These range from attacks to utilities companies such as the power company, ransomeware both personal and medical, Apple encryption, Tax office pin fraud, Swift bank heist and SSL DROWN. Not a bad start to the year for the criminals out there.

Read more here

Microsoft Release 16 Bulletins including 40 Vulnerabilities

Microsoft have released 16 bulletins containing 40 vulnerabilities, of which 5 were critical, affecting the following products: Windows; Edge; Internet Explorer; Office and Exchange Server. One of which is a remote code execution issue with the Windows DNS Server. Some others were related to privilege escalation, memory corruption.

Read more here

Fully JavaScript Ransomware RAA

A new fully JavaScript ransomeware has emerged that encrypts the files on your disk using the CryptoJS library and asks for a payment of $250 to get your data back. Not only that but it also contains a payload that then proceeds to steal all your passwords. It is generally being distributed as a word attachment with the .doc extension.

Read more here

Airline Cybersecurity

The FAA have been working on a proposal to improve airline cybersecurity that they presented a progress report on at the US-European safety conference on Tuesday. The proposal includes recommendations for the installation of alarms in the cockpit, to warn when critical safety networks have been breached.

Read more here and here

Be the first to comment on "This Week In Security – Week 25"

Leave a Reply

%d bloggers like this: