Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
In understanding online crime it’s easy to overlook the most critical piece that enables it in the first place. The entities that give online criminals their online presence are the linchpin: if criminals can’t get and stay online, there is no online crime – enter bulletproof hosters.
Mozilla’s Firefox and Google’s Chrome browsers blocked old versions of Adobe Flash Player animation software — often used to play online videos — following news reports that hackers were using a security bug to take over peoples’ computers.
Trend Micro security researchers found that the Hacking Team uses a UEFI BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems, even if the reinstall the Operating System, reformat or by a new hard disk, are implanted after Microsoft Windows is up and running.
Cybersecurity incidents in the federal government have skyrocketed by more than 1,000% in recent years, according to a report from the Government Accountability Office.
This latest Pawn Storm attack is being carried out using a new, unpatched vulnerability against Oracle’s Java, making this the first known zero-day attack against Java since 2013. The campaign focused on high-profile, sensitive targets, including a NATO member and a U.S. defense organization.
The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.
In response to the multiple vulnerabilities recently discovered, this Patch Tuesday included more than just Microsoft Windows. Adobe has released a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Oracle also issued a critical patch update that plugs more than two dozen security holes in Java.
Our monitoring of Operation Pawn Storm has led us to an interesting finding: the domain we previously reported hosting the Java 0-day used in the latest Pawn Storm campaign was modified to now lead to a Trend Micro IP address.
We discovered GamaPoS, a new breed of point-of-sale (PoS) threat currently spreading across the United States and Canada through the Andromeda botnet. GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems.
Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.