Security Roundup - 2016-04-20

The Australian Federal Government just announced that the Bureau of Meteorology was the target of a cyber attack. Apparently, they also have a direct link to the Australian Defence Department, meaning a source of third party risk. The Australian Government has announced their new Cyber Security Initiative to protect against these threats.

CBS broke the story about flaws in the Signaling System Seven that allow people to be tracked. I found this similar to this Engadget story of The Untold Story of the Teen Hackers Who Transformed the Early Internet, again exploiting telecommunications systems to get unauthorized access to systems.

Companies have been increasingly encrypting all web traffic and the Let’s Encrypt traffic has been helping make it easy. 6 months since they have launched, they have created more than 1.7 million TLS certificates and are now preparing to leave beta. A number of consumer platforms like Dreamhost and Wordpress have rolled out easy integration for their customers, making secure communications accessible to the non-technical savvy. Even Sucuri has rolled it out as an option for their application firewall.

Meanwhile, Google observes ~16,500 new compromised websites a week. They outline some improvements they have made that make it easier for up to 75% of those webmasters to re-secure their sites post compromise.

A recent study demonstrates how you shouldn’t share sensitive files using URL shorteners. Essentially, the shorter links are brute forceable, allowing people to potentially access sensitive information. This study prompted Microsoft to remove this functionality from OneDrive and Google to lengthen the link and add security precautions against brute forcing.

MIT recently announced a new debugging method to detect vulnerabilities. Essentially a static analysis of source code, they were able to detect 23 vulnerabilities in 50 popular Ruby On Rails platforms in minutes.

Rapid7 combed through the National Vulnerability Database to put together a few trends. 2015 had a big jump (17%) in critical vulnerabilities

Last week I mentioned how ransomware is starting to eclipse banking malware, but the GozNym malware proves that banking malware is still a million dollar business. New ransomware include a variant dubbed Rokku which encrypts each file with a unique key, as well as one called Jigsaw which advertises a time limit to decrypt your files. For existing malware, TeslaCrypt continues to evolve by investing heavily in evasion techniques and ThreatPost indicates that 3.2 MILLION servers are impacted by the JBoss flaw that SamSam is exploiting.

Written on April 20, 2016