Security FUD, Black Energy, and Tor Terror

Happy Halloween!

The Internet “threatscape” has changed drastically over the past few years, with many more cyber security incidents each year and tons of information security (infosec) news in the headlines. Can you keep up? If not, maybe my weekly infosec video will help.

In today’s quick update, I rant a bit about infosec misinformation, share the latest on the Black Energy ICS attack campaign, and talk about an Evil Tor exit node that dynamically adds malware to downloads. Press play for the scoop, and enjoy your spooky Halloween weekend.

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=HjejYd_9Oik

Episode References:

• Russian cyber campaign to steal military secrets (just Sandworm again) – ZDNet
  • APT28 is just more about Sandworm – FireEye
• FBI publishes fake Seattle Times story online to nab criminal with spyware – Ars Technica
  • Outrage over fake Seattle Times story is an overreaction (story overstated) – Geekwire
• US-CERT warns of Black Energy ICS/SCADA attack and malware – US-CERT
• Tor exit node is actively injecting binaries with malware – Threatpost
  • Researcher’s blog post on the malicious Tor exit node – Leviathan Security

Extras:

• Samsung Android’s suffer from CSRF vulnerability with DoS impact – The Register
• Proof-of-Concept video of the Samsung Android flaw – YouTube
• American’s are more afraid of hacking than any other crime (Gallup poll) – Forbes
• Data breaches in 2013 have put over half of California’s PII at risk – Reuters
• Targeted Attacks are on the Rise – SFGate
• MPAA wants you to know pirated stuff may contain malware (and they are right!) – Ars Technica
• Researcher finds vulnerability in “Strings” that could affect security researchers – Computer World
  • Researcher’s blog post on the “Strings” vulnerability – Lcamtuf’s blog
• Beware of more Ebola themed malware emails – SC Magazine
• Hacker’s (allegedly Russian) breach Whitehouse network – Silicon Republic
• CurrentC (and ApplyPay and Google Wallet competitor) was hacked; emails leaked – CNN
  • Unrelated article on the data CurrentC collects – Imore
• 61% of security experts expect a majorly damaging cyber attack by 2025 – Phys.org
• Botnet is trying to exploit Shellshock over SMTP (email) – SANS ISC Diary
• Microsoft warns about Crowti ransomware (another name for Cryptowall?) – Threatpost
• NSA director says companies shouldn’t strike (hack) back – Government Executive
• Piratebay co-founder convicted of Blackhat hacking – Ars Technica
• Underground crimeware-as-a-service tools promise to better leverage stolen credit cards – The Register
• Dyreza trojan continues to evolve – Threatpost
• Coalition of security firms helps clean infections from state-sponsered (Axiom group) malware – Novetta
• Malware leverages Gmail drafts for a super stealthy C&C channel – BGR
• Remember that Drupal flaw? It’s still affecting web sites – v3.co.uk
• Samsung’s Fort Knox Android encryption stores password in clear – Threatpost
• More hacked and stolen Bitcoin? – The Guardian
• Don’t let the government take away citizen’s right to crypto – The Guardian
• US police can force you to unlock a phone with your fingerprint (but not get your password) – ZDNet
• Are you afraid of your Smart TV (maybe you should be) – Brennan Center

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Evil Tor Exit Node – WSWiR Episode 127