Week in review: Rise of automation, Google hacking, and Symantec reseller turns to scamming

Here’s an overview of some of last week’s most interesting news, reviews and articles:


“Deliberately hidden” backdoor found on US government’s comms system
Researchers from Austrian infosec outfit SEC Consult have unearthed what they dubbed a “deliberately hidden backdoor account” in NX-1200, a network controller appliance for conference rooms manufactured by AMX, which is used by governmental and military bodies (even the US White House), educational and healthcare institutions, hotels and conference centers all over the US.

Authorized Symantec reseller scams users into buying security software
Malwarebytes researchers have discovered a new tech support scam that, unlike most, is being perpetrated by an active member of the Symantec Partner Program.

Old, unpatched flaws exploited to achieve control of Windows systems, networks
Foxglove Security researcher Stephen Breen has demonstrated that you don’t need to exploit a 0-day or even a recently discovered vulnerability to gain the highest level of privilege available on a Windows machine (Windows 7, 8, 10, Server 2008, Server 2012).

New Linux Trojan performs system reconnaissance
The Trojan’s main capability is to take screenshots of the machine’s desktop every 30 seconds.

Review: Google Hacking for Penetration Testers, Third Edition
The Internet can be a great source of information, and Google Search can help you find what you’re looking for. Knowing how to “hack” Google Search and the company’s services to unearth helpful information for executing cyber attacks and intrusions is a great skill for both hackers and penetration testers to have.

Why we need a reality check on passwords
Given all the recent and historical news on data breaches of personal e-mail accounts, social media accounts and even phone account passwords, it is every wonder therefore that we are still using password combinations that are incredibly easy to guess.

LostPass: A worryingly simple phishing attack aimed at LastPass users
Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users’ email, password, and two-factor authentication code via a simple phishing attack.

Fake Facebook emails deliver malware masquerading as audio message
A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same.

Oracle fixes 248 vulnerabilities in January patch update
The Oracle CPU is quarterly and addresses the flaws in large Oracle’s product line, including their core product the relational database, but also in a large number of acquisitions like Solaris, MySQL, Java and many of the end-user products, such as JDEdwards ERP, Peoplesoft and CRM.

Unknown attackers are infecting home routers via dating sites
Damballa researchers have spotted an active campaign aimed at infecting as many home routers possible with a worm.

eBook: Kali Linux Cookbook
Packed with practical recipes, Kali Linux Cookbook begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more.

Unexpected implications arising from the Internet of Things
The impact of the IoT on consumers’ lives and corporate business models is rapidly increasing as the cost of “instrumenting” physical things with sensors and connecting them to other things — devices, systems and people — continues to drop.

How email in transit can be intercepted using DNS hijacking
This article looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack.

Good practice guide on disclosing vulnerabilities
ENISA published a good practice guide on vulnerability disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved stakeholders are confronted with when disclosing software/hardware vulnerabilities.

Cybersecurity recommendations for medical device manufacturers
The U.S. Food and Drug Administration issued a draft guidance outlining important steps medical device manufacturers should take to continually address cybersecurity risks to keep patients safe and better protect the public health.

Netflix confirms it will start blocking proxies and unblockers
Netflix recently expanded its streaming services to nearly every country in the world. This good news for potential users in those countries has dampened the spirits of those who already used Netflix by employing VPNs and proxies to bypass the company’s geo-location restrictions.

Rise of automation: Battle of the bots
In 2016, attacks are predicted to become even more aggressive with the arrival of Advanced Persistent Denial of Service (APDoS) attacks and an increase in volume and scope of sophisticated bot-generated attacks against web application infrastructure.

0-day in Linux kernel endangers Linux servers, Android devices
The vulnerability (CVE-2016-0728) is caused by a reference leak in the keyrings facility which is included in many different Linux distributions and in some Android versions (Android is based on Linux). It allows a local user – or, in Android’s case, a malicious mobile app – to escalate their privileges and gain root on the computer/mobile device.

Exposing the shadow data threat
Blue Coat conducted an analysis using the Elastica CloudSOC platform provided insights into 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others.

Cyber fraudsters steal over $50 million from airplane systems manufacturer
Austrian company FACC, which develops and produces components and systems made of composite materials for aircraft and aircraft engine manufacturers such as Boeing and Airbus, has been hit by hackers who managed to steal approximately 50 million euros (around $54,5 million).

More about

Don't miss