The Last Infosec Week in Pills

Here’s another selection of the main security events of the past few days. In case you missed them, or in case you are still recovering from the post-vacation trauma, don’t worry! You can catch up in just few minutes with the following security pills.

Also, do not forget to have a look at the Cyber Attacks Timelines and Statistics.

 

13 Jan Suspicious code has been spotted in older releases of Fortinet software. A new backdoor?

Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet, raising the fears of a new backdoor.

12 Jan Microsoft Retires Older Internet Explorer Versions, Leaving Millions on the Edge of the Precipice

With its final patch, Microsoft has marked the end of days for older versions of Internet Explorer (8, 9, and 10). It’s not clear exactly how many users will be affected, but it’s said to be in the tens of millions. They are definitely left on the Edge of the precipice!

10 Jan Labour leader Jeremy Corbyn’s Twitter account hacked

Jeremy Corbyn joins the club of the celebrities who had their social network account hacked. An attacker takes over the Twitter account of the Labour Leader and posts several bogus tweets. In particular one of them mocks the UK Prime Minister David Cameron.

8 Jan Researchers Contradict the Claims that the Vulnerabilities on ScreenOS Cannot be Exploited

After the announcement, last December, of two mysterious backdoors embedded in software running on some of its firewalls, new revelations contradict the Juniper claim that the vulnerabilities could not be exploited. Security researchers reveal that a code change made in 2008 increased the size of the random number generator, lengthening it from 20 bytes to 32 bytes, which in turn reduced the amount of calculation and time an attacker would need to break the encryption scheme and decrypt data.

 7 Jan And Here We Are With the First Massive Breach of 2016

Time Warner Cable warns that login credentials for 320,000 customers may have been stolen. Not the best way to Enter 2016, despite it looks like the leak is a result of phishing rather than a direct hack to Time Warner Cable.

5 Jan Linode, Still Under DDoS Attack, Reports a Possible Breach

DDoS attacks are considered a perfect smoke screen for APTs and silent data breaches. I wonder if this is the case of Linode, that after struggling with a long-lasting DDoS attack has reported a credential leak running a system-wide password reset on customer accounts

3 Jan Big In Japan: 2 Million Personal Records Leaked or Feared Leaked from 140 Companies in 2015

Security Breaches are a big deal in Japan. According to a survey, at least 2.07 million personal data sets were leaked or feared leaked from 140 companies and bodies in Japan  during 2015.

3 Jan A Supercharged Variant of the BlackEnergy Variant Behind the Attacks in Ukraine

A research by the firm ESET reveals that the BlackEnergy trojan was used as a backdoor to deliver a destructive KillDisk component in the attacks against Ukrainian news media companies and power grids. Few days later, the U.S. cyber intelligence firm iSight Partners identifies a Russian hacking group known as Sandworm behind this attack.

Leave a Reply

%d bloggers like this: