14 DAY TRIAL // We've learned about some interesting things from the information security world over the past week, but since no particular topic has made headlines, we’ve entitled this security brief “Diversity.”
When it comes to hacking, the first story worth mentioning is the one about the cyberattacks against major organizations from South Korea. The systems of several banks and broadcasters were disrupted by a piece of malware.
Initially, South Korean authorities said they traced back the attacks to an IP address from China, but they later realized that the IP was actually used by one of the targeted banks for internal operations.
Other hacked organizations include Norwegian telecoms giant Telenor and the BBC.
A few days ago, distributed denial-of-service (DDOS) attacks were launched against the website and mail server of Spamhaus. Initially, we believed that Anonymous was behind the attack, but Spamhaus representatives clarified that it was the work of Russian cybercriminals.
In the meantime, CloudFlare, the company called in to mitigate the attack, has published a post to detail how it blocked the Layer 3 DDOS.
As far as accusations, sentences and prosecutions were concerned, these past days we learned that a 17-year-old was arrested for using a piece of malware to steal explicit photos from the phones of youths. The hacker has been accused of exploiting children because he has posted the stolen pictures on illegal websites.
Andrew Auernheimer, aka “Weev,” the man accused of hacking AT&T, has been sentenced to 41 months in prison and three years of supervised release. However, he is appealing the decision and the Electronic Frontier Foundation (EFF) has decided to aid his legal team.
Matt Keys, the Reuters employee accused of conspiring with Anonymous, has published a short statement denying the accusations brought against him.
This past week, we have also learned about some interesting vulnerabilities. A security expert has found security holes that can be leveraged to hijack Microsoft, LinkedIn, Yahoo and Twitter accounts.
Security Explorations has decided to publish the complete details of a Java 7 issue, which Oracle refuses to catalogue as a vulnerability. The experts want the community to decide if it’s a security hole or not.
In the malware, botnets and cybercriminal campaigns section, we can mention the TeamSpy attacks that leverage TeamViewer, the Chameleon botnet that costs advertisers millions of dollars each month, and the new Yantoo Trojan that targets Mac users.
Here are some other interesting stories, in case you’ve missed them:
PyCon incident: 2 people fired, DDOS attacks launched against 2 websites
Vatican was NOT hacked. The Dark Knight story was published on purpose on Vatican website
Security Explorations publishes POC code for digital satellite TV vulnerabilities
Interesting interview with Ibrahim El-Sayed, one of the members of Vulnerability Lab.