Security Brief: Pwn2Own, Operation Ababil 3

The main events of the week between March 4 - March 10, 2013

By on March 10th, 2013 05:41 GMT

In case you haven’t had the chance to follow this week’s cybersecurity news, here’s a quick brief of the most important events.

First off, it’s worth mentioning that Izz ad-Din al-Qassam Cyber Fighters have initiated phase 3 of Operation Ababil.

The websites of several financial institutions from the United States have been targeted, including the ones of Bank of America, Capital One, Wells Fargo, Citibank, PNC, Fifth Third Bank, HSBC, US Bank and BB&T.

The customers of smaller banks have also reported being unable to access their websites, but it’s uncertain if the downtimes are related to Operation Ababil.

And since we’re talking about distributed denial-of-service (DDOS) attacks, it’s worth mentioning that several organizations from the Czech Republic have been targeted in what some say are the largest cyberattacks the country has ever faced.

At first, the unknown attackers, believed by some to be from the Czech Republic, targeted the sites of several major newspapers. Later in the week, they turned their attention to the websites of major financial institutions and the Prague Stock Exchange.

As far as vulnerabilities are concerned, most of the ones reported this week have been discovered as part of the Pwn2Own competition.

On the first day of the event, experts managed to hack Chrome, Firefox, Internet Explorer and Java. On the second day, Flash, Adobe Reader and Java were cracked. Organizers paid a total of $480,000 (€364,000), but they say it was worth it.

And since we’re talking about Java, it’s worth noting that Oracle released an out-of-band patch to address the vulnerabilities currently exploited in the wild. On the other hand, Security Explorations has identified 5 new issues that could be leveraged for a complete sandbox bypass.

Experts have been busy this week discovering vulnerabilities in Samsung phones running Android. At first, Terence Eden uncovered a way to bypass the lock screen on Samsung Galaxy Note II phones.

The attack method presented by Eden has a lot of limitations, but the one discovered by another expert, Sean McMillan, is much more efficient.

When it comes to hacks, the list is fairly long. It includes the Twitter accounts of Saudi Aramco, FRANCE 24, and the South African Ministry of State Security. Evernote also reported being hacked.

Here are some other important stories, in case you’ve missed them:

German studio Constantin Film hacked in protest against anti-piracy group

The Steam keys of over 1,300 Natural Selection 2 players deactivated because of credit card scheme

Website of mining company hacked by Anonymous for OpGreenRights

Class-action lawsuit against LinkedIn dismissed

Hacker breaches prison network from inside after being allowed to attend IT class

Comments