Security Brief: Red October, Aaron Swartz, Java

The main events of the week between January 14 and January 20

  Red October infection diagram
We’ve seen some interesting things over this past week, but most of them appear to revolve around the Red October cyber espionage campaign, the death of Aaron Swartz and the subsequent OpAngel launched by Anonymous, and Java vulnerabilities.

We’ve seen some interesting things over this past week, but most of them appear to revolve around the Red October cyber espionage campaign, the death of Aaron Swartz and the subsequent OpAngel launched by Anonymous, and Java vulnerabilities.

On Monday, Kaspersky revealed the existence of Red October, a 5-year-long cyber espionage campaign aimed at various government, research and academic organizations from all over the world.

The security firm has published a detailed analysis of the operation, which still appears to be active. In order to perform a thorough investigation, Kaspersky has set up a number of fake victims around the world.

Oracle has released Java 7 Update 11 to make sure that users are protected against cyberattacks leveraging the recently uncovered Java exploit. However, our friends from Security Explorations revealed that the zero-day was only possible because Oracle didn’t properly address a security hole which they reported in August 2012.

In the meantime, Security Explorations has uncovered a couple of new vulnerabilities that affect Java 7 Update 11. A zero-day affecting the latest version of Java 7 was also being sold on underground hacker forums for $5,000 (3,750 EUR).

The suicide of Reddit co-founder Aaron Swartz has also made headlines over the past week. Shortly after the news of his death came to light, Anonymous defaced a couple of MIT subdomains in memory of Swartz.

His family, friends and hacktivists blame current cybercrime legislation and the ones who have prosecuted his case for Swartz’s death.

As a result, Anonymous has initiated a campaign called OpAngel. The first phase of OpAngel focused on getting the Westboro Baptist Church to abandon their plans to picket Swartz’s funeral.

Once this goal was accomplished, the second phase was initiated. The hacktivists are determined to get the US government to make some serious changes in legislation.

Some government websites have also been hacked over this past week, including the ones of Mexico’s Ministry of Defense, Thailand’s Ministry of Culture, Sri Lanka National Security Media Center, the Army of Chile, and the Peruvian Army.

Here are some other stories worth reading, in case you’ve missed them:

TeaMp0isoN’s TriCk is back, launches platform to help hackers test their skills legally

Pwn2Own 2013 has been announced

South Korea accuses North Korea of cyberattacks against newspaper and presidential transition team

A documentary about the RedHack hacktivist group will be released

Germany purchases controversial FinFisher spyware

Introducing the “bouncer” phishing kit

Comments