14 DAY TRIAL // Another week almost passed and the information security industry keeps becoming more interesting. The week between June 18 and June 24 was mostly marked by things such as piracy, hacks that raised suspicion, rewards, and some curious Trojans.
The Trojans we are talking about are Milicenso and Medre. Medre is a perfect example of corporate espionage, since its main goal is to steal AutoCAD drawings from companies in Peru and send them back to its creators in China.
Milicenso, on the other hand, seems to be an everyday malware, except for the fact that it comes with a nasty side effect. Because it drops an element in the operating system’s print spooler directory, all the attached printers begin printing out the file’s content until they run out of paper.
Speaking of industrial espionage, a related topic we saw in the week that passed was on the cyberattacks that targeted Iran’s Central Bank.
We also learned that some US officials claim that Flame is the work of Israel and the United States, being part of a project designed to sabotage Iran’s nuclear program.
Sophos experts found that the website of an aeronautical parts supplier and the one of a medical organization, both from Europe, have been compromised to host an exploit that leverages the now-infamous Microsoft XML Core Services vulnerability for which the Redmond company released a temporary Fix It solution.
As far as hacks and privacy issues are concerned, we’ve seen a lot of suspicious data breaches.
For instance, CyberZeist has taken credit for hacking UK security company G4S, but the organization denied being breached.
Twitter was down for a few hours on Thursday. UGNazi took credit, but the social media site’s representatives claimed that a cascading bug caused the issue, not hackers.
Reckz0r published a bunch of data allegedly obtained from 79 banks and possibly MasterCard and Visa. Again, MasterCard denied it. However, it later turned out that the entire incident was most likely fabricated.
The last denial came from Telstra, the Australian telecoms firm whose customers accused it of tracking their browsing activity.
Fortunately, the past week wasn’t only about negative things. Exodus Intelligence and PayPal have both launched programs that reward researchers who find important vulnerabilities.
So, if you find cross-site scripting (XSS), cross-site request forgery (CSRF), SQL Injection, and authentication bypass flaws in PayPal, be sure to report them because you might be compensated. For any other security holes, contact Exodus Intelligence since they promise great rewards for researchers who prove they are worthy.
In the piracy section, Comcast takes center stage. The company has joined the ranks of ISPs who want to protect customers against copyright trolls and as it turns out, it succeeded.
We also learned that experts are questioning the legality of a method used by Prenda Law to threaten individuals accused of copyright infringement.