Incident Response, Malware, Network Security, TDR

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

» Security practitioners convened in San Francisco at the end of February for RSA Conference 2014. In addition to discussing new attack techniques and developing security issues, sessions and keynotes addressed immediate concerns impacting the industry, including the RSA-NSA controversy in which the intelligence agency is believed to have contracted RSA to use a flawed algorithm in its security products. 

» Researchers discovered new malware based on the leaked code of Zeus banking malware, and random-access memory (RAM)-scraping malware targeting credit card data. The malware was detailed in a late February report published by Websense. According to the security firm, a clothing retailer in the Eastern U.S. was infected with the Zeus variant in November which targeted its point-of-sale (POS) terminals.

» Microsoft and Adobe released emergency fixes for zero-days impacting their customers. While Microsoft issued a temporary solution, or “Fix it,” for an IE vulnerability actively being exploited, Adobe was able to provide a permanent patch for a vulnerability in its Flash Player. Both solutions were made available in late February, and the bugs were leveraged in campaigns where compromised websites were used to spread the threat.

» After months of feedback, the National Institute of Standards and Technology (NIST) released its cyber security framework (CSF) in February to help critical infrastructure companies stave off cyber attacks. The framework, which supports President Obama's “Improving Critical Infrastructure Cybersecurity” executive order issued last February, serves as a voluntary framework and is designed to complement an enterprise's existing security management program, not replace it.

» Researchers at Kaspersky Lab identified a seven-year-long advanced persistent threat (APT) campaign, dubbed Careto, or “The Mask,” which targeted a number of entities, including government institutions, diplomatic offices and embassies, research institutions, private equity firms, activists, and energy, oil and gas companies in 31 countries. The APT campaign showed evidence of targeting Windows, Mac and Linux users, and possibly iOS and Android mobile users. According to Kaspersky researchers, the operation relies on victims clicking on links to malicious websites in spear phishing emails, so that delivered malware can collect victims' encryption keys, VPN configurations, SSH keys and RDP files, as well as unknown extensions that could be related to military or government level encryption.

» In the first three weeks of February, Hold Security – a company that aided in discovering a number of breaches, including the major incident impacting Adobelocated more than 20 data files on the Deep Web that together contained roughly 360 million email addresses with passwords, and about 1.25 billion email addresses alone. Hold Security's CISO Alex Holden warned that spammers will typically pay a pretty penny for massive lists of email addresses, and many of the email addresses in the discovered files were for Yahoo, Microsoft, Google and AOL accounts. Victims were located all over the world, including in the Unites States, the firm revealed. The Deep Web, the firm noted, consists of portions of the internet that are not indexed by traditional search engines and are only reachable using browsers such as Tor.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.