Incident Response, Malware, TDR, Vulnerability Management

News briefs: The latest on Heartbleed, Microsoft fix for IE, U.S. Cyber Command and more

» A critical vulnerability, dubbed the ‘Heartbleed bug,' was discovered in widely used versions of the OpenSSL library. In early April, the public became aware of the threat and its widespread impact, as exploitation ultimately puts SSL/TLS encrypted communications, such as those on websites, in emails, direct messages and elsewhere, at risk. The bug is said to allow an attacker to steal the private cryptographic key of any secure server. Not long after the Heartbleed flaw became public knowledge, reports surfaced that the NSA had been exploiting the bug to carry out internet surveillance, which the agency denied. 

» Microsoft dispatched a swift, emergency fix for a critical Internet Explorer flaw that had been used in zero-day attacks against a number of industries. The remote code execution vulnerability affected IE 6 through 11, and allowed an attacker, using an Adobe Flash exploitation technique, to execute arbitrary code within victims' browsers. Researchers at FireEye, which helped Microsoft mitigate the issue before the May 1 security update, discovered that an attack group was also exploiting Windows XP machines running IE 8. Given the nature of the threat, Microsoft's fix was also made available to XP users, despite the fact that the software reached its end of support in April.

» A top government official revealed that the Pentagon plans to strengthen its U.S. Cyber Command in coming years by tripling its security workforce. During a spring speech at NSA's headquarters, Defense Secretary Chuck Hagel said that, by 2016, the Fort Meade, Md.-based military command would grow its security staff to 6,000 people. By this year's end, Hagel expects the Pentagon's cyber security workforce to stand at 1,800 individuals.

» ESET researchers discovered a new piece of mobile malware spreading in Russia, which may be the first Android worm in the wild. Furthermore, analysts at the firm warned that the malware could potentially makes its way to the U.S. before long. The worm, detected by ESET as “Android/Samsapo.A,” is designed to infect Android mobile devices and carry out trojan-like attacks, after spreading itself through an automated process – SMS messages. Upon infection, the worm accesses and shoots out SMS messages to everyone in the victim's contact list. The message lures new victims into clicking a malicious link, which installs the downloaded malicious APK file. Samsapo can also download malicious files from specified URLs, upload information on the mobile device to a remote server, register the phone number into a premium SMS service, block phone calls, and alter alarm settings, ESET revealed.

» Criminals in Eastern Europe targeted dozens of U.S. banks with an elaborate phishing scheme designed to capture victims' payment card data. Cyber crime prevention firm PhishLabs revealed in late April that fraudsters appeared to be compromising as many as 400 payment cards per day through “vishing” attacks, a social engineering ruse that phishes individuals via voice-over-internet-protocol (VoIP) technology. According to the firm, approximately 50 financial institutions in the past three years have fallen victim to the campaign, which mostly targeted small banks and credit unions. Scammers used email-to-SMS gateways to pose as legitimate financial institutions by spamming bank customers with text messages. Recipients of the texts were directed to call their bank and hand over sensitive data to reactive their payment cards; when instead, an interactive voice response (IVR) system set up by attackers, collected victims' card and PIN numbers. Under the scheme, around $120,000 in ATM cash outs alone may be stolen per day, PhishLabs estimated. Counterfeit cards, made with data stolen under the “vishing” scheme, are used to withdraw funds.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.