Security Research
cancel

HP Security Research OSINT (OpenSource Intelligence) articles of interest – July 17, 2015

HP Security Research OSINT (OpenSource Intelligence) articles of interest – July 17, 2015

SR-FI_Team

Below, you will find the HP Security Research key articles of interest for July 17, 2015. These are publically available articles that are provided as a news service only. The intent of this blog post is to share current events related to the cyber security industry.

Hacking Team's "Bad BIOS": A commercial rootkit for UEFI firmware?

The examination of commercial malware developed by Hacking Team has revealed much to the security community. Of particular interest to platform security researchers at Intel’s Advanced Threat Research team (ATR) is the presence of what appears to be a UEFI-based persistent infection mechanism. ATR has been   researching vulnerabilities related to system firmware and working with a community of firmware developers and platform manufacturers to mitigate these threats. Others have also posted good information about this issue. Here, we will provide some preliminary analysis of the firmware threat. 

 

GamaPOS

The Andromeda botnet is a well-known bothnet that surfaced around 2011 and has delivered well-known backdoor variants like Gamarue. In past revivals, the botnet has been distributed through malicious emails containing attachments or links to compromised websites hosting exploit kit content. What makes this botnet successful is its highly configurable and modular design that can fit any malicious intent, like distributing Zeus or, more recently, distributing a Lethic bot.

 

Coalition of security companies forms to oppose Wassenaar Rules

A large group of security companies have formed a coalition to oppose the proposed rules from the Department of Commerce that would regulate the export of so-called intrusion software, a broad term that researchers and legal experts are concerned would limit security research and development.

 

Hacking Team broke Bitcoin secrecy by targeting crucial wallet file

Turns out, going after someone’s Bitcoin transactions is much easier than you might think. After all, as the saying goes, once you’re pwned, you’re pwned.

 

Why the OPM hack will be a national security threat for decades to come

Over 22 million people had their personal information hijacked in a cyberattack on the US Office of Personnel Management. The attack is over, but its threat will literally last lifetimes. Members of the intelligence community are stressing that the attack will continue to be a problem until each one of those people whose sensitive personal information was stolen drops dead.

 

The Darkode Cybercrime Forum, up close

By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness. This post is an attempt to distill several years’ worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general.

 

FBI extends piracy-hunt to Romania, sites shut down

The FBI have assisted Romanian authorities in the closure of three piracy-based torrent sites in the region. A report from the prosecutor’s office in Romania’s High Court of Cassation and Justice details a cooperative investigation dating back four years which has now resulted in raids and site seizures, including the domain serialepenet.ro.

 

Spotlight on Advanced Persistent Threats in industrial control systems

The challenge of APTs targeting Industrial Control Systems continues to evolve and escalate. It is true that a number of the ICS-specific attacks in the years immediately following Stuxnet (e.g. Duqu, Flame, Shamoon) are not so interesting as derivatives of Stuxnet or in how they utilize more general, IT-centric exploits.  However, 2014 was a milestone year in that we saw two APTs that uniquely expanded on the initial methods used by Stuxnet:  Energetic Bear/Dragonfly (Havex) and Sandworm (Black Energy campaign).

 

Microsoft Internet Explorer 11 zero-day

On July 6th, information spread that the Italian company known as the Hacking Team were themselves the victims of a cyber attack. In the aftermath of this leak, Vectra researchers have analyzed the leaked data, and identified a previously unknown vulnerability in Internet Explorer 11 that impacts a fully patched IE 11 on both Windows 7 and Windows 8.1.

 

Windows 10 updates to be automatic and mandatory for Home users

Windows Update can't be readily disabled in Windows 10 Home, and the license terms that all users must agree to allow Microsoft to install updates automatically.

 

All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS

The authors present new biases in RC4, break the WI-FI Protected Access Temporal Key Integrity Protocol (WPA-TKIP, and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol.

 

NSA releases Linux-based open source infosec tool

The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help beef up their security and counter threats.

 

© 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

  • HPSR
0 Kudos
About the Author

SR-FI_Team

Labels
//Add this to "OnDomLoad" event