Below, you will find the HP Security Research key articles of interest for February 6, 2015. These are publically available articles that are provided as a news service only. The intent of this blog post is to share current events related to the cyber security industry.
Microsoft has released their iOS app “Outlook” today. And it will break your companies security for mobile PIM access in multiple ways! No matter if you’re a Microsoft Exchange or IBM Notes Traveler customer.
A team of Russian hackers gained access to Sony Pictures Entertainment Culver City network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia. Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT).
China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.
In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn—spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack.
It is common belief that APT groups are masters of exploitation. If anyone, they should know everything about the art of exploitation, right? Our research into the real world uses of the CVE-2014-1761 vulnerability shows that this is far from being true.
The recent trio of Flash zero days has not only caused a lot of scrambling at Adobe—which yesterday released a patch for the last in that line of vulnerabilities—but also shined light on a fairly unknown exploit kit, exposed the evolving danger associated with malvertising, and made clear the pains which attackers take with malware to evade detection.
For the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation. White Lodging says it is investigating, but that so far it has found no signs of a new breach.
Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group.
Anthem didn't encrypt the personal data of its customers prior to the massive hack it suffered last month, according to a report in the Wall Street Journal. Citing a person familiar with the matter, the Journal reports that encrypting the data would have made it more difficult for hackers to access, though it would have made it harder for the health insurance company to analyze and share the data with providers and states.
Initial suspicions from the massive hack at Anthem are just starting to roll in, and they are suspicious. Long story short, a few unnamed people immediately jumped to the conclusion that it was China. That said, Anthem is hardly the only health care company that's been hacked lately.