The week in security: Leaked NSA hacking tools hit Solaris, Windows servers as IoT-targeting Mirai gets competition
- 18 April, 2017 11:25
In a sign of slowly maturing managerial attitudes towards security, a new survey found that CSOs are feeling less pressure from management to fast-track IT projects and new technology rollouts. They may also be finding that detecting insider threats is easier than they think – although many are still running periodic vulnerability assessments that may be a recipe for disaster.
Speaking of recipes for disaster, a new competitor has emerged to the Mirai Internet of Things (IoT)-exploiting malware – kicking off an arms race that nobody needed. Also on the arms-race front, suspected CIA spying tools, exposed in a WikiLeaks dump, have been linked to hacking attempts on at least 40 targets in 16 countries.
Meanwhile, disaffected hacker group Angry Shadow Brokers publicly released the password for National Security Agency (NSA) tools – including tools that could access any Solaris-based system – that they had previously tried to sell. The leak also offered details into the organisation’s bank-spying exploits, and included a highly effective compromise for Windows Server – although Microsoft said it had already addressed the compromises in old patches.
Synack, an ex-NSA startup that recently landed $US21m in expansion funding, is eyeing a move to Australia as part of a growth trajectory that also includes the hiring of a large number of security specialists.
There were concerns that newly rolled-back regulatory requirements – which allow ISPs and marketers to resell data about users’ online activities – could have broad security repercussions. There were also warnings that consumer credit card data may have been stolen from GameStop.com over the course of six recent months. And an unpatched vulnerability in the Magento e-commerce platform was exposing online shoppers to compromise.
Microsoft moved to deal with an unpatched vulnerability in Microsoft Word that had been exploited by hackers – including the gang behind the Dridex Trojan – for months. The exploit, which Microsoft ultimately fixed in a patch that addressed 45 flaws, was linked to cyberspying in the Ukraine-Russian conflict.
Predictive analytics is being hailed as a powerful new weapon in the fight against ransomware, but no amount of prediction stopped the hack of emergency tornado sirens that sounded across the US city of Dallas for 90 minutes on Saturday; authorities added an extra layer of encryption to prevent it happening again.
In the wake of fraud enabled by fake SSL certificates issued by Let’s Encrypt and Comodo, Domain Name System (DNS) authorities will soon have to implement a special record that specifies who is allowed to issue SSL digital certificates to protect their domains. Fortinet upgraded its platform to improve cloud and software-defined WAN protection, while US-based Travelers Insurance Company partnered with Symantec to offer cyber insurance customers free risk assessment advice.