Security Briefing 5.9.17
Here’s the latest news in the Cybersecurity world:
Windows released a patch today to combat a severe zero-day vulnerability with Windows operating systems; it could be one of the worst flaws in recent memory according to the researchers who discovered it. The vulnerability allows attackers to remotely execute code if the Microsoft Malware Protection Engine scans a specially crafted file. When successfully exploited, attackers are able to worm their way into the LocalSystem account and hijack an entire system. System administrators do not need to act as Microsoft’s internal systems will push the engine updates to vulnerable systems.
Security guru Brian Krebs isn’t beyond getting scammed himself. He purchased something for a ‘too-good-to-be-true’ price on Amazon. It appeared the item was shipped and progressing to his location, but it never arrived—and never will. A recent rash of ‘get-in get-out’ scammers on Amazon are doing exactly this. Buying hacked accounts with credentials for online stores and ‘selling’ awesome things at unbelievable, yet still expensive, prices. Moral of the story is if something appears too good to be true, it probably is.
NASA has released a spectacular video made up of pictures captured by the Cassini space probe as it dived through Saturn’s rings to swoop at a height of 4,200 miles above the surface of the planet at the end of last month. As NASA explains, the Grand Finale will see Cassini plunge into Saturn’s atmosphere. This will send back data before burning up like a meteor.
The United States is the world’s primary target for cyber fraud attacks. Europe has emerged as the major source of attacks, now accounting for 50% more attacks than the US. The growth in attacks is outpacing the growth of transactions; and in a 90-day period, they detected 130 million fraud attacks. These details come from the ThreatMetrix Cybercrime Report Q1 2017 (PDF).
The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality. “Last Week Tonight” host John Oliver revisited the subject of net neutrality on Sunday, urging people to leave comments on the FCC’s website. The website became inaccessible shortly thereafter.
A phishing scam that surfaced earlier this week used Google Docs to attack at least 1 million Gmail users. However, that amounted to fewer than 0.1 percent of Gmail users were affected, according to the company. The scam was shut down within an hour after being discovered, through removal of fake pages and applications and both automatic and manual system-wide infrastructure updates.
Outside of the US…
It came as little surprise to weary election-watchers when a big dump of emails purporting to be from the camp of Emmanuel Macron, the French presidential challenger (pictured), popped up on late on Friday night at – literally – the 11th hour. The French press ignored the dump because it happened at an odd time. It happened an hour before a legally required blackout on election reporting kicked in. The french media simply could not cover the cache due to this. However, internet users widely discussed it, with observers pointing out – to nobody’s surprise – that the cache appeared to have Russian fingerprints on it.
China, which partially blocks its citizens’ access to Wikipedia, is to create its own version of the user-created and edited encyclopedia, saying it had hired more than 20,000 people to write articles for what editor-in-chief Yang Muzhi called a “Great Wall of Culture”, the South China Morning Post reported at the weekend. Unlike Wikipedia, which anyone can contribute to and edit, academics will write the Chinese Wikipedia. This version, the third edition and first online edition, will have more than 300,000 entries.