Security Briefing 4-24-2018
On Tuesday, Department of Justice (DOJ) prosecutors asked a San Francisco federal court judge to impose that sentence on Karim Baratov, a Canadian citizen born in Kazakhstan who was indicted in March 2017 for working with two officers of the Russian Federal Security Service (FSB) -that’s Russia’s successor to the KGB – to pull off the historic Yahoo breach. They asked for nearly 8 years.
Hackers are working on utilizing the blockchain infrastructure to host and hide malicious activity— .bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
A group named GOLD GALLEON has targeted global maritime shipping companies– As part of the BEC social engineering scheme, actors usually employ spear-phishing emails to steal email credentials of individuals responsible for handling business transactions. This allows them to intercept emails between involved parties, modify financial documents, and redirect funds to attacker-controlled bank accounts.
The recently patched Drupal (open source CMS) vulnerability tracked as CVE-2018-7600 and dubbed Drupalgeddon2 has been exploited in the wild to deliver backdoors, cryptocurrency miners and other types of malware.
Foxit has addressed over a dozen vulnerabilitiesin their PDF Reader, a free application that provides users with an alternative to Adobe Acrobat Reader.
A new security standard announced Tuesday, WebAuthn, has won near-final approval from the World Wide Web Consortium, which establishes Web standards. It is based on a specification written by the FIDO Alliance, can make the Internet more secure for consumers. It uses public key cryptography and is resistant to phishing attacks.
A former employee stole data on 1.5 million customers, Atlanta-based SunTrust Banks announced on Friday. The stolen information includes names, addresses, and phone numbers, along with certain account balances, as this was the data included in the contact lists, the company confirmed.