Security Research
Showing results for 
Search instead for 
Do you mean 

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 6, 2015

SR-FI_Team on ‎02-06-2015 02:59 PM

Below, you will find the HP Security Research key articles of interest for February 6, 2015. These are publically available articles that are provided as a news service only. The intent of this blog post is to share current events related to the cyber security industry.

 

Behind the Syrian conflict's digital front lines

FireEye uncovers stolen Syrian opposition forces communications and battle plans. Through ongoing threat research it became apparent these documents from a well-executed hacking operation.

 

BMW fixes security flaw that left locks open to hackers

BMW has patched a security flaw that left 2.2 million cars, including Rolls Royce and Mini models, open to hackers.

 

Warning – Microsoft’s Outlook app for iOS breaks your company security

Microsoft has released their iOS app “Outlook” today. And it will break your companies security for mobile PIM access in multiple ways! No matter if you’re a Microsoft Exchange or IBM Notes Traveler customer.

 

The Sony breach: From Russia, no love

A team of Russian hackers gained access to Sony Pictures Entertainment Culver City network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia. Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT).

 

China to ban online impersonation accounts, enforce real-name registration

China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.

 

DNS hijack in D-Link routers, no authentication required

D-Link’s popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface.

 

Pawn Storm Update: iOS Espionage App Found

In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn—spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack.

 

Exploit this: Evaluating the exploit skills of malware groups

It is common belief that APT groups are masters of exploitation. If anyone, they should know everything about the art of exploitation, right? Our research into the real world uses of the CVE-2014-1761 vulnerability shows that this is far from being true.

 

Flash zero days dominate exploit landscape

The recent trio of Flash zero days has not only caused a lot of scrambling at Adobe—which yesterday released a patch for the last in that line of vulnerabilities—but also shined light on a fairly unknown exploit kit, exposed the evolving danger associated with malvertising, and made clear the pains which attackers take with malware to evade detection.

 

Banks: Card thieves hit White Lodging again

For the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation. White Lodging says it is investigating, but that so far it has found no signs of a new breach.

 

Target hackers hit third parking services

Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group.

 

Anthem failed to encrypt customer data prior to cyberattack

Anthem didn't encrypt the personal data of its customers prior to the massive hack it suffered last month, according to a report in the Wall Street Journal. Citing a person familiar with the matter, the Journal reports that encrypting the data would have made it more difficult for hackers to access, though it would have made it harder for the health insurance company to analyze and share the data with providers and states.

 

Why so many hackers are going after the health care industry

Initial suspicions from the massive hack at Anthem are just starting to roll in, and they are suspicious. Long story short, a few unnamed people immediately jumped to the conclusion that it was China. That said, Anthem is hardly the only health care company that's been hacked lately.

 

© 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

0 Kudos
About the Author

SR-FI_Team

Labels
Events
27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all