Minggu, 30 September 2012

Security Brief: Cyberattacks on US Banks, Incidents


This was a busy week for the world of information security, with hacktivists attacking US banks, major vulnerabilities being discovered, and some other incidents that made a lot of headlines around the world.

The main events of this week were the attacks launched by Izz ad-Din al-Qassam Cyber Fighters. After disrupting the websites of Bank of America and JPMorgan Chase, allegedly as a form of protest against the Innocence of Muslims movie, the hacktivists released another statement threatening Wells Fargo, US Bank and PNC.

Although they were warned days before, none of the financial institutions managed to neutralize the distributed denial-of-service (DDOS) attacks launched against their systems.

In the meantime, some controversial theories have emerged. Some US officials and even some security experts rushed to point the finger at Iran, claiming that these attacks are most likely a response to the restrictions imposed by the United States.

Iran quickly denied being involved, but to no avail. More and more voices stress that the blasphemous movie featuring the Prophet Mohammed is only a cover-up.

The controversial hacker known as The Jester (th3j35t3r) came forward saying that Anonymous might be involved in the attacks.

Now, it remains to be seen what other organizations will be targeted by the hacktivists who threatened to keep launching attacks until Innocence of Muslims was removed from the Internet.

Izz ad-Din al-Qassam Cyber Fighters weren’t the only hacktivists who made headlines. Anonymous Global decided to join the anti-austerity protests in Spain by taking down the website of the National Police.

Another interesting topic from this week relates to Adobe’s decision to revoke a Windows code signing certificate on October 4. The company considers this a necessary step after identifying a couple of malicious applications signed with the compromised certificate.

On Wednesday we learned from researcher Radu Dragusin that the Institute of Electrical and Electronics Engineers (IEEE) had been inadvertently exposing the usernames and clear text passwords of over 100,000 users for more than a month.

Many of the affected individuals are said to be working for major companies such as Apple, Google, IBM, Oracle and even NASA.

We also reported about an incident that affected phpMyAdmin users. They were warned by SourceForge and phpMyAdmin of a corrupted distribution served from a Korean mirror on SourceForge.

A malicious file planted inside the archive could have allowed remote attackers to execute their own malicious commands.

As far as vulnerabilities are concerned, experts from Security Explorations have identified yet another flaw in Oracle’s Java SE. Oracle confirmed its existence and promised to patch it up in a future CPU.

However, in the meantime, around one billion users are at risk of falling victim to cybercriminals.

Let’s not forget mobile security. This week, researchers showed us not only how to ride the San Francisco subway without paying a dime, but also how to remotely wipe Samsung Galaxy S3 phones, or any other Samsung devices running TouchWiz.

Via: Security Brief: Cyberattacks on US Banks, Incidents

Tidak ada komentar:

Posting Komentar