CyberSecurity Pulse 2016-09-08
|“If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.”|
|Henry David Thoreau|
OpenOffice, Looking for Its Future in Extremis
While the board hasn’t ordered any specific solution, Dennis Hamilton, vicepresident of Apache OpenOffice, an organization that reports to the Apache Software Foundation (ASF) board, noted that ending the project is one option and has already described a possible process for retiring OpenOffice, including public discussion and developers mailing lists , its blog and Twitter and Facebook accounts. However, there is still people who would prefer to revitalize the project even considering the possibility of transfering it to an independent entity outside of Apache. Unfortunately, this seems to be another example of how the lack of developers with ability to patch and improve the code in an open source project always set the rhythm and keep it alive when security failures appears.
Hong Kong Government Hacked by APT3 Group Before Elections
Security experts from FireEye have discovered a new cyber espionage campaign launched by the Chinese APT3 group against Hong Kong Government before parliamentary elections. The hackers targeted two Hong Kong government departments to steal information related elections. APT3 hackers used spear-phishing emails to lure victims to websites used to deliver malicious code on victims’ PC. According to FireEye, the malicious phishing emails claimed to include information about a report on election results, they include a link to the malicious website.
Kaspersky Finishes the Deal with Security Reseller Quadsys
Kaspersky Lab is the first big vendor to publicly rip up its contract with disgraced security reseller Quadsys in the wake of the hacking scandal that the company’s bosses recently admitted to. On 22 July, Quadsys owner Paul Streeter, MD Paul Cox, director Alistair Barnard, account manager Steve Davis and security consultant Jon Townsend pleaded guilty to securing unauthorised access to computer material, contrary to section 1 of the Computer Misuse Act 1990. The five were charged in summer 2015 with hacking into a rival’s database to plunder customer information and pricing details. Sentencing is set for 9 September but ahead of that, Kaspersky Lab has distanced itself from Quadsys, which was accredited as a Kaspersky Gold partner, the vendor’s top tier certification.
Rest of the Week´s News
CSTO Ransomware, a Malware that Uses UDP and Google Maps
Security researchers at BleepingComputer have reported a new ransomware dubbed Cry or CSTO. After infecting a computer, the CSTO ransomware collects information on the host that sends via UDP to 4096 different IP addresses, but only one of them is the C&C server.
Pokemon-fan VXer Developed the Linux Umbreon Rootkit
Malware researchers from TrendMicro have obtained samples of a new strain of Linux rootkit from one of its trusted partners. The new rootkit family and some of its modules have been called under several pokémons and targets Linux systems, including embedded devices and any other system running both Intel and ARM processors.
Nearly 800,000 Brazzers Porn Site Accounts Exposed in Forum Hack
Up to 790,724 accounts for the popular porn site Brazzers have been exposed in a data breach which was supposed to take place in 2012 linked to its vBulletin platform. In this line, Troy Hunt told Motherboard that he had recently confirmed that lots of vBulletin breaches may have been caused by admins failing to update the software properly, something that has lead to their users’ data being exposed to well-known security vulnerabilities.