CyberSecurity Pulse 2017-08-21

CyberSecurity Pulse 2017-08-21

“It’s not that I’m so smart, it’s just that I stay with problems longer.”
Albert Einstein

Analyst Insight

Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network

A growing number of enterprises are showing their interest in blockchains. Thus Microsoft has built their networks using any distributed ledger. The company has unveiled a framework called "Coco", a new open source for enterprise blockchain networks.

Coco is an Ethereum-based protocol which has been designed to help commercial companies and large-scale enterprises process information on the Ethereum Blockchain with increased privacy. "Coco presents an alternative approach to Ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect", Mark Russinovich, the CTO at Microsoft Azure said in an official statement.

The framework can be integrated with a number of popular open source blockchain networks and distributed ledgers, including Ethereum, R3's Corda, Intel's Hyperledger Sawtooth and JPMorgan's Quorum. Since Blockchain transaction speed is so slow that it can only handle a handful of transactions in a second, the company wants the technology to handle a thousand or more transactions per second. Microsoft said Coco framework will be ready by 2018 and will be released as open source software.

» More information at Github

Top Stories

DoJ Launches Framework for Vulnerability Disclosure Programs

The US Department of Justice has released a framework to help businesses develop formal vulnerability disclosure programs. More businesses are adopting vulnerability disclosure programs so as to detect security problems that could lead to data compromise and disruption better. The framework, created by the Criminal Division's Cybersecurity Unit, provides a process for designing and administering a program, as well as a set of considerations that could help inform vulnerability disclosure policies.

» More information at U.S. Department of Justice

CAN Bus Standard Vulnerability

NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting the CAN Bus, a broadcast based network standard. According to the public report, which was coordinated with ICS-CERT prior to its public release, researchers Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero identified a vulnerability exploiting a weakness in the CAN protocol that would allow an attacker to perform a Denial-of-Service (DoS) attack.

» More information at McAfee

Rest of the Week´s News

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it.

» More information at The Hacker News

Cybercriminals Exploit PowerPoint Slideshow Files to Deliver Malware

In April Microsoft fixed the CVE-2017-0199 vulnerability in Office after threat actors had been exploiting it in the wild. In this sense, hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the Dridex banking Trojan.

» More information at Security Affairs

Anti-phishing Security Checks in the Gmail App for iOS

Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox. The company has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will display a warning about potential phishing attempts when users click on a suspicious link from within the app on their iPhone or iPad.

» More information at Gmail

Further Reading

Backdoor Found in Popular Server Management Software

» More information at The Hacker News

Cybercriminals Hijack Chrome Extensions and Put 4.7 Million Users at Risk

» More information at Security Affairs