CyberSecurity Pulse 2017-08-21
|“It’s not that I’m so smart, it’s just that I stay with problems longer.”|
Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network
Coco is an Ethereum-based protocol which has been designed to help commercial companies and large-scale enterprises process information on the Ethereum Blockchain with increased privacy. "Coco presents an alternative approach to Ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect", Mark Russinovich, the CTO at Microsoft Azure said in an official statement.
The framework can be integrated with a number of popular open source blockchain networks and distributed ledgers, including Ethereum, R3's Corda, Intel's Hyperledger Sawtooth and JPMorgan's Quorum. Since Blockchain transaction speed is so slow that it can only handle a handful of transactions in a second, the company wants the technology to handle a thousand or more transactions per second. Microsoft said Coco framework will be ready by 2018 and will be released as open source software.
DoJ Launches Framework for Vulnerability Disclosure Programs
The US Department of Justice has released a framework to help businesses develop formal vulnerability disclosure programs. More businesses are adopting vulnerability disclosure programs so as to detect security problems that could lead to data compromise and disruption better. The framework, created by the Criminal Division's Cybersecurity Unit, provides a process for designing and administering a program, as well as a set of considerations that could help inform vulnerability disclosure policies.
CAN Bus Standard Vulnerability
NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting the CAN Bus, a broadcast based network standard. According to the public report, which was coordinated with ICS-CERT prior to its public release, researchers Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero identified a vulnerability exploiting a weakness in the CAN protocol that would allow an attacker to perform a Denial-of-Service (DoS) attack.
Rest of the Week´s News
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader
Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it.
Cybercriminals Exploit PowerPoint Slideshow Files to Deliver Malware
In April Microsoft fixed the CVE-2017-0199 vulnerability in Office after threat actors had been exploiting it in the wild. In this sense, hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the Dridex banking Trojan.
Anti-phishing Security Checks in the Gmail App for iOS
Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox. The company has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will display a warning about potential phishing attempts when users click on a suspicious link from within the app on their iPhone or iPad.