Doug Vitale Tech Blog

January – February 2017 News Archive

Fast Food Chain Arby’s Acknowledges Breach

Krebs, 17 Feb 2017 – Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its locations nationwide. Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted. [More]

Cryptographers Dismiss AI, Quantum Computing Threats

ThreatPost, 14 Feb 2017 – Cryptographers said at the RSA Conference Tuesday they’re skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security. The discussion was steered by a report recently released by the Global Risk Institute on the emergence of quantum computing technologies. In it, the organization postulated there was a 50 percent chance that fundamental public key cryptography tools could be broken by 2031. [More]

Pentagon hackers-for-hire take just 4 hours to find critical vulnerability

Digital Guardian, 14 Feb 2017 – The Defense Digital Service wanted to hire outside researchers to root out vulnerabilities in systems carrying sensitive department data — but without worrying about compromising the data, or getting the researchers in trouble. The researchers found their first critical vulnerability in four hours. [More]

Judge not the breach, but the response

Digital Guardian, 10 Feb 2017 – Historically, companies have worked hard to avoid data breaches – fearful of the bad publicity that would almost certainly accompany them. But, increasingly, the fact of a breach matters less than how a company responds to it. [More]

“Fileless” attacks against enterprise networks

SecureList, 8 Feb 2017 – During an incident response we found that memory-based malware and tunnelling were implemented by attackers using Windows standard utilities like SC and NETSH. This threat was originally discovered by a bank’s security team after detecting Meterpreter code inside the physical memory of a domain controller. Kaspersky Lab participated in the forensic analysis after this attack was detected, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker’s C2. [More]

2016 DDoS Attack Report Shows Record Breaking Data for the Year

Kaspersky, 2 Feb 2017 – Kaspersky Lab is announcing the availability of its latest Q4 2016 DDoS Intelligence report, which shows significant advances in DDoS attacks in from October – December of 2016 and record breaking numbers for the longest attack and number of attacks in one day. Methods are becoming more and more sophisticated and the array of devices being harnessed by botnets are increasingly diverse, while the attackers show off their capabilities by choosing bigger and more prominent targets. [More]

Time to stop using antivirus

Ars Technica, 27 Jan 2017 – Back in June last year, Google’s Project Zero found 25 high-severity bugs in Symantec/Norton security products. “These vulnerabilities are as bad as it gets,” said Tavis Ormandy, a Project Zero researcher. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. [More]

Everything You Need to Know About 5G

IEEE Spectrum, 27 Jan 2017 – Today’s mobile users want faster data speeds and more reliable service. The next generation of wireless networks—5G—promises to deliver that, and much more. With 5G, users should be able to download a high-definition film in under a second (a task that could take 10 minutes on 4G LTE). And wireless engineers say these networks will boost the development of other new technologies, too, such as autonomous vehicles, virtual reality, and the Internet of Things. [More]

Student charged in password malware incidents

IT World Canada, 6 Jan 2017 – A 19-year old University of Alberta student is facing numerous criminal charges after password-harvesting malware was discovered on 304 of the institution’s computers. The university said it identified 3,323 students and staff whose university passwords were potentially affected. [More]


Written by Doug Vitale

April 2, 2017 at 6:39 PM

%d bloggers like this: