BF-SIRT INTERNAL NEWSLETTER #3
Year – Week: 2013 – 07
Bit9, the security company that is used by many Fortune 100 firms and the U.S. Government for their software and network security was compromised last Friday. The attackers compromised Bit9’s network by gaining entry to some computers inside the Bit9 network where they had unfortunately forgot to install their own software. Said attackers then signed certain malware as “safe”, which gave them the ability to deploy malware on the target, which was protected by Bit9. It was also found out that an exploit had been sitting on one of LA Times Websites for six weeks, redirecting users to a Blackhole exploit kit. This reiterates the importance of doing continuous security and vulnerability checks on your websites.
Two-factor auth means additional security in the way that you have more than one authentication factor, and you are already using it today with your bank (in order to get money out of the ATM you need to input both a Card and a PIN code). You can enable two-factor authentication on a lot of services such as Google/Gmail, Lastpass, Facebook, Dropbox, Yahoo! Mail, Amazon Web Services and WordPress, and its advised to do so. Of course, using two factor auth does not mean you’re complete safe though as you could for example become the victim of a Man In The Middle attack, so continue being careful after you have activated it.
You can find information on how to enable two-factor authentication here: http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now
Kids ‘using coding skills to hack’ friends on games, expert says
Montana TV warns of ZOMBIE ATTACK in epic prank hack
Adobe Flash Player 0-day and HackingTeam’s Remote Control System
Japanese “cat hacker” suspect caught
iOS 6.1 Hack allows iPhone lock screen bypass