This Week In Security 18 (SpyEye, Ransomware Tools, Oracle, US DOE, MIT and FBI)
From the FBI doling out $1M to hack an iPhone to MIT offering bounties for bugs, this week in security is really interesting.
Join the DZone community and get the full member experience.
Join For FreeSpyEye
Hamza Bendelladj and Aleksandr Andreevich Panin have been sentenced to 15 and 9.5 years repsectively for developing and distributing the SpyEye virus. They are said to have caused $1B in damages around the globe and to have infected over 50 million computers.
Read more here
Mac Ransomware
Generic ransomware detection come to Mac OS X thanks to researcher Patrick Wardle from Synack. The tool continually monitors the filesystem looking for untrusted processes using encryption to rapidly encrypt files.
Read more here
Oracle Critical Update
136 vulnerability fixes in 46 products, 7 of which can be found in JavaSE, JavaSE Embedded, JRockit, Solaris and MySQL which allowed remote [unauthorized] exploitation.
Read more here
US Energy Bill includes Cyberattack Provisions
The Department of Energy DOE has been given the powers by the Senate to instruct the electric companies on how to proceed in the event of a cyber attack as well as granting funding for research in the field.
Read more here
MIT Bug Bounty Program
After Uber and Hack the Pentagon, MIT is now offering Bug Bounties. Recently, I watched a very interesting talk about the two sides of the coin of offering Bug Bounties. If the bugs are sparse then it can be extremely effective. However, if they are dense then it can be equally dangerous, because from the moment of dicsovery until the rollout of a patch there is a lot of Zero Day issues waiting to happen. Lets hope they are sparse.
MIT Bug Bounty program is however only open to MIT affiliates, so that should at least reduce some of the risk.
Read more here
FBI iPhone Hack
On a similar line to the article above the FBI have paid some unknown third party over $1M for a hacking tool to access the iPhone of the San Bernardino shooters. This tool is essentially a zero-day bug that they paid a bounty for, previously the debate was related to if Apple should put a back door in their security, now the debate is the FBI justified paying bounties for vulnerabilities to access our data?
Heathrow Drone
At London Heathrow a drone crashed into a landing Airbus without any injuries. The drone hasn’t been found but the pilot said an object he believed to be a drone hit the front of the plane.
Read more here
Opinions expressed by DZone contributors are their own.
Comments