This Week In Security 18 (SpyEye, Ransomware Tools, Oracle, US DOE, MIT and FBI)

DZone 's Guide to

This Week In Security 18 (SpyEye, Ransomware Tools, Oracle, US DOE, MIT and FBI)

From the FBI doling out $1M to hack an iPhone to MIT offering bounties for bugs, this week in security is really interesting.

· Performance Zone ·
Free Resource


Hamza Bendelladj and Aleksandr Andreevich Panin have been sentenced to 15 and 9.5 years repsectively for developing and distributing the SpyEye virus. They are said to have caused $1B in damages around the globe and to have infected over 50 million computers.

Read more here

Mac Ransomware

Generic ransomware detection come to Mac OS X thanks to researcher Patrick Wardle from Synack. The tool continually monitors the filesystem looking for untrusted processes using encryption to rapidly encrypt files.

Read more here

Oracle Critical Update

136 vulnerability fixes in 46 products, 7 of which can be found in JavaSE, JavaSE Embedded, JRockit, Solaris and MySQL which allowed remote [unauthorized] exploitation.

Read more here

US Energy Bill includes Cyberattack Provisions

The Department of Energy DOE has been given the powers by the Senate to instruct the electric companies on how to proceed in the event of a cyber attack as well as granting funding for research in the field.

Read more here

MIT Bug Bounty Program

After Uber and Hack the Pentagon, MIT is now offering Bug Bounties. Recently, I watched a very interesting talk about the two sides of the coin of offering Bug Bounties. If the bugs are sparse then it can be extremely effective. However, if they are dense then it can be equally dangerous, because from the moment of dicsovery until the rollout of a patch there is a lot of Zero Day issues waiting to happen. Lets hope they are sparse.

MIT Bug Bounty program is however only open to MIT affiliates, so that should at least reduce some of the risk.

Read more here

FBI iPhone Hack

On a similar line to the article above the FBI have paid some unknown third party over $1M for a hacking tool to access the iPhone of the San Bernardino shooters. This tool is essentially a zero-day bug that they paid a bounty for, previously the debate was related to if Apple should put a back door in their security, now the debate is the FBI justified paying bounties for vulnerabilities to access our data?

Read more here or here

Heathrow Drone

At London Heathrow a drone crashed into a landing Airbus without any injuries. The drone hasn’t been found but the pilot said an object he believed to be a drone hit the front of the plane.

Read more here

cyber security, cyber threats, ransomware

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}