Monthly News Roundup - January 2015 (TL;DR)

img_2015-01-06_SC-Computing

NEWS

Did you keep your New Year’s resolution to strengthen your firm’s network security? In case you needed more incentive to make that happen, here are the most alarming InfoSec news highlights from the first month of 2015:

  • FBI Warns Of A New Scam: Federal authorities are worried about a new scam that tricks companies into paying fake invoices. This inventive form of digital fraud has been dubbed the Business E-mail Compromise Scam (BEC). Criminals send emails with seemingly legitimate invoices from senior execs or responsible vendors. The payment links in these messages connect directly to criminals’ bank accounts. To pull off this scam, crooks often hack into the browsers of unsuspecting employees when they are outside their company’s firewall.
  • Insurance Company Sues Web Designer For Security Breach: Travelers Insurance has sued the website designer of Alpine Bank after the financial institution fell prey to a data breach. According to Travelers, Alpine was susceptible to the costly breach because the designer failed to maintain patches and adequate encryption on the bank’s website. It makes us wonder what kind of liability insurance website designers might need in the future. Maybe Traveler’s will sell it.
  • Zero-Day Vulnerability in Flash Player: In January, an independent researcher announced the discovery of a dangerous vulnerability in Flash Player. The potential threat involves the Angler exploit kit. These kits use browsers and plug-ins as a point of entry to install malware on innocent users’ machines. Adobe said it is investigating the problem.
  • CENTCOM Twitter and YouTube Accounts Hijacked: In a frightening display of vandalism, terrorist sympathizers briefly took over a Twitter and YouTube account of the U.S. Central Command (CENTCOM). Although CENTCOM’s operational military networks remained intact, the incident is a reminder that social media isn’t just a tool for marketing. It also presents a vulnerability. Locking down browser access to those accounts should be a top priority for any organization.
  • AOL Ad Network Exposes Users to Malware: Visitors to Huffington Post and other AOL-owned sites may have been exposed to ransomware. The nefarious downloads were distributed through two of AOL’s subsidiary ad networks. These networks unwittingly allow illicit ads, which victimize innocent visitors. Without taking any action, these visitors’ browsers were redirected to landing pages where a series of exploit and trojan installations would lock the computer and demand a ransom.