This Week in Cybersecurity News
Bank-card-sniffing Shop Menace Punkey Pinned Down in US Secret Service Investigation by John Leyden, The Register
Security researchers have identified a new strain of POS malware during an investigation led by the US Secret Service. The malware, called Punkey, hides inside the explorer.exe process on Windows POS systems and once activated, scans the memory of other running programs for card holder data before uploading the data to a command and control server.
Windows Vulnerability can Compromise Credentials by Jeremy Kirk, IDG News Service
A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials. The flaw affects any PC, tablet or server running Windows and could compromise as many as 31 software programs. The vulnerability is called “redirect to SMB” and can be exploited if an attacker can intercept communications with a web server using a man-in-the-middle attack.
FighterPOS Malware Strikes Over 100 Terminals in Brazil, Captures Info for 22K Cards by Danielle Walker, SC Magazine
Recent POS malware attacks targeting more than 100 terminals in Brazil are believed to be the handiwork of a single person who managed to steal more than 22,000 unique credit cards numbers in a little over a month. In addition to collecting credit card track 1, track 2 and CVV codes, the malware called FighterPOS also features RAM scrapping functionality and allowed threat actors to launch DDoS attacks.
Apple Patches ‘Darwin Nuke’ Other Security Flaws with New OS Releases by Jai Vijayan, Dark Reading
A flaw in the kernel of Darwin, the open source components on which iOS and OS X are built that allowed attackers to remotely activate denial-of-service attacks has been patched by Apple. The flaw known as “Darwin Nuke” could also damage a user’s Mac or iOS device and impact any corporate network to which it’s connected. Users should update to the new OS X Yosemite v10.10.3 and iOS 8.3 to receive the patch.
Meet “Great Cannon,” The Man-in-the-Middle Weapon China used on GitHub by Dan Goodin, Ars Technica
A tool dubbed the “Great Cannon” has been used by the Chinese government to launch a massive denial-of-service attack against two anti-censorship GitHub pages. The tool could also be used to install malware on end users. The junk traffic came from computers of people who browsed websites containing analytics software from the Chinese search engine Baidu. One to two percent of the visits from people outside China had malicious code inserted into their traffic that caused the two targeted GitHub pages to repeatedly load.
ICYMI Threat Geek Post of the Week: Fidelis Threat Advisory #1016: Pushdo It To Me One More Time