In-brief: IBM researchers say they discovered a flaw in an SDK from the cloud storage firm Dropbox that could result in Android users accidentally sending their data to a Dropbox account controlled by a malicious actor.
Web
Was Malware Behind A Billion Dollar Heist?
In-brief: The New York Times reports on a massive online heist involving more than 100 banks worldwide and losses of between $300 million and $1 billion, according to the security firm Kaspersky Lab.
Ghost Vulnerability Replays Third Party Code Woes
In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
FTC Report on Internet of Things Urges Security and Privacy Protections
In-brief: The FTC issued a report on Tuesday that provides guidance to U.S. businesses on protecting consumers’ privacy and security in the design and deployment of “Internet of Things” devices.
N.S.A. Breached North Korean Networks Before Sony Attack – NY Times
The New York Times claims that the U.S. National Security Agency used intelligence gleaned from a clandestine operation to compromise North Korea’s cyber warfare unit to pin the blame for the Sony Pictures Entertainment hack on the reclusive Communist country. According to the story by David Sanger and Martin Fackler, the Obama Administration’s decision to quickly blame the hack on the DPRK grew out of a four year-old National Security Agency (NSA) program that compromise Chinese networks that connect North Korea to the outside world. The classified NSA program eventually placed malware that could track the internal workings of the computers and networks used by the North’s hackers and under the control of the Reconnaissance General Bureau, the North Korean intelligence unit, and Bureau 121, the North’s hacking unit, which mostly operates out of China. It has long been recognized that North Korea, which lacks a mature information technology infrastructure, does much of […]
