White House email service hacked.

White House officials this week publicly admitted that during October of last year, hackers were able to access Obama’s and the State Department’s unclassified emails. This resulted in system administrators shutting down the unclassified email system for a month. Although the hackers were unable to access the classified emails in Obama’s Blackberry, they did access the email archives of people inside the White House. It is because of this second breach that actual classified information may have been leaked. These e-mails include, among other things, schedules, e-mails with ambassadors and diplomats, talks about policy and legislation changes, and information about future personnel deployments.
The attack is believed to have originated from Russia. According to the New York Times, the hack “was far more intrusive and worrisome than has been publicly acknowledged,” partly because the hacker group is presumed to be linked to, or working for, the Russian government. Although the president’s email was not directly breached, it remains unclear just how many of his emails were accessed through the accounts of other staff.

According to online security company FIreEye,this latest attack follows the modus operandi of Russian state-sponsored cyber attacks. The compile times for the malware matches the normal working hours of major Russian cities, and there is a lack of focus on monetary gain. Instead, the attacks focus on acquiring military, government and security information. Previous targets of this particular group, known as “APT28″, include US defense and military contractors and NATO officials.


-Luis Gonzalez.



Dyre Wolf

Dyre Wolf is an ongoing and complex attack that combines multiple types of attacks into one large scam that has managed to make the attackers millions of dollars from companies. The attack consists of an initial spear phishing attack on a company. Contained within the email is an installer that will install the program upatre that is commonly disguised as pdf or some other file type. Once installed the attacker is allowed access to the computer by the installed software. The attacker installs Dyre onto the victims computer which allows the attacker to modify information when he chooses. The attack really ramps up when the victim goes to log into the bank. Dyre allows the attacker to modify the page returned to show a fake phone number and a message telling the user to call the number to resolve the issues. At this point it is up to the attacker to use social engineering to coerce the proper banking information out of the user. Once this happens the attacker will go and transfer the money to an account that is offshore commonly. Then the attacker will run a DDoS attack against the company to try and throw the company off from what happened and slow the companies ability to figure out who the attacker was.

Some steps to help prevent this would include making sure that people know to report anything that seems suspicious. Run mock phishing attacks against your users to help train them to look for the suspicious emails.

Samuel Mosher



IBM X-Force Exchange

The IBM X-Force Exchange is a database of current security information. It compiles found vulnerabilities, known exploits, and malicious IPs. I signed up for the service for free and interface is very sleek and clear looking. The main screen is just IP after IP popping up as dangerous. There is a counter of malicious IPs logged in the last hour and there are over 1,000. Of course 99.9% of them are in the spam category but it looks like every once in a while one is flagged with scanning, malware, or command & control. There are also interest feed like found vulnerabilities, security related blog posts, and recent big topics like China scanning IP’s, PoSeidon POS malware, and IRC botnets. There are options to  add things to “Collections” which let you save reports on IPs to look at later.

IBM claims that their service is “One of the largest and most complete catalogs of vulnerabilities in the world” and that they log 25 billion security events per day. Users have access to over 700 terabytes of raw data, the rate of which will continue to grow the more users there are. The platform is designed to foster communication between security teams at different companies so that everyone can be better protected from cybercrime.

This platform is a big deal in the security community and will help centralized the knowledge gained by professionals. It will thwart a lot of loss sophisticated cybercriminals but the problem is that it doesn’t help against targeted attacks. It is more of a band-aid than a set of armor that keeps companies from falling for the same attack twice.

Ryan Frank




Target: human weakness, not system weakness

In an interview with 60 Minutes, Jon Miller, former hacker who is currently serving as vice president of strategy at Cylance stated that given the current security levels for most companies, 90 percent of them would be vulnerable to such an attack which destroyed 3,000 computers and released sensitive information and proprietary content and he used the example of the cyber attack on Sony.

The Sony hack is one of the many recent security breaches that exposed a mass amount of caches of sensitive data belonging to individuals, corporations, and governments. The hacker group; Guardians of Peace leaked personal information ranging from social security numbers, over 47,000 celebrities, freelancers, and current and former Sony employees. Also, unreleased movies, embarrassing emails between Sony and internal documentation. Not only did Sony experience a data breach, but so did Home Depot, Target, Anthem (insurance provider), and a vast number of high profile businesses. Between the previously named businesses, the combined exposed information affected an estimated total of 246 million people.

Since 2014, the hacks on businesses and government agencies have grown nearly 50 percent from 2013 as there were more than 1,500 data breaches world wide.  http://www.cnet.com/news/in-shift-hackers-want-your-identity-not-just-your-credit-card/

With the outcome and predictability of what may be expected on hacks on systems within businesses and government agencies, professionals state that these hacks aren’t as remote as we’d like to believe and that security is not only about defending the systems, but being on the offensive side. To raise awareness of the security news and issues in today as well as what is expected, we ought to realize that the human weakness is what is targeted, not so much the system weakness. This weakness needs to be assessed and discussed as today’s amount of population is likely to be computer or tech savvy, curiously taking advantage of systems and the user.

Link to article: http://www.cnet.com/news/thousands-could-launch-sony-style-cyber-attack-says-ex-hacker/

Makaya Hicks

Apple Releases ‘Rootpipe’ Patch

Apple released a software patch this past week to address a security hole created by a hidden backdoor API known as Rootpipe. Rootpipe was discovered in October of 2014. It leaves a vulnerability in OS X that has existed since at least release 10.7. The API can be exploited to gain root privileges.

A patch has been released this past week to address the issue. Latest updates to the OS X operating system will include this patch. However, Apple will not be releasing a patch for any system running below version 10.10. Of three billion internet users NetMarketShare data shows that around 3.1 percent of them are using Mac OS versions with the vulnerability, 10.7/8/9 that will not be patched. Forbes estimates that conservatively this will mean that two percent of three billion internet users will remain vulnerable to the exploit, around sixty million computers.

Although the vulnerability was discovered last October it has been part of Mac OS X since 2011 when version 10.7 was originally released. Mac users should update their software as soon as possible to patch this as well as around eighty other security issues.

Jacob R Hooker

Edit: An earlier version of this article misstated the world’s estimated three billion internet users as Mac users and has been updated to correct the error.