Weekly infosec news summary for 2016.12.04 – 2016.12.11
Top stories
Security for the High-Risk User: Separate and Unequal
(link) The Citizen Lab describes attacks against “civil society groups”, which is the term they use for groups such as Tibetan secessionist groups in China who the Chinese government attempts to hack. These groups don’t have security teams or security expertise among the members, and therefore are most successful in defending against hacking by changing their habits. For example, one group, instead of sending each other attachments, will send links to documents in Google Drive which can previewed (therefore no concerns about Office exploits or macros). It also points out phishing attempts to obtain the 2FA codes sent via SMS which are then immediately used by the attacker to log into the account (this same tactic could also be used against TOTP).
Related, Google released a case study this week on their experience with FIDO, which they refer to as Security Keys (link). FIDO defeats the attacks Citizen Lab sees against SMS 2FA, and Google found it to be more usable and of negligible cost.
Business
- Optiv acquired by KKR: Optiv Security (formerly known as Accuvant and Fishnet Security), is being acquired by KKR, an investment firm. Optiv was previously owned by Blackstone, a different investment firm.
Tools
- Nike-Inc/cerberus: Secure property store built on Hashicorp Vault + Consul, made for AWS.
Other reads
- Expedia IT personnel hacked senior execs for inside trading: The SEC alleges that an employee of the Expedia travel company used admin privileges to hack into the computers and email accounts of senior executives to review confidential and pre-earnings reports to trade off of. No information is given as to how he “hacked”, although I would suspect he simply had admin privileges to access all these things. He continued abusing this ability even after leaving the company because he secretly kept a company laptop which he could use to remotely connect to Expedia’s network.
To receive a weekly email notification of this newsletter, email scott@summitroute.com