This week’s news saw threat actor/s publishing the D.H.S./F.B.I. data, IRS breach of 101,000 E-File PINs, and the many flaws/vulnerabilities in Oracle, GitHub and Microsoft.  A new T9000 malware can detect security products, record Skype calls, screenshots and text messages to compromise data.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Data Breaches

  1. A group of threat actors that manages a Twitter account, published a list containing information of 9,000 Department of Homeland Security’s employees, including special agents and threaten to publish information of 20,000 F.B.I. Agents.

why is this signficant?

  • Since the OPM breach in June 2015, stolen classified credentials of this degree are a continuous threat and headache for enterprises.
  • The threat actor published how he was able to gain access to an individual’s email within DHS and then send another employee a request for a passkey to access the information that he later exploited.
  • One could speculate if this group of threat actors rode on the coat tails of last week’s published audit on DHS’s very vulnerable intrusion detection protection, EINSTEIN that nearly $7 billion was invested to develop.
  • February 9th- President Obama requested a $19 million budget to put toward cyber investments for fiscal 2017, as well as establishing the Commission on Enhancing National Cybersecurity made up of cyber technologists and entrepreneurs that can advise how to strengthen IT over the next decade.  Hopefully, this advising commission can advise how to dedicate funding that is progressive and does not get another audit that reports a successful detecting rate of only 6 % of security threats and the other 94 % are not detected.


Read the fully story on MotherBoard


2. Threat actors used previously stolen Social Security numbers in an attempt to steal 464,000 IRS E-File PINs, using an automated bot.  The IRS put a stop to their attack, not before the threat actors successfully stole 101,000 E-File PINs.

why is this signficant?

  • In this form of identity theft, a monetary payoff is nearly immediate.  Just merely a month ago there was a man arrested in connection to a University of Northern Iowa data breach where he was able to successfully receive IRS refund/s that were not his.  This opened a larger investigation that led investigators to a bigger operation that was falsely being ran by an automative company out of Georgia.  These types of crimes put a bigger question mark on “Where is my IRS refund?”
  • This was not the first time that the IRS had a data breach.  In August 2015, there was a similar IRS breach announced, affecting the IRS’s Get Transcript system that had a reported 334,000 victims.

Read the full story on CSOOnline

Flaws & Vulnerabilities

This week was flooded with an emergency patch from Oracle, GitHub reports on their valuable bug bounty program established 2 years prior and 36 flaws fixed for Microsoft.

why is this signficant?

The list of flaws below include capabilities that could in some cases cause total compromise of devices.

  • CVE-2016-0603 is the vulnerability that if a gullible user is persuaded to a compromised website before installing Java, 6,7, or 8 could then consequently cause a “total compromise” of devices.
    Read the full story on The Register
  • GitHub established a very successful bug bounty program, and has fixed 102 of the medium to high severity vulnerabilities that they dispersed over $95K to over 58 researchers.  GitHub cherry picked these from the 1,172 bug reports.
    Read the fully story on The Register
  • The second batch of patches Microsoft released fixes 36 flaws in IE, Edge, Office, Windows, .NET Framework.
    Read the full story on CSOOnline

New Malware

A new variant of T5000 was discovered dubbed T9000 by researchers at Palo Alto.  T9000 can detect security products, record Skype calls, screenshots and text messages to compromise data. 

why is this signficant?

  • T9000 has the ability to identify a potential 24 security products and can alter its installation accordingly. 

  • T9000 exploits CVE-2012-1856, and CVE-2015-1641, both rated as critical by MS. In particular, CVE-2015-1641 was patched only last April.  

** enSilo protects against T9000 malware **

Read the fully story on ZDNet

Malware Flashback

Take a trip down malware memory lane with this archival malware museum piece, taking cyber fans back to 1980’s & 1990’s malware. 

Read more on BBC