late_night_government_worker.jpg

This week hit a few sensitive strings with zero-days. Twitter releases warnings of government sponsored intrusions involving users’ accounts, a few good vendors release their mass of vulnerabilities and the F.B.I.’s Director reveals their usage of zero days.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

 

Nation-State Attacks

Twitter sends its users a cautionary email stating that their account may have been involved in a hacking scheme, “state-sponsored" by a government.

Why is this signficant?

  1. Twitter is investigating the extent of these potential hacking occurrences and will not release more information at this time.
  2. There is not any confirmation as to which country/ies are responsible for such attacks, but a worrying concern is that these attacks will reveal real users who purposefully hid behind the cloak of an assumed Twitter account. 

Receive the full story on Wired

Vulnerabilities

It was an active week in disclosing vulnerabilities, 273 vulnerabilities from 4 vendors being reported.

Why is this signficant?

  1. Apple is number one on the list with a total of 104 vulnerabilities, second is Adobe with 79 , Microsoft with 71 and Google with 19.            
  2. These are the vulnerabilities that the security community (researchers, vendors and end-users)  know about. While security researchers work towards disclosing these vulnerabilities, we need to keep in mind that the threat actors are digging deep into system internals to find further vulnerabilities. 
  3. To quote the founder of White Hat Security , Jeremiah Grossman "we should realize one sobering fact: we're all just one zero-day away from compromise...”
  4. The second sobering fact? While all vendors are urging to patch the reality is that applying a patch is a tedious and lengthy process leaving the systems exposed to now-known vulnerabilities.

Read the full story on SC Magazine

Government's Role

The F.B.I.’s James Comey confirms using software vulnerabilities in obtaining their intelligence.  On the same page, threat actors are using these same 0-day exploits in obtaining information in a cyber criminal manner. 

Why is this signficant?

  1. This confirmation brings light to Edward Snowden’s revelations that seemed so far-fetched in 2013. 
  2. This sets as a reminder that these government backdoors essentially lower the entrance barrier to cyber-criminals..

Read the full story on DarkReading