Friday Five: 8/14 Edition (2015)
Your weekly roundup of information security news.
Happy Friday! Close out the work week with our picks for the hottest articles from the IT and security presses:
- "Tech Firm Ubiquiti Suffers $46M Cyberheist" by Brian Krebs
Ubiquiti Networks, an American technology company which provides wireless networking products, has recently fallen victim to a cyber-heist of $46.7 million. The fraud was discovered in a quarterly financial report. According to Brian Krebs, the fraud employed a tactic commonly known as “CEO fraud” or “business email compromise”; an increasingly popular trick used by hackers targeting businesses who regularly carry out wire transfer payments. To learn more about this cyber-heist, read this article.
- "Apple issues updates for lots of critical holes - patch now! by Paul Ducklin
Security conscious Apple users (myself included) are always eager to install updates as soon as they’re released. If you aren’t usually quick to update, now is a good time to start: just yesterday Apple released a new round of updates for iOS and OS X, including many important security fixes. The updates will patch dozens of security holes, remediating vulnerabilities for attacks including privilege escalation, denial of service, remote code execution, and information disclosure. To learn more about the most recent updates from Apple, read this article.
- "Attackers Use Stolen Credentials to Hack Cisco Networking Devices" by Eduard Kovacs
A warning issued by Cisco ought to have caught your attention this week. The multinational technology company warned that attackers have been using stolen administrator credentials to access Cisco networking devices and install malware. The malware is a spoofed copy of ROMMON, the bootstrap program in Cisco’s IOS networking devices operating system. By gaining privileged access and infiltrating the IOS software, attackers have been able to manipulate activities on those devices. Read this article to learn more about this warning issued by Cisco.
- "The Summer Of Car Hacks Continues" by Ericka Chickowski
This summer has been filled with car hacking headlines and articles, and it does not look like it is going to stop any time soon. A new discovery was introduced this week at the Usenix conference in Washington, D.C.; it is now possible to take complete control over the braking system in many vehicles via SMS text messaging and other mechanisms. To learn about the latest in car hacking, read this article.
- "Lenovo Hit With Criticism Over Second Rootkit-Like Utility" by Dennis Fisher
The “Lenovo Service Engine,” a utility in the basic input/output systems for certain Lenovo desktop systems, has been compared to a rootkit by some users. The reason being that after the reinstallation of a newer version of Windows, the utility software would reinstall itself and install another piece of software immediately after. To learn more about this Lenovo issue, read this article.