Reboot It! Episode 49 - with Bill Gardner and Benny Karnes - Russia Did It (Not China This Time)

Upcoming Conferences

SecureWV/Hack3rCon
When: November 18-20
Where: Charleston, WV
http://securewv.com/ 
CFP is Open!
Tickets are on sale!
Looking for Sponsors!

DerbyCon 6
When: September 21-25, 2016
Where: Louisville, KY
http://derbycon.com
CFP is Open!

Marshall University Digital Forensic Cyber Camp (June 28-30)
http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-June-28-30-P1.aspx
Marshall University Digital Forensic Cyber Camp (July 12-14) http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-July-12-14-P3.aspx

Python Coding Camp kicks off July 6 - The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) Huntington
Learn to solve puzzles and create games!

The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) is presenting a three-day camp for middle school and  high school students who are interested in learning computer coding. Join us July 6 – 8 from 1:30 to 4:30 p.m. daily as we introduce campers to Python (programming language). Campers will use it to create games and solve puzzles under the guidance of Bill Gardner, an Assistant Professor in the Digital Forensics and Information Assurance Program at Marshall University.

The cost is $60 for each camper and includes a copy of Python for Kids: A Playful Introduction to Programming.

Register here: http://www.rcbi.org/index.php/component/chronoforms5/?chronoform=Python%20Coding%20Camp
Or call 800.469.7224 for more information. 

 

Stories
Microsoft creates its own FreeBSD VM Image for Azure Cloud Computing Platform
http://thehackernews.com/2016/06/microsoft-azure-freebsd.html

This year, Microsoft impressed the world with 'Microsoft loves Linux' announcements, like developing a custom Linux-based OS for running Azure Cloud Switch, selecting Ubuntu as the operating system for its Cloud-based Big Data services and bringing the popular Bash shell to Windows 10.

Now, the next big news for open-source community:
Microsoft has released its own custom distribution of FreeBSD 10.3 as a "ready-made" Virtual Machine image in order to make the operating system available directly from the Azure Marketplace.

Microsoft to acquire LinkedIn for $26.2 billion in cash
http://www.reuters.com/article/us-linkedin-m-a-microsoft-idUSKCN0YZ1FP?feedType=RSS&feedName=topNews&utm_source=twitter&utm_medium=Social

Microsoft Corp (MSFT.O) said in a blog post it agreed to buy LinkedIn Corp (LNKD.N) for $26.2 billion in cash.

By connecting widely used software like Microsoft Word and PowerPoint with LinkedIn's network of 433 million professionals, the combination could enable Microsoft to add a suite of sales, marketing and recruiting services to its core business products and potentially challenge cloud software rivals such as Salesforce.com Inc..

"LinkedIn and Microsoft really share a mission" of helping people work more efficiently, said Microsoft CEO Nadella in a conference call with analysts. "There is no better way to realize that mission than to connect the world's professionals."

The offer of $196 per share represents a premium of 49.5 percent to LinkedIn's Friday closing price.

Microsoft and LinkedIn: Together Changing the Way the World Works
https://blog.linkedin.com/2016/06/13/microsoft-and-linkedin

Today we are excited to share that LinkedIn has entered into an agreement to be acquired by Microsoft. We are joining forces with Microsoft to realize a common mission to empower people and organizations. LinkedIn’s vision – to create economic opportunity for every member of the global workforce – is not changing and our members still come first.

Our companies are the world’s leading professional cloud and network. This deal will allow us to keep growing, investing in and innovating on LinkedIn to drive value for our members and our customers. Our members will continue to develop their skills, find a job and be great at that job, using our platform. We will continue to help our customers hire top talent, market their brand, and sell to their customers.


Jigsaw ransomware uses live chat to relay payment instructions
https://www.grahamcluley.com/2016/06/jigsaw-ransomware-uses-live-chat-relay-payment-instructions/

Some new variants of Jigsaw ransomware are now relaying payment instructions to their victims via a live chat feature.

Back in mid-April, researchers first came across Jigsaw. Variants of this ransomware family target 240 different file extensions, encrypt all relevant files with AES encryption, and append a .FUN, .KKK, .GWS, or .BTC extension to them.

Jigsaw demands $150 in exchange for the ransom key.

But this crypto-ransomware is not a passive captor of affected users' files.

The malware displays two things to a user once it has successfully infected a machine: a ransom message and a countdown timer starting at 60:00.

Fortunately, researchers were able to develop a free decryption tool for users affected by Jigsaw. The ransomware authors tried to circumvent that utility by rebranding Jigsaw as CryptoHitman, adding a new lockscreen, and appending .PORNO to all encrypted files. But they didn't fool researchers. They simply updated their decryptor.

Morgan Stanley Agrees to Pay $1 Million for Failure to Protect Client Data
http://www.metacompliance.com/blog/morgan-stanley-agrees-to-pay-1-million-for-failure-to-protect-client-data/

The global financial services firm Morgan Stanley has agreed to pay one million dollars for its failure to protect approximately 730,000 of its clients' information.

As reported by SecurityWeek, the Securities and Exchange Commission (SEC) said on Wednesday that Morgan Stanley "failed to adopt written policies and procedures reasonably designed to protect customer data," an oversight which allowed an employee of the bank to steal customer data.

The former employee, Galen Marsh, joined Morgan Stanley back in 2008. Three years later, he realised he could exploit a programming flaw that enabled him to run reports on all Morgan Stanley customers.

The Wall Street Journal writes that Marsh ran approximately 6,000 searches on bank customers, about a third of which were unauthorised, through 2014. The former employee then decided to transfer the information of about 730,000 customers through a personal website to a personally owned server, which was ultimately hacked by a third-party.

"Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information," said Andrew Ceresney, director of the SEC Enforcement Division, as quoted by USA Today.

Marsh pleaded guilty to obtaining unauthorised access to a computer. In December of 2015, he was sentenced to 36 months of probation and a $600,000 restitution fine.

The SEC said Morgan Stanley violated Rule 30(a) of Regulation S-P by failing to conduct a recent audit of its authorisation systems, which it claims would "likely have revealed the deficiencies." It went on to say that the bank did not monitor or analyse employee access to portals containing sensitive data.

 

Symantec grabs Blue Coat Systems for $4.65 billion
http://techcrunch.com/2016/06/13/symantec-grabs-blue-coat-systems-for-4-65-billion/

Symantec announced over night it had purchased Blue Coat Systems for $4.65 billion with the hopes of creating an enterprise security juggernaut.

As part of the deal, Blue Coat CEO Greg Clark will take over the same role at Symantec. The company has been operating since April without one when Michael A. Brown stepped down.

It was a stunning turn of events for Blue Coat, which was sold just last year to Bain Capital for $2.4 billion. By all reports, Bain intended to take Blue Coat public this year until they received and overwhelming offer from Symantec.

Bain makes a tidy profit off of the deal just a year after buying Blue Coat and intends to take $750 million of the proceeds and plow it back into the combined business.

With Blue Coat, the two companies are combining to create an enterprise security giant. The fact is what you have is two large companies with lots of customers and revenue, but that are under pressure from an increasingly competitive security market, hoping that the combined entity can do better than they could alone.

“Together, we will be best positioned to address the ever-evolving threat landscape, the massive changes introduced by the shift to mobile and cloud, and the challenges created by regulatory and privacy concerns,” Dan Schulman, Chairman of Symantec said in a statement.


DeRay Mckesson’s Twitter account hacked with just his name and four digits
https://nakedsecurity.sophos.com/2016/06/14/deray-mckessons-twitter-account-hacked-with-just-his-name-and-four-digits/

It’s a whole lot out of character for Black Lives Matter activist and politician DeRay Mckesson to proclaim support for Donald Trump.

But on Friday morning, as his friends informed him, Mckesson’s Twitter feed started spewing Trump endorsements and proclamations that “I’m not actually black.”

Of course, it turned out that Mckesson’s Twitter account had been hijacked.

That’s not terribly surprising, in lieu of the fact that 33 million Twitter logins were put up for sale last week.

In fact, he was doing what security people, and Twitter, tell people to do: he was using two-factor authentication (2FA) to protect his account.

Yet still, in spite of good security hygiene, as has happened to plenty of celebrities before him – Mark Zuckerberg being the latest – somebody managed to take control of Mckesson’s account.

After he regained control of his Twitter account, he explained that the attackers managed to do the deed by convincing Verizon to reset his SIM. That way, the hijacker or hijackers managed to set it up so they could intercept text messages intended for Mckesson and thereby bypass the 2FA that otherwise should have kept his account secure.

Related article: Your mobile phone account could be hijacked by an identity thief


Russian government hackers penetrated DNC, stole opposition research on Trump

https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

A Russian Embassy spokesman said he had no knowledge of such intrusions.

Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said.


Chrome Bug Enabled Crooks to Send Malicious Code to Your Browser as PDF Files
http://news.softpedia.com/news/chrome-bug-enabled-crooks-to-send-malicious-code-to-your-browser-as-pdf-files-505068.shtml

Google has recently patched a high severity security bug in the Chrome browser that allowed crooks to send malicious code to your browser and take over your entire system.

The issue, tracked by the CVE-2016-1681 identifier, affects the browser's built-in PDF reader called PDFium.

Google patched the issue with the release of Chrome 51.0.2704.63, released on May 25. In the meantime, Chrome released another wave of security updates at the start of June.

Cisco's Aleksandar Nikolic was the researcher that discovered and reported the issue to Google, who even awarded him $3,000 for his efforts.

According to the researcher's account, the issue was discovered six days earlier, on May 19, and Google's team fixed it right away.

Nikolic says that CVE-2016-1681 allowed attackers to embed a JPEG2000 image inside a PDF file, which when opened inside a vulnerable Chrome browser, would have triggered a buffer overflow that enabled the threat actor to run arbitrary code on the victim's machine.

The actual vulnerability was not in Chrome or PDFium, but in the OpenJPEG library that parses JPEG2000 files before being displayed inside the browser.