[inma_display_ads type="banner"]

Intelligence Briefing – Q1, 2015

Health insurance online threats revealed.
Dec. 5 — RiskIQ researchers found that websites hosted by third-party code libraries, external providers and excessive mobile app permissions represent the largest risk to users of health insurance Web and mobile self-service tools, now that providers are investing in Web and mobile app infrastructures to establish new customer touch points.

_____________________________________________________

19 hospitalized, thousands evacuated in “intentional” gas leak at Rosemont hotel.
Dec. 7 — An intentional chlorine gas leak left 19 people hospitalized with symptoms of nausea and dizziness, and evacuated thousands of people for two hours from the Hyatt hotel in Rosemont, Ill., Dec. 7, during an annual convention. Authorities found a substance consistent with powdered chlorine in a stairwell at the hotel and decontaminated the area.

_____________________________________________________

New variant of Neverquest banking trojan targets North America.
Dec. 8 — Researchers with IBM Trusteer reported Dec. 5 that they have observed a new variant of the Neverquest banking trojan being used predominantly against financial institutions in North America, with some additional targets in the media, gaming and social networking industries. The malware has been distributed by drive-by downloads using exploit kits as well as by the Chaintor and Zemot trojan downloaders.

_____________________________________________________

Red October cyberspy op goes mobile via spearphishing.
Dec. 10 — Researchers with Blue Coat and Kaspersky Lab identified and analyzed a cyber-espionage campaign that appears similar to the RedOctober campaign dubbed Cloud Atlas or Inception Framework that has been targeting the Android, iOS and BlackBerry devices of specific users in the government, finance, energy, military and engineering sectors in several countries via spearphishing. The malware appears to be primarily designed to record phone conversations and can also track locations, monitor text messages and read contact lists.

_____________________________________________________

Hackers breached payment solutions provider CHARGE Anywhere — Undetected since 2009.
Dec. 9 — Electronic payment solutions provider CHARGE Anywhere stated Dec. 9 that attackers had gained access to its network as early as November 2009 using a previously unknown and undetected piece of malware and were able to capture payment card data from some communications that did not have encryption. The company discovered the compromise Sept. 22 and an investigation found that network traffic capture occurred between Aug. 17 and Sept. 24.

_____________________________________________________

Moldova: Seven arrested suspected of uranium smuggling.
Dec. 9 — Authorities in Moldova stated Dec. 9 that they arrested seven people for allegedly smuggling seven ounces of uranium-238 mixed with uranium-235 worth around $2 million. An investigation aided by the FBI found that the suspects were part of an alleged smuggling group that had specialized knowledge of radioactive materials and how to prevent their detection while in transit from Russia.

_____________________________________________________

“Critical” security bugs dating back to 1987 found in X Window.
Dec. 10 — The developers of the X Window System for Linux and other Unix operating systems issued patches closing several vulnerabilities that could be exploited to crash the system or run malicious code as the root user after they were identified and reported by a researcher at IOActive.

_____________________________________________________

OphionLocker, the new ransomware on the block.
Dec. 11 — Researchers with Trojan7Malware identified a new piece of ransomware known as OphionLocker that uses elliptic curve cryptography (ECC) to encrypt the data on victims’ systems and demand a ransom to decrypt the files. The ransomware was observed in the wild being spread by the RIG exploit kit in drive-by download attacks. end_icon