Buhtrap Group has targeted Russian Banks
Russian banks are on target of Buhtrap attacker group by applying spear phishing technique. According to Russian security IB group report, such phishing mails contains word file that enable spyware infection. After accessing the PC system, spyware can open a backdoor, log keystrokes, change screen, steal clipboard data and perform malware installation. Around 21 Russian banks are on target of this malicious group. From August 2015 to February 2016, Buhtrap targeted around 13 Russian banks and stole 1.8 billion rubles. Once they get access, they replace original transaction with fake transaction that redirects money to own accounts.
Software bug were on rise in 2015
Security researcher Secunia in 2015 has found 16,081 vulnerabilities in around 2,484 software applications belonged to 263 vendors in its 2016 vulnerability review. If we compare the ratio with 2014 then there is 2% increase in vulnerabilities. Most critical bugs were categorized in less critical (45.6% ratio), moderately critical (25.5%), highly critical (13.3% ratio) and extreme critical (0.5%) bugs. There were 57% of bugs could be exploited from a remote network while 35% of bugs could be exploited from local network. The rest (8%) of exploits needs victim’s computer.
HTTPS and Encryption Usage is added in Google Transparency Report
Google has added a new section of HTTPS and encryption usage in Transparency Report. The new HTTPS section will give detail on the HTTPS support for Google products. The new section will also consider state of HTTPS support on Alexa top 100 sites including the result of periodical reports. Google HTTPS transparency has reported only 21 sites have perfect score like Yahoo, Facebook, Twitter, Tumblr, Reddit, etc. Google Transparency report offers certificate transparency checker to allow users to confirm the SSL certificate validity.
The USA and the Israel agreed on Cyber cooperation
According to Army technology, the US Department of Defense and Israeli Ministry of Defense have increased cyber defense cooperation between two nations. To boost cooperation on cyber issues, there was a meeting between US defense secretary and Israel defense minister to discuss the importance of the US-Israel defense relations, situation in the Middle East. The USA will also deploy he US National Guard’s cyber squadrons against ISIS.
Malvertising Campaign targeted famous websites
Security firms have discovered a malvertising campaign that has targeted famous websites with malicious ads. Famous sites like The New York Times, BBC, MSN, and AOL were victim of this campaign. Cyber culprits have used Angler Exploit kit to hijack the ad network and deliver ransomware to site visitors. This malicious campaign was first reported on Malware don’t need coffee, they have seen a spike in malicious traffic in a weekend. Cyber crooks used recently expired domain and bypassed security checks as the traffic over such domain appear legitimate.