Monday, January 18, 2016

A casino has reported a company because it didn´t remove a virus from its nets

It is one of the first cases that we know, of a company which reports a security company because it didn't do well his work. A Nevada casino wants to bring Trustwave to court because it didn´t remove a virus which stole thousands of data files. Today we also will talk about the Angler exploit, which still infects websites without being undetected; about one new insecurity from the password manager LastPass and about one demonstration: how insecure is disk encryption for hardware.

Affinity Gaming has 5 casinos in Nevada and 6 in the United States. At 2013,  it hired Trustwave after suffering a data robbery of 300.000 credit cards from their customers. The company researched networks from company´s restaurants and hotels, they found a virus and deleted it. But, one year later, the company has suffered a new credit cards robbery. This time it hired Mandiant, which ensured the virus was never removed. And Affinity Gaming has brought it to court. We will see how it finishes.


And today malware is, as it was yesterday, the big Internet plague. A report from Palo Alto Networks advised us about one of the most famous and malicious exploit kits. Angler, used to introduce all types of malwares in its victims, specially the fearsome ransomware. According this report, Angler is not being detected by the main antivirus, which allows it to go on without problems in at least 90.000 websites.


But if we have to choose the news day it won´t be this one, unfortunately too much usual, but a new uncovered vulnerability at password manager LastPass. Sean Cassidy, who has discovered it, called it how LostPass, it is basically a phishing attack. He explains it thoroughly at his web, and although it luckily only works with Chrome, suitable to skip even the double authentication factor.

Hardware encryption

We finish with a white paper suitable only for the most accustomed. It is about disk encryption by hardware which is, according with the authors, as insecure as the encryption by software. This research was presented for the first time in 2012, at the Chaos Communication Congress, and now it authors publish the full research.

And this is how we start the week, with malware and encryption. We will see what kind of new attacks and curiosities will reports us.


Post a Comment