SOC Monkey - Week in Review - 4.6.2012

Blog Post created by socmonkey on Apr 6, 2012

Welcome back to my weekly wrap up of trending stories displayed on my SOC Monkey App, which as I've mentioned, is free in the Apple App Store.4_5_12.jpg Go! Download!


This week, one of the top stories was the Flashback Trojan and the unpatched Java Vulnerability in Mac OS X. The top tweet comes to us from Ars Technica: Flashback trojan reportedly controls half a million Macs and counting and further erodes the reputation of Apple being hacker proof. If you'd like a quick way to check to see if your java is exploitable to CVE-2012-0507, you can check out this cleverly named site: Is Java Exploitable? by our own Marcus J. Carey, and update accordingly. Apple, to their credit, has also released a fix for this vulnerability, albeit after the press picked up and started to run with Flashback.


Next on the Monkeyfeed is privacy, my own personal hot button issue, and a Wired article that takes another look at Google's evolving policies: On Profiling, And Google's Big Double-Cross. Google's ongoing battle with Facebook for the true gold of the Internet, your personal data and preferences, has led them to create a single profile that will pull in data from all your devices that use Google technology. While Ryan Singel, the author of this article, finds this to be the next step before big brother data consolidation, I still find it to be relatively benign. Granted, I anonymise a great deal of my traffic, and I'm aware of what data Google actually knows about me (note: Monkey is not my real last name), but I don't yet see the danger.  Where do you stand on this issue?  Am I too laid back or is Ryan too worried - let me know what you think.


My next hit is one of those good news/bad news articles: Microsoft to sew up 11 security vulnerabilities next week - SC Magazine. Patch Tuesday next week shows Microsoft releasing six patches, so the good news is that the overall number of issues is very manageable. The bad news?  Of the six patches, four of them are critical, and involve remote code execution. The advice round the Monkeyhouse this weekend, is to maybe dust off a different browser if you're an IE user until Tuesday, and keep an eye on your MSOffice docs as well.


Next, a story about China, and hackers, but probably from a slightly different angle than what you're used to:  Hacker claims breach of Chinese defense contractor| Reuters. This story is still a work in progress, as the documents that a LulzSec hacker has reportedly stolen from a Chinese defense contractor have not been verified as of yet. Reading the statements of the purported hacker, Hardcore Charlie, he says he's planning on doing some more hacking of various other Chinese companies. We're all used to seeing Hacktivism articles focused on mostly Western Companies, but it seems like China might be getting more of a taste of its own medicine.  I assume we're going to be seeing more of this in the near future.


A few other items that caught the Pips' attention this week are included here below:

New Android Malware Variant Can Remotely Root Phone | Threatpost

Rogue BYOD devices in your enterprise - RSA day one | ESET ThreatBlog

FBI nets cyber informants with hacktivist sting - Nextgov


There's seven links for your browsing pleasure.  As always, give me some feedback below as to what you found most important this week, and I'll leave you with this: Reddit: Explain like I'm 5 - Computer Viruses, because it's actually a pretty fun read with some excellent articles linked.  It's also moving it's way up the SOC Monkey Charts, so I'm assuming a great deal of you readers might be contributing to this thread.


See you next week, same MonkeyTime, same MonkeyChannel,