Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Anonymous not only launched a campaign to take down the sites of known ISIS involvement, they published a how-to guide for anyone who wants to help hack ISIS. Microsoft spent $1b to make the enterprise software more secure. South Korea’s antitrust staff has alleged that Qualcomm’ patent-licensing practices for computer chips are illegal. Lastly, the newest malvertising campaign is automatically redirecting users to casino website that then deliver “drive-by-downloads” to the unsuspecting user.
In the days since #OpParis began, various groups within Anonymous have claimed to have identified tens of thousands of Twitter accounts and taken them offline, as well as targeting some ISIS-related websites, including one that it claims was a recruitment site for the terrorists, which is now permanently offline. According to the official Twitter account for the campaign, the group’s next plan is to spam ISIS-related Twitter hashtags — and it is currently running a poll to find out whether to rick-roll the accounts or spam them with a “pool is closed image.”
In his first moves on cybersecurity in nearly two years as Chief Executive Officer, Satya Nadella is building a dedicated site and assembling a new group of experts to help Microsoft Corp. respond faster to threats across its various products. Microsoft, whose software and operating systems run the vast majority of personal computers, has been working to bulk up cybersecurity features as it seeks to boost sales in cloud and productivity products.
Qualcomm Inc. said the staff of South Korea’s antitrust agency has alleged that some of the U.S. chip maker’s patent-licensing practices are illegal and recommended that the company be fined. Qualcomm said it plans to vigorously defend against the allegations before the commission, which it said must approve any action against the company.
Researchers at Malwarebytes identified a large malvertising campaign that is automatically redirecting users to casino websites that are being used as decoys to perform “drive-by-downloads” of Angler Exploit Kits.