BellTroX says it just helped out some private eyes. Honda’s incident investigation continues. SEO for crime. Patch Tuesday notes.
Sumit Gupta, founder of BellTroX, the Indian company Citizen Lab named in its report on hackers-for-hire, told Reuters he did nothing wrong: all BellTroX did was help private investigators access email accounts when BellTroX was given credentials to those accounts.
Honda continues its investigation of the incident it sustained over the weekend. The Japan Times reports that domestic production has resumed, but that as of yesterday the company had advised its employees in Tokyo and some other Japanese offices to avoid using Honda’s internal networks. According to TechCrunch and other outlets, the incident was an attack using the Snake (also called "Ekans") strain of ransomware.
Avast describes a criminal campaign that uses search engine optimization tools to draw victims to malicious sites using promises of prizes (the promises often festooned with images of falling confetti).
Yesterday’s Patch Tuesday was a heavy one. Intel fixed twenty-two bugs, two of which, in its Active Management Technology, are rated critical. BleepingComputer says that Microsoft's patches amounted to the largest set ever: a total of one-hundred-twenty-nine fixes. KrebsOnSecurity assesses three issues with Microsoft Server Message Block as among the most troubling. Sophos points out that a majority of the issues Microsoft addressed (a "whopping sixty-nine") involved the risk of escalation of privilege exploitation. Adobe patched problems with Framemaker, Experience Manager, and Flash Player.
The Wall Street Journal reports that the latest settlement in Equifax's 2017 breach, $30.5 million, will mostly go toward a requirement that Equifax invest $25 million in upgrading its own security.
Gloss