Weekly Security Roundup #33: Keeping Up with Cyber Threats & What You Can Do about Them
The cyber security world never stops.
It’s been a full week, with news to spare. So we’ve kept our weekly promise to filter the feeds and deliver the absolute need-to-know information.
From threats that target gamers to online banking users – there is news that involved every one of us, so a few minutes dedicated to enhancing your security will be well spent!
The weekly security roundup keeps you up to date with cyber criminal actions and the protective measures you can take to secure your data and devices.
Let’s see what’s inside!
Security articles of the week
1. Four million American government personnel records exposed in data breach
Governments are still unable to cope with severe cyber attacks.
Evidence: the US Office of Personnel Management and the US Interior Department have been compromised in April 2015, exposing 4 million government workers’ data to cyber criminals.
It isn’t clear exactly what was stolen in the hack attack, but officials said the information can be used to facilitate identity theft or fraud.
The main institution involved in the attack – the Office of Personnel Management – runs the federal government’s human resources department, and its data encompasses background checks, pension payments and even job training for various federal agencies.
The story is still developing, so it will be interesting to see if this has any impact on security-related legislation. You can read more about it on CSO Online.
2. A game of malware
The same day we published an article about the cyber threats that target gamers, this story broke:
A gaming plug-in installed on over 200 million PCs contains a flaw that could let attackers steal users’ data from websites they’re logged into, such as their Web mail and social networking accounts.
Source: CSO Online
This vulnerability allows cyber criminals to trick players into allowing requests to third-party websites through a malicious browser plug-in. If you’d install this app and you’d have an open Gmail session, the plug-in would try to send emails back to the attacker. And the same could happen to any website you might be logged into at the moment.
That’s why it’s crucial that gamers of all ages and preferences apply these 18 cyber security tips to keep safe from such threats and attacks.
3. The times have changed and so has malware
A recent security report shows that, in 2014, around 106 unknown malware types targeted an average organization every hour! The number of malware attacks also increased 48 times last year!
The usual suspect: Adobe is still the attack vector that cyber criminals prefer. The security report revealed that:
52% of the files infected with unknown malware were PDFs, while just 3% were Microsoft Office files.
Source: Infosecurity Magazine.
And let’s not forget that around 1 million new malware threats are released into the wild every day.
While it may seems like we’re talking only about volumes (as if that’s not reason enough for concern!), we should keep in mind that these new types of malware have embedded Advanced Evasion Techniques. Consequently, we shouldn’t leave personal or corporate cyber security to chance or as second-tier subject.
4. Dyreza – the banking Trojan – is back!
TrendMicro announced earlier this week that the financial malware Dyreza is back and hitting hard! According to their research:
There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in online banking has only continued to grow.
The target? Online banking users in Europe and North America.
We covered Dyreza in depth last year and we’ve been updating the analysis eversince, so you can learn how to protect yourself from this powerful form of financial malware.
Dyreza is part of the Dyre malware family, which is able to spam, scam, steal the victims’ data or make major changes to the affected Windows system.
So make sure to take the necessary precautions and learn about different scams that can make you a target. It also helps to be able to spot a malware infection and always use common sense when you’re navigating the web (which is probably all the time).
5. Security and privacy as a selling point
Although it’s great for your privacy and online protection, encryption is usually perceived as a tool used only by security or IT professionals. That’s because it’s sometimes difficult to use and people don’t always see its benefits.
But companies that make hugely popular applications understand that security and privacy not only make great selling points, but also offer actual benefits to the users.
That’s why Facebook has recently announced that it will support users to employ PGP (Pretty Good Privacy) – the open source end-to-end encryption standard – to encrypt their Facebook messages and emails. You can learn how to use PGP on The Hacker News.
Additionally, Facebook will also require application developers to adopt a more secure type of digital signature for their apps starting October 1st, so their program’s legitimacy can be better verified.
And Google is also working to help users be safer online. On the 1st of June, Google introduced My Account, a new privacy and security settings tool to help users enhance their cyber protection.
The tool also offers a free privacy check-up and a free security check-up, which is very helpful, especially since millions of users work and live inside the Google ecosystem.
6. The apps you use were flawed from day one
A new article on Dark Reading raises the question of integration and flaws that are not created by cyber criminals, but merely exploited by them.
Users are generally unaware of the fact that software is flawed from day one. There is no such thing as a perfect app, which is why updates are needed.
When it comes to software integrations, things get even more complicated, so here’s one more reason to learn about how software apps expose your computer to cyber attacks.
Another thing you can do is to educate yourself and acquire a little knowledge about cyber security – it can go a long way! And, of course, use the appropriate tools to keep your software up to date (preferably automatically) and your system protected from harm. You can start with free options and then build from there.
We are sure there are other important security news out there. So please let us know, what security news did we miss and should have been included here?