Weekly Security Roundup #40: Anything Can Happen
The title we chose for this week says it all. From Zero Days, to exploits, to hacking cars and websites with questionable objectives – we’ve seen it all this week.
Of course, the Weekly Security Roundup has all the essential news that you can review in just a few minutes.
But before you get to it, there’s one more thing I’d like to share:
If you’ve been worries about the latest Java vulnerabilities, especially given its controversial past in terms of cyber security, then the article we published this week is just for you.
We published a data-driven answer to the question “Why are Java’s Vulnerabilities One of the Biggest Security Holes on Your Computer?“ to help you get to the bottom of why Java is important, why it’s vulnerable and what you can do about it.
We believe that understanding how exploits work and cyber criminals think is the way to better protecting ourselves from harm. And every information security article you read is one more shield you can add to your defenses.
Security articles of the week
1. Staggering examples: hacking cars while they’re on the road
Wired’s article on remotely hacking a Jeep while it was on the highway made quite an impression this week. And for the right reasons as well.
Here’s a taste of the article:
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
2. Hacktivists threaten Ashley Madison’s 37 million users with exposure
Probably one of the biggest news this week was that the notorious Ashley Madison website was hacked and the hacktivists behind it threaten to expose confidential data pertaining to 37 million users, thus revealing their identities for the world to see.
The cyber security world (and not only it) is watching to see how this will unfold and what the consequences will be. The website’s owners have two choices: keep the site online and risk their users’ identities or take it down.
3. Black Hat USA 2015 is just around the corner
It starts next week and it will be intense! Black Hat USA will feature an array of events, workshops and discussions meant to help cyber security professionals connect, enrich their knowledge and help advance the field of information security.
The two subjects described above (remote car hacking and the Ashley Madison hack) will probably be discussed as well, so we’re looking forward to reading about it!
4. Detection is losing ground in the cyber security industry
A piercing article by Simon Crosby, Co-founder & CTO at Bromium, caught our eye this week. In it, Simon shares his view of the crucial difference between detection and prevention as approaches to cyber security.
The article is really worth reading and exploring further. We, too, believe that prevention is key for the future of cyber security and for the future of technology as well.
5. How will we protect critical infrastructure?
Another big subject made the cut this week: the summary of the discussions held at the annual Aspen Security Forum.
The key take-away would be:
It is essential for the public and private owners and managers of critical infrastructure to act now.
Again, prevention appears as the primary keyword.
6. Experts and non-experts share how they stay safe online
Google put together a great study with advice from both cyber security experts and non-experts, who each shared how they choose to protect their online worlds. As you’d expect:
Google researchers have asked 231 security experts and 294 web-users who aren’t security experts about their security best practices, and the list of top ones for each group differs considerably.
7. Four people arrested in the case of JPMorgan’s data breach
Without a doubt, JPMorgan’s data breach was one of the biggest in the world. The numbers below can give you an idea of its magnitude.
Here’s the sum-up:
JPMorgan Chase & Co.’s 2014 data breach now has a face: four people in Israel and Florida have been arrested today in a securities fraud scheme related to the data breach of JPMorgan as well as other finanical insitutions, according to Bloomberg.
But the process of discovering and apprehending the guilty people is still going, so there will certainly be more news on the subject.
8. I hope you’ve updated your Windows
This week, Microsoft released a security patch for all versions of Windows and that alone is reason to feel at least slightly anxious.
If you applied the patch, then you’re safe. If not, consider that you’re exposing yourself to a total system compromise via the Windows Adobe Type Manager Library.
And since we’re still on the subject of Microsoft, you should also be aware of the four Zero Day Vulnerabilities that were found in Internet Explorer.
Microsoft has fixed all the four zero-day vulnerabilities in the desktop version of its browser, but the flaws remain open on Internet Explorer Mobile.
So if you’re still using Internet Explorer (for some reason), please make sure you take adequate security measures.
9. Another WordPress security update you should install NOW
Graham Cluley wrote yesterday about WordPress 4.2.3 being released to patch a rather severe security hole:
WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site.
If you’re a WordPress user, don’t delay updating!
10. The Angler exploit kit‘s growing success with cyber criminals
Sophos released a detailed article about the dangerous Angler exploit kit that is a must-read!
As we also mentioned in our articles about ransomware, Flash or Java, Angler is especially shrewd in evading detection and has grown in popularity significantly over the past months.
Understanding this exploit kit is essential for current and future take-down efforts.
I hope that the Weekly Security Roundup helped you stay on top of security news this week, and if you have any other news to add, just let me know in the comments bellow.