Weekly Security Roundup #42: Which News Will Persuade You to Learn About Cyber Security?
Youn can take your pick from this week’s top 10
We’re back with the Weekly Security Roundup!
Last week we took a short break for a quick vacation, but plenty of things happened in the meanwhile.
Experts in the cyber security field are constantly advising home users to try and change their attitude towards online security – aka not ignoring it anymore. But it takes a time to change habits, as we all know, so we all need to play our part.
This week we put digital pen to paper to help you see things from a different perspective: investing in cyber security, even if you’re not a company, can be a time-saver and a a money-saver as well! But don’t take my word for it: read the blogpost.
And if you’re not persuaded to take steps towards protecting your data and finances, let’s just take a look at this week’s security news:
Security articles of the week
Just a few minutes ago, Reuters published a shocking report on the unethical practices of Kaspersky that will definitely make for heated debates in the coming days.
More details will probably surface in the next days, so keep an eye on the subject.
Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.
They said the secret campaign targeted Microsoft Corp (MSFT.O), AVG Technologies NV (AVG.N), Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.
It you thought 2014 was a bad year in terms of cyber security breaches, 2015 is not straying away too far either. In fact, the numbers of breaches seems to climbing constantly and no one is safe. Not even cyber security companies (Kaspersky, LastPass, etc.), government agencies (OPM), health institutions (Anthem) or questionable websites (Ashley Madison).
And there’s a long way to go until the end of December, so we can probably expect that more breaches will add to the list (unfortunately).
Remember Operation Tovar, the Gameover ZeuS botnet takedown (which Heimdal Security was also a part of)? Brian Krebs offers an overview of the malicious activities of the cybercrime gang that created ZeuS Gameover and the consequences of this notorious infection. A must-read, in my opinion!
New research into a notorious Eastern European organized cybercrime gang accused of stealing more than $100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive “business club” that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russia’s far eastern border.
Evidence is already surfacing that this will be one of the biggest challenges of the coming years.
Cognosec has revealed critical security flaws in ZigBee, one of the most popular wireless communication standards used by Internet of Things (IoT) devices today.
Will users be able to choose between security and convenience? Will they have to? I believe this will be a key area in which cyber security will play a crucial role looking forward.
Users seldom forget that infections don’t happen only via an Internet connection, but can also occur if you plug an infected peripheral device into your computer, such as a USB device. And the thing is, the USB still exhibits vulnerabilities that can be seriously dangerous for your system.
Most famously, over five years ago the Stuxnet worm exploited a similar vulnerability to infect the uranium enrichment facility in Natanz, Iran.
Because it’s not.
Check out the latest security hole found in Facebook and what it could allow cyber criminals to harvest on the Check & Secure blog. And then go to the Facebook Privacy & Security Guide: Everything You Need to Know and thoroughly follow the steps there.
7. More DDoS extortion campaigns surface
Back in June, we sent out a security alert that revealed that DD4BC – a notorious cyber criminal group – was targeting Scandinavian companies with complex DDoS attacks. These types of attacks have only gotten worse in the past few months:
Now the FBI is sending notice to banks and other financial institutions to be on the watch for shakedown attempts. MarketWatch has reported that attackers have already made DDoS extortion attempts against more than 100 financial firms in recent months.
Only 2 days ago Bromium published “Black Hat 2015: State of Security,” a report that analyzes the results of a survey including over 100 information security professionals that attended Black Hat 2015.
The findings are very valuable and reveal key security challenges that cyber security professionals face in their everyday jobs, such as implementing security patches or securing critical infrastructure.
Black Hat is always a key event for the cyber security industry and this year made no exception. For example, a key subject was the way hacking is changing, which also reflects the transforming behaviour of cyber criminals.
You see, many of the platforms being trotted out live or die by how fast they can reach the marketplace, not on how secure they can keep your information. The difference is now you have 30 e-devices you interact within your home, car and office, instead of a couple.
This means the scammers have an easier time hacking a particular platform or doodad you don’t think much about, and use it to pivot to other targets, harvest your information or perpetrate a host of other nastiness. Oh, and these devices are always on, which is handy if you’re hacking from the other side of the globe.
If you haven’t realized this yet, it’s high time you started educating yourself on the basics of cyber security.
Biometrics are regarded as the solution to the outdated password system that we are currently using. Most people think that this will be a definitive solution to some of our most important security problems.
But evidence presented at BlackHat 2015 shows that it’s not the ideal scenario we were hoping for.
When your fingerprint is compromised, it is compromised forever. We’re talking about something associated with criminal records, banking, and other fairly-critical segments of one’s identity. It only makes sense your fingerprint remain part of your identity and not some password you hope to remain secret for the rest of your life. You can’t change them. Not easily, anyways…
So what should you do in the midst of all these events?
Learn how to protect yourself. Learn how to detect threats and know what to do about them, even at the most basic level. Educate yourself to be able to see through the complexity, to be able to choose the right service providers for your digital habits. The Cyber Security for Beginners course is a good place to start.