Weekly Security Roundup #59: When Cybersecurity Researchers Become Targets
Being a figther for online security can be more dangerous than you think
Never a dull moment when it comes to cyber security. Seven days to go until Christmas and cyber criminals are exploiting every unorthodox opportunity. Our weekly roundup is loaded with articles related to this seasons’ threats.
For those of you still searching for presents, we created an ample guide on how to safely shop online. We covered all the neccessary steps to make sure your sensitive data is safe.
Next week we’ll come up with another comprehensive security guide, with everything you need to know about phishing.
Until then, stay up on game with the following recap that covers 10 most important news of this week.
Security articles of the week
In latest data breach news, the Anonymous group infiltrated into European Space Agency‘s database. More than 8000 registered users, subscribers and collaborators had their data leaked online, along with ESA server stats and database schemas. Just for some pre-Christmas fun. Well, the 8000 people mustn’t have been amused to have their full names, passwords, email addresses and phone numbers published.
However, from an analysis published by CSO, the leaked data revealed that 39% of the passwords were just three characters long. Seriously, guys? That’s the definition of playing with fire. Why were you even allowed to set such weak passwords in the first place?
MacKeeper, a security software for Mac users, exposed information about 13 million of their customers. Over 20 GB of usernames, passwords and other information where left in the open, just laying there, waiting to be discovered by anyone that has access to an Internet connection.
The company issued a press release and stated that the error was fixed withing hours of its discovery and they retain no financial information on their servers.
Looks like using a modem provided by your ISP also bring certain security risks. Multiple ads popping up, maybe even pornographic material, for example.
Find out how cyber criminals can exploit the backdoors left open on routers, how you can detect such breaches and how to protect yourself against it.
4. Half the population of the United States has been affected by breaches of protected health information over the past 10+ years
A report recently published by Verizon shows that nearly half of the USA population has been affected by breaches of protected health information.
In the report there were analyised incidents from 20 industries happening since 1994 in 25 countries. Most of the incidents occurred between 2004 and 2014.
Theft of lost laptop, tablets, USB sticks and other portable devices was the number one cause of breaches, followed by human error. Next came employees abusing their access to the information. These three actions accounted for 86% of all breaches of PHI data.
With Christmas just around the corner, cyber criminals jumped at every possible opportunity to do some damage. Inserting malicious code in religious Android apps, for example. Proofpoint security company discovered that:
These apps are masquerading themselves as Bibles, Qurans, and other religious texts in order to exploit users and gain access to their mobile operating systems.
Lord have mercy.
Intend to give your partner a wearable for Christmas? Perhaps a fitness tracker or smartwatch? You are not the only one, as their popularity raised in the past years. Directly linked to that, Internet of Things attacks also went straight to the top threats. Here’s what vulnerabilities you should be aware of.
Still ilegally downloading your favorite TV series and movies? Looks like you are 28 times more likely to be infected by malware. And even worse, almost half of that malware is delivered without requiring you to click on anything.
More on this subject, in a study recently conducted by RisIQ, that shows how content piracy is the most used type of bait for malware infection.
Lessons learned from the DDoS attacks of 2015 and how to eliminate their threats in the new year.
If you’re amongst Edge and Internet Explorer 11 users, Microsoft recently introduced protection against malicious sites. The service is periodically updated and blocks access to suspect pages.
Why this matters: Unlike the system-wrecking computer viruses of yesteryear, drive-by attacks are insidiously silent, and may attempt to steal sensitive data without users even knowing they’ve been compromised. Fortunately, it seems Microsoft now has enough data points to take a proactive measures against these attacks, even when users haven’t patched vulnerabilities in their other software.
Blackmail? Bribery? Threats to your life? Threats to your family members and friends? Or just paranoia?
Top cybersecurity researchers share their stories about what it’s like to track cyber criminals and, at one point, become the target.
On the verge of Christmas, cybercriminals are taking advantage of every possible unorthodox strategy. And, as the last article in our recap was pointing out, nobody is immune from cyber attacks, not even the ones using the Internet only to track and capture the bad guys.