Weekly Security Roundup #45: Are You Putting Yourself at Risk With the Apps You Use?
The most used apps in the world are the most vulnerable ones
This week, we shared some of our intelligence with our readers, to help them identity the biggest malware threats to their online safety. One threat stood out in particular, exhibiting particularly deceiving characteristics that make users almost unaware of it. We recommend you read the entire thing, because there’s some valuable advice in there as well. Plus, this recent example really goes to show that there’s no stopping this particular threat.
And today we published a worrisome security alert that concerns website and blog owners as well as their readers. Legitimate websites are being compromised through malicious script injections to deliver ransomware. And the entire attack is based on exploiting vulnerabilities in CMS and plugins on the website owners’ side, and vulnerable software on the users’ side.
But since this is the weekly security roundup, let’s see what else had been going on in the past few days:
Security articles of the week
You’d think that people know better when securing companies, data or their personal information, but many still rely on the “let’s just hope it doesn’t happen to us” policy. Needless to say that such an approach is not only counterproductive, but almost silly. Let’s just hope (see what I did there?) that company owners and home users realize that we have a long way to go to secure the connected things we use, and that we can’t waste any moment before starting to do more in this direction.
How can you tell if a website is legitimate? The most used domains in the world used to indicate that we can trust them, but that’s not the case anymore. You should keep an eye out for trouble each time you go online and read this article to get up to date.
And we can’t help but wonder what 2015 will look like. In the meanwhile, we should all see this infographic and really let the numbers in it sink in. We should really stop repeating history, but, until now, this year proved that big companies haven’t learned a thing.
4. Employees severely increase company’s cyber security risks
By doing things such as installing gambling apps on their smartphones, through BYOD policies which are not properly regulated or simply by lacking in cyber security awareness, which makes them pawns for cyber criminals.
A lot can be done to turn things around, and education is the first investment companies should make.
While CISOs are working to protect their companies and home users are barely getting acquainted with the basics of cyber security, cyber criminals are coming up with ever more sophisticated tactics. The latest ones include embedding redirects in PDF documents. You need to read about this.
John E. Dunn from Techworld shared a very useful list of secure browsers you can use. If you’re keen on the subject, this article will be really useful.
This is really an attitude to be applauded and set as an example. We need more forward thinking companies that invest in proactive security solutions in order to make a difference in the battle against cyber criminals.
New analysis from Frost & Sullivan concludes that a greater portion of market participants’ revenues will be devoted to threat intelligence research, detection and remediation to enable organisations to counteract the negative effects of APTs.
The phrase below will alone prompt you to go through this article that shows the ever increasing threats of malware on targets everywhere.
Malware development continues to remain healthy. Intel Security Group’s McAfee Labs Threat Report: August 2015 shows malware’s quarterly growth at 12% for the second quarter of 2015. The overall count of known unique malware samples has reached a mesmerizing 433 million.
In its latest blogpost, CSIS discloses that they found a new version of Carbanak, a financial ATP that targeted financial institutions around the world and could cause losses worth millions of dollars.
No one is perfect in terms of cyber security, and any company, as big or well funded as it may be, can slip. Uber is the latest example, with app users having their ‘shared trip’ data exposed and indexed by Google. Uber is currently looking into the issue, so we should have more details soon.
In other news, our friends from Check & Secure have released a Firefox add-on called the cyscon Security Shield, which provides a Breach Notification feature and a “Watchdog” function against Botnets. The article has all the info and we strongly recommend you set it up and enjoy a safer online session.
That’s it for this week! Keep safe!