CYBER SECURITY EVANGELIST

This week we wrote a guide to help you understand the difference between antivirus and antimalware programs, what are their pros and cons, important features and which one you should choose. We’ve also give details about BlueBorne, a new attack vector that might infect devices with Bluetooth technology without an Internet connection.

One of the bigger stories this week was the one related with BlueBorne, the new attack vector that might spread malware through Bluetooth-enabled devices without an Internet connection.

Here are some of the other cybersec stories of the week that you’ll find in our roundup:

1.One-third of Global Orgs Don’t Understand GDPR Compliance

A survey from WatchGuard Technologies found that with the GDPR deadline set for May 25, 2018, one third of organizations simply don’t know whether or not their organization needs to comply.

2. Equifax Breach Happened Because of a Missed Patch

The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has confirmed.

3. Phishing targeting LinkedIn Users via Hijacked Accounts

Beware of Linkedin scams! A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. These messages have been sent via legitimate LinkedIn Premium accounts, hacked by phishers, so it might look trustful and make users to click.

4. “ExpensiveWall” Attacks More Than 1 Million Android Users

A new Android malware variant called ExpensiveWall gains remote access to users’ phones and sends fraudulent premium SMS messages. The malware infiltrated Google Play and infected at least 50 apps, said Check Point’s mobile threat research team.

5. 5.3 Billion Devices at Risk for Invisible, Infectious Bluetooth Attack

BlueBorne is a new attack vector that spreads through the air, and potentially infect all Bluetooth-enabled devices without an Internet connection. Security researchers said that it can affect over 5.3 billion devices, including Android, Windows, Linux and iOS.

 6. The Importance of Benchmarking in Your Security Program

Here’s how benchmarking can help organizations make more informed decisions around their security programs.

 7. Attacks on Android Soared 40% in Q2

New report from Avast say that cyberattacks on Android devices jumped 40% year-over-year in the second quarter and will continue to grow.

  8. Cybersecurity on The High Seas, a Growing Threat to the Super Yacht Industry

Super yachts are just like another business and require the same security measures to keep them protected from cyber attacks. It seems there’s growing threat to the super yachting industry: hacking.

 9. Hurricanes Lead to Drop in Malware Infections

Here’s an interesting effect of the devastating Hurricane happening in the US. New data show that malware infections in the Houston area showed a 52.5 percent drop from the average on August 29th.

10. Safe Browsing: Protecting more than 3 billion devices worldwide, automatically

Google announced that Safe Browsing, one of its anti-malware efforts to keep users safe, has crossed the threshold to 3 billion devices.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week we’ve explored the topic of spam emails and try to understand why these types of attacks still work and how to secure your email account. We approached this subject, after we’ve been recently witnessed a historical data dump where more than 700 million of email addresses (plus passwords) have been exposed online.

One of the bigger stories this week was the announcement made by Equifax, one of the three major consumer credit reporting agencies, about a cyber attack where hackers might have gained access to company data and potentially compromised sensitive information for 143 million American consumers.

Here are some of the other cybersec stories of the week that you’ll find in our roundup:

1. Ransomware is the Top Threat to Business Data

New research from the SANS Institute revealed that frontline IT professionals think ransomware is the top overall threat to business data, with 78 percent of respondents reporting two or more threats occurring in the past 12 month.

2.  Dragonfly: Western Energy Sector Targeted by Sophisticated Attack Group

The energy sector in Europe and North America has been targeted by a new wave of cyber attacks that could provide cyber criminals to seriously disrupt affected operations.

3.  Hackers Can Take Control of Siri, Cortana and Other Digital Assistants with Ultrasonic Commands

Security researchers have discovered that digital assistants, including Alexa, Siri and Cortana, are vulnerable to hacking via ultrasonic commands, known as Dolphin Attacks.

4. Equifax Says Cyber Attack May Have Affected 143 Million Customers

Equifax, a major consumer credit reporting agency from US, announced that hackers had gained access to company’s data and might have compromised  sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

5. New Research Reveals Increased Mobile Threats

A recent Avast analysis on over 160 million mobile devices shows that mobile cybercrime is on the rise. Data announced revealed a 40% increase in cyber attacks on Android smartphones and tablets.

6.Employer Breached Worker’s Privacy by Reading Private Messages Sent via Work Account

A Romanian worker’s “right to a private life” was breached when his employer accessed his work Yahoo Messenger account and read private messages sent there.

7. Security Pros See New Requirements for Cyber-Staff

New survey found that 81% of security professionals believe that the requirements to be a great security professional have changed, with many turning to staff without specific cyber-training.

8.Budding Malware Author Uses the Same Skype ID Across Job Applicants and IoT Botnet Ads

A 13-year-old young malware developer is using the same Skype ID for applying to jobs and advertising their Internet of Things (IoT) botnet.

9.Fake DHL email  – “Give Us $350 in the Next 24 Hours

Email scammers keep showing again and again. This time, we have the 419 “Hitman deployed to kill you” missive doing the rounds. On a similar threatening note, victims get a DHS notification telling them to pay a $350 fee within 24 hours – or else.

10.Google’s September 2017 Android Patches Fix Over 80 Vulnerabilities

Google has released its monthly security updates for its Android mobile OS, fixing over 80 vulnerabilities in the platform with two different packages.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week we published a security alert that offers details about Locky ransomware making its appearance once again. In the newest spam run, the cyber criminals behind the most notorious ransomware strain currently on the market have decided to change tactics and to spoofing Dropbox.

Security articles of the week (28 August – September 1st, 2017)

1. Hundreds of millions of private email addresses (and passwords) have been leaked in the Internet in the biggest data dump ever.

This is definitely  the most important news of the week. Over 700 million email addresses (and their passwords) have been exposed in, what is, the biggest data dump ever.

2. List of the cyber attacks and data breaches in August 2017

In terms of cyber attacks, August was a relatively quiet month, compared to the previous one, but here’s a list of the cyber attacks and data breaches happening in August.

3. The biggest challenges in mobile security

Mobile becomes indispensable for most of us, and users are using it on a daily basis, which makes these devices an easy target for cyber criminals. In this article, you can read about the biggest challenges in mobile security.

4. Google removed 300 Android apps from the Play Store

Google had to remove almost 300 Android apps from its Play Store, after finding out that some apps were being hijacked for DDoS attacks which infected almost 70,000 devices.

5.Bitcoin’s price jumped above $4,800 for the first time

The price of the cryptocurrency hit a record for the first time, jumping above $4.800 over the past few hours of trading

6.Lukitus Campaign Sends 23 Million Emails in 24 Hours

Researchers have spotted a new spam campaign containing Locky ransomware that was sent out to more to more than 23 million emails in 24 hours.

7. Gartner: Worldwide information security spending to hit $93B in 2018

According to the latest forecast from Gartner Inc, the worldwide information security industry will grow 7 percent to reach $86.4 billion (USD) in 2017, and will climb to $93 billion next year.

8. Half of Organizations Fail to Maintain PCI DSS Compliance

According to a new report, half of organizations are still failing to maintain PCI DSS (The Payment Card Industry Data Security Standard) compliance.

9. The Malware Ecosystem Still Impacting Businesses. Here is Why.

Why does old malware continue to prevail? Why ransomware still threaten businesses and users alike? Experts believe it comes down to irregular patching, weak and out-of-date AV and legacy systems that can’t be protected or upgrade.

10. Google-Certified Devices will Carry the Play Protect Label on Their Packaging

Google recently announced that its future certified devices will carry the Play Protect logo on their retail packaging, as a way to assure customers that the device they are about to invest in will give them the most secure experience possible.

This week, we published an update of our guide about the Data Protection Regulation. It includes lots of useful resources to help both companies and users better understand how this regulation works.

Our other article is a security alert providing details about an adware that is targeting Facebook users, with a malicious link spreading on Messenger.

Security articles of the week (21-25 August, 2017)

1.Attacks on the Cloud Increase by 300%

Cyber attacks on the cloud services are growing fast. According to Microsoft’s Security and Intelligence report, the number of threats on cloud-based accounts have seen an increase up to 300% over the past year.

2. Ukraine Central Bank detected a new malware campaign via malicious word docs

Ukraine’s central bank sent a warning to state-owned and private banks across the country regarding a new malware campaign that is targeting financial services. It is said that the attack might have the proportion of a Non-Petya ransomware.

3. Over 1.8 million US voters’ private information have been exposed online

Cybersecurity firm Upguard has discovered that data breach, in which a US voting machine supplier has exposed the personal information of more than 1.8 million voters in the state of Illinois.

4. Two-zero days vulnerabilities have been discovered in Foxit’s PDF Reader

Researchers have discovered two-zero days vulnerabilities in Foxit’s free PDF Reader, after the supplier revealed it has no plans to fix the security flaws.

5. Android banking malware have been discovered in the Google Play Store

Security researchers have identified a banking malware called BankBot hiding in Google Play Store. The malware can be found in two Android apps which can download suspicious programs without the user’s knowledge.

6. 90% of companies get attacked with three-year-old vulnerabilities

According to a recent Fortinet report, 90% of organizations have experienced cyber attacks during which intruders tried to exploit vulnerabilities that were three years or older.

7. WannaCry ransomware attacks again, taking LG’s systems offline

LG has confirmed it had to shut down some parts of its network after a WannaCry ransomware was found on its systems.

8. Top 10 security challenges for 2017

Cybersecurity professionals share their opinion on the security challenges that will be faced this year.

9.  The Victorian Government launches cyber security strategy

The Victorian government has just announced its cybersecurity strategy aimed at building resilience against cyber threats and ensure government information, services, and infrastructure are protected and safe.

10. Why are so many organizations struggling to patch? [Q&A]

Why do some organizations find it so difficult to keep their systems up to date and what can they do to better protect themselves? Here are some useful answers in this Q&A we recommend reading.

This week, my colleague Ioana has explored the main reasons why ransomware is still such a major online threat, despite all the efforts being poured into containing it. Our other article dives into spoofing, and how malicious hackers use this method to break into user’s accounts and personal data. 

Security articles of the week (7-11 August, 2017)

Poor HBO is still struggling to cope with the aftermath of its hacking after hackers continued to dump episodes and scripts. Another major interest point is the appearance of hard statistics that show how prevalent phishing is as a cybersecurity threat.

1. Cyberwar: A guide to the frightening future of online conflict

Cyberwar is still an emerging concept, but many experts are concerned that it is likely to be a significant component of any future conflicts. As well as troops using conventional weapons like guns and missiles, future battles will also be fought by hackers manipulating computer code.

2. The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription

In June, the mysterious group who for almost a year has been dumping hacking tools and exploits stolen from the NSA launched a subscription service that promised to provide new tools to subscribers every month.

3. Plenty to Patch as Microsoft and Adobe Fix 115 Vulnerabilities

This month’s Patch Tuesday update round from Microsoft fixed 48 vulnerabilities, but only two have been publicly disclosed prior to release, with none known to have been exploited in the wild thus far.

4. 67% of Malware Attacks Came via Phishing in Second Quarter

Organizations hit with malware during the second quarter had it delivered via phishing attacks in 67% of the cases, according to a Global Threat Intelligence Center (GTIC) report released today by NTT Security.

5. HBO hackers demand money, leak more stolen data and GoT scripts

The hackers who’ve breached HBO and supposedly made off with 1.5TB of the company’s data have released a second data dump.

6. Biological malware: Scientists use DNA to hack a computer

Scientists at the University of Washington in Seattle, have successfully been able to code a malware program into a DNA sample and use it to hack into a computer that was studying it.

7. Android app stores flooded with 1,000 spyware apps

Hackers have flooded Android app stores, including the official Google Play store, with over 1,000 spyware apps, which have the capability to monitor almost every action on an infected device.

8. Ransomware turns even nastier: Destruction, not profit, becomes the real aim

Get used to global malware campaigns like Petya and WannaCry, because Pandora’s Box has been opened and destructive cyberattacks like these are here to stay.

9. Spam Rate Hits Two-Year High

In July 2017, global spam rate reached the highest level registered since March 2015, fueled by the emergence of malware families attempting to self-spread via email, according to Symantec.

10. Phishing tops list of most prevalent security threats facing organisations globally

According to results of a new survey on today’s threat landscape, to be released by SANS Institute on Tuesday 15 August, both users and their endpoint devices are the primary target for cyber criminals in 21st century security battles.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published an article about session hijacking, a dangerous hacking method that takes control of a user’s account as they are live and using it.

Security articles of the week (July 31st – August 4th, 2017)

The biggest story from the beginning of this week was the HBO hack that ended up with leaked scripts and even the 4th episode of the series. Later on, the story that captured all the headlines was the arrest of Marcus Hutchins, the cybersec researcher who stopped the WannaCry ransomware.

Here are some of the other cybersec stories of the week that you’ll find in our roundup:

1. HBO hacked, attackers leak GoT script and some episodes

HBO has become hackers’ latest entertainment industry target: attackers have breached the company’s servers, and they claim to have syphoned from them 1.5 terabytes of data.

2. How Amazon Echo could be used to spy on you

By removing the rubber base at the bottom of the Echo, the research team was able to access the 18 debug pads and directly boot into the firmware of the device, via an external SD card, and install persistent malware without leaving any physical evidence of tampering. Doing this gave them remote root shell access and enabled them to access the ‘always listening’ microphones.

3. Security flaw made 175,000 IoT cameras vulnerable to becoming spy cams for hackers

Some 175,000 Internet of Things (IoT) connected security cameras are vulnerable to hacks that would allow cybercriminals to enter a user’s network, spy on the owner, or become part of a malicious botnet, according to a new report from security provider Bitdefender.

4. Long-lasting DDoS attacks are back

Long-lasting DDoS attacks are back, and they’re harder than ever, new research has claimed.

According to a report from Kaspersky Lab, the second three months of 2017 saw a DDoS attack last more than 11 days – 277 hours straight.

5. Why ex-employees may be your company’s biggest cyberthreat

In a recent survey of 500 IT decision makers from security firm OneLogin, only about half of respondents said they were “very confident” that former employees could no longer access corporate applications. And 20% of organizations surveyed said they had experienced data breaches by ex-employees.

6. WannaCry ‘Kill Switch’ Creator Arrested in Vegas

In a stunning move, federal authorities have arrested Marcus Hutchins, a researcher who earlier this year was credited with stopping the rapidly expanding WannaCry ransomware attack that spanned 150 countries in a matter of days.

7. Hacked Chrome web dev plugin maker: How those phishers tricked me

The chap behind Chrome Web Developer, a popular third-party extension that was briefly hijacked to inject ads into browsers, today confirmed he was the victim of a phishing attack.

8. Hackers cash out on WannaCry ransom money

As law enforcement agencies continue to be on the hunt for the group behind WannaCry, the ransomware authors have just withdrawn a handsome $140,000 in cryptocurrency from their Bitcoin wallets.

9. Now Cerber ransomware wants to steal your Bitcoin wallets and passwords too

One of the worst types of ransomware has become even nastier, adding the ability to steal Bitcoin wallets and password information from you in addition to encrypting your files and demanding a ransom payment in order to get them back.

10. Infosec Pros: AI Could Soon Be Used Against Us

A majority of information security professionals believe that artificial intelligence (AI) technology will be used in attacks against them in the next 12 months, according to new research from Cylance.

This week, we’ve explored a less talked about topic in the cybersecurity arena: biometric security. In it, we’ve gone over how the most popular methods of biometric authentication work, their advantages and disadvantages and also how these measures can be hacked.

Security articles of the week (July 24-28, 2017)

One of the bigger stories this week was Adobe’s decision to finally pull the trigger and kill Flash. However, the squeezing is going to take quite a while. This week stood out for how many threats were discovered that targeted smartphones, iOS and Android alike.

In any case, here’s what you’ll find in this week’s cybersecurity roundup:

1. Criminals Hacked A Fish Tank To Steal Data From A Casino

Here’s one of the most unconventional: a fish tank. Not just an ordinary fish tank, mind you, but a fairly high-tech one that featured Internet connectivity. That connection allowed the tank to be remotely monitored, automatically adjust temperature and salinity, and automate feedings.

2. How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks

Digital currencies have emerged as a favourite tool for hackers and cyber criminals, as digital currency transactions are nearly anonymous, allowing cyber criminals to use it in underground markets for illegal trading, and to receive thousands of dollars in ransomware attacks—WannaCry, Petya, LeakerLocker, Locky and Cerber to name a few.

3. Say goodbye to Flash

In a statement, Adobe confirmed the news, saying it will slowly phase out the plugin by the end of 2020. After that time, Flash will no longer receive updates. Until that happens, though, Adobe’s partnership with Apple, Mozilla, Microsoft and Google will continue as the company provides additional security updates for browsers.

4. The state of ransomware among SMBs

In a report conducted by Osterman Research and sponsored by Malwarebytes, more than 1,000 small and medium-sized businesses were surveyed in June 2017 about ransomware and other critical security issues. What we discovered was surprising—ransomware authors aren’t only targeting enterprise businesses for big payouts. They’ve got their greedy gaze on businesses of all sizes.

5. Privacy dust-up as Roomba maker mulls selling maps of users’ homes

iRobot, maker of the cat chariot-cum-auto-vacuum Roomba robot, is looking into selling maps of our homes to one of the Big Three companies behind artificially intelligent (AI) voice assistants – Google, Amazon and/or Apple.

6. How Coders Hacked Back to ‘Rescue’ $208 Million in Ethereum

On Wednesday, an anonymous hacker (or hackers) stole $32 million worth of ethereum’s cryptocurrency, ether, from three multi-signature wallets thanks to a vulnerability in the contract for the wallets.

7. UniCredit breach: Data of 400,000 customers exposed

Italian global banking and financial services company UniCredit has revealed that it has suffered two security breaches in less than a year.

8. Sweden leaked every car owners’ details last year, then tried to hush it up

In a slowly-unfolding scandal in Sweden, it’s emerged that the country’s transport agency bungled an outsourcing deal with IBM, putting both individuals and national security at risk.

9. New details emerge on Fruitfly, a near-undetectable Mac backdoor

The recently discovered Fruitfly malware is a stealthy but highly-invasive malware for Macs that went undetected for years. The controller of the malware has the capability to remotely take complete control of an infected computer — files, webcam, screen, and keyboard and mouse.

10. Unpatched Smartphones ‘At Risk’ From Broadpwn Bug

Android and iOS already issued patches for bug that could result in the spread of unstoppable malware

A bug in an obscure chip found in the world’s most popular smartphones could result in the unstoppable spread of malware from device to device.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve updated and republished two of our most important articles, one of which covers the most important warning signs of a malware infection, while the other goes over 50+ cybersecurity tools that might improve your online safety. 

We’ve also published a new article about DDoS attacks and the methods malicious hackers use to execute them.

Security articles of the week (July 17-21, 2017)

A quiet week in cybersecurity, without any particularly big hackings. It’s the middle of summer, so all of the malicious hackers out there are probably in a holiday or something. Or preparing their next big Mirai or WannaCry. But hopefully they are on a permanent vacation.

In any case, here are this week’s top cybersecurity stories:

1. These 10 US states have the highest rate of malware infections in the country

If you are one of the almost half a billion people who at some point used to be on Myspace, the hottest social network of the early 2000s, you should know that almost anyone can hack into your account.

2. Elon Musk’s top cybersecurity concern: Preventing a fleet-wide hack of Teslas

“AI is a fundamental, existential risk for human civilization,” Tesla and Space X CEO Elon Musk said at the National Governors Association summer meeting. He doesn’t think people “fully appreciate that.” AI and a possible robot apocalypse is just one topic covered by Musk, and we’ll get back to that; but since a Tesla is “like a laptop on wheels,” Musk also talked about his top cybersecurity concern: a fleet-wide hack of Teslas.

3. IoT ‘Smart’ Alarm has Vulnerabilities that Could Help Black Hat Burglars

An Internet of Things-based ‘smart’ alarm dubbed iSmartAlarm has several vulnerabilities that could help criminals to set up a cyber-assisted burglary.

4. Didn’t get your Oreo cookie shipment? Last month’s global cyber attack may be to blame

Confectionary giant Mondelez, the makers of Oreo Cookies and Cadbury chocolates, which found its offices as far away as Tasmania had fallen foul of NotPetya/GoldenEye, forcing production to halt.

5. Most Americans reuse passwords, with millennials the worst culprits

A new survey of over 1,000 US adults reveals that 81 percent of people surveyed admit to using the same password for more than one account.

Among millennials where 92 percent say they use the same password across multiple accounts. More worrying still, more than a third (36 percent) report that they use the same password for 25 percent or more of their online accounts.

6. But how does our ransomware make you feel?

Ransomware crooks have become skilled psychological manipulators in their attempts to fleece victims of file-encrypting malware.

Analysis of the psychology behind ransomware “splash screens”, the initial warning screens of ransomware attacks, commissioned by SentinelOne, reveals how social engineering tactics are used by cyber criminals to manipulate and elicit payments from individuals.

7. Undetected For Years, Stantinko Malware Infected Half a Million Systems

A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,” ESET researchers warn.

Dubbed Stantinko, the botnet has powered a massive adware campaign active since 2012, mainly targeting Russia and Ukraine, but remained hidden courtesy of code encryption and the ability to rapidly adapt to avoid detection by anti-malware solutions.

8. Modified versions of Nukebot Trojan spotted in wild after code leak

In March, the source code for a new banking Trojan, dubbed Nuclear Bot (Nukebot ), was available for sale in the cyber criminal underground.The Nuclear Bot banking Trojan first appeared in the cybercrime forums in early December when it was offered for $2,500. The malicious code implements some features commonly seen in banking Trojans, it is able to inject code in Mozilla Firefox, Internet Explorer and Google Chrome browsers and steal sensitive data provided by the users.

9. Cracked Your Smartphone Screen? Think Again Before Buying Aftermarket Replacement

How secure is your smartphone? Do you know what you can do to help the hackers who increasingly see it as a desired and lucrative target?

Fortinet’s Threat Landscape Report found that mobile malware as a percent of total malware rose from 1.7% in the last quarter of 2016 to 8.7% in the first quarter of 2017.

10 . Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter

New IOActive research exposes critical security vulnerabilities found in the Segway miniPRO electric scooter.

If exploited, an attacker could bypass safety systems and remotely take control of the device, including changing settings, pace, direction, or even disabling the motor and bringing it to an abrupt and unexpected stop while a rider is in motion.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published an article covering the best practices in maintaining an organization’s data integrity, and also an analysis of all the critical vulnerabilities found in Windows that make it vulnerable to a new wave of cyber attacks. 

Security articles of the week (July 10 – 14, 2017)

Possibly the biggest story of the week was the Verizon leak that exposed data on millions of its customers. Other stories of interest include the new Apple Mac money stealing malware and the Android HighRise malware that the CIA used to intercept SMS messages.

1. Millions of Verizon customer records exposed in security lapse

An Israeli technology company has exposed millions of Verizon customer records, ZDNet has learned.

As many as 14 million records of subscribers who called the phone giant’s customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of Nice Systems, a Ra’anana, Israel-based company.

2. Biometric data stolen from corporate lunch rooms system

A US payment kiosk vendor has been stung by malware scum.

Avanti Markets helps employers monetise the lunch-room and get rid of counter-service, going beyond a simple vending machine to cover the whole sandwiches-fruit-drinks-junk-food with one payment system.

3. ‘HighRise’ Android Malware Used by CIA to Intercept SMS Messages

WikiLeaks on Thursday published a user guide describing what appears to be a tool used by the U.S. Central Intelligence Agency (CIA) to intercept SMS messages on Android mobile devices.

Named HighRise, the version of the malware described in the WikiLeaks document is disguised as an app called TideCheck, and it only works on Android versions between 4.0 and 4.3.

4. “Particle” Chrome extension turns into adware after being sold to a new developer

Users who have Particle For YouTube extension installed on their browsers should consider removing it as soon as possible. The original developer of the extension sold the extension to a new developer, which turns out to be a collector of abandoned Chrome extensions.

5. Australia to Compel Chat Apps to Hand Over Encrypted Messages

Social media giants like Facebook and WhatsApp will be compelled to share encrypted messages of suspected terrorists and other criminals with Australian police under new laws unveiled Friday.

6. What can be hacked in 2017

Modern technology is a terrific thing, however, like everything else in this world, it is not ideal.
Everything that is connected to the Internet directly or with the help of some wireless technology, is “under risk”. From cars and houses to medical devices and ATMs these are 11 crucial things of our life that could be hacked.

7. Samsung Tizen Accused of Being Home to at Least 27,000 Findable Bugs

A purveyor of static code analysis wished to pitch his product to Samsung. What better way, he thought, than to run his product against the Samsung Tizen operating system, and demonstrate the results. The demonstration fell through, and the purveyor decided instead to publish his findings.

8. Watch out for this money stealing macOS malware which mimics your online bank

A recently discovered strain of Apple Mac malware has begun mimicking major banking websites in an effort to steal credentials from victims.

First uncovered in May, OSX.Dok affected all versions of Apple’s older OS X operating system and was initially used to spy on victims’ web traffic.

9. Windows 10 Finally Getting a Feature to Reset Passwords from the Lock Screen

Windows 10 users will finally be allowed to reset their account passwords from the lock screen, with Microsoft currently testing a feature that would enable password recovery with help from digital assistant Cortana.

10. Cyberespionage: Your intellectual property under threat

Cyberespionage conjures up nightmare scenarios for private and public organizations. For governments, it might involve the prospect of foreign agents filching details on a new missile system. For an auto company, it could be hackers stealing their blueprints for a next-generation auto.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published an article detailing how malicious insider threats operate, and how they can seriously mess up a company’s security. In short, these are employees that hack or sabotage their own company, either for profit or simply vengeance. We recommend you check out the whole article, for all of the stories that we’ve included. 

Security articles of the week (July 3-7, 2017)

Last week’s Petya/NotPetya attack left again left us wondering just how much worse cyber attacks are going to be. Within a year, we’ve had the Mirai attack, WannaCry and now Petya. Judging from the state of cybersecurity, these attacks aren’t going to stop anytime soon. Fortunately for those affected by Petya, a decryption key was made public by its author.

In any case, here are this weeks top cybersecurity articles:

1.     Google Patches Critical Vulnerabilities in Android

Google on Wednesday announced that a total of 138 vulnerabilities were addressed in the Android platform with the release of this month’s set of security patches.

The July 2017 Android Security Bulletin was split in two partial security patch level strings: the 2017-07-01 security patch level that addresses issues in the platform itself, and the 2017-07-05 security patch level, which resolves device-specific vulnerabilities in various components supplied by manufacturers.

2.     Someone’s phishing US nuke power stations. So far, no kaboom

Don’t panic, but attackers are trying to phish their way into machines in various US power facilities, including nuclear power station operators.

It seems so far whoever behind the campaign has tried phishing and watering-hole attacks, but haven’t got beyond corporate networks (which in critical infrastructure should be on separate networks from the operational systems).

3.     iPhone Bugs Are Too Valuable to Report to Apple

The iPhone’s security is so tight that it’s hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research.

4.  14 Million Android Phones Infected with CopyCat Malware

Android users have once again been exposed to malware, as security company Check Point detected a new form of CopyCat that hit no less than 14 million devices across the world.

5.  Petya author releases master decryption key for all versions of the ransomware

Janus Cybercrime Solutions has provided a key that work with all “official” variants of Petya (meaning NotPetya is not included). The key was released to — of all places — Mega, and its authenticity has been verified. While Petya has already been cracked, the key offers the fastest and most reliable decryption method yet.

6.  Satellite phone communications can be decrypted in near real-time

Satellite phone communications encrypted with the GMR-2 cipher can be decrypted in mere fractions of a second, two Chinese researchers have proved.

7. Major cryptocurrency exchange hacked – customers’ Bitcoin and Ethereum accounts plundered

One of the world’s largest cryptocurrency exchanges has fallen victim to hackers, who were able to use information they stole to plunder users’ accounts.

According to local media reports, Bithumb informed the Korea Internet & Security Agency (KISA) late last week that the personal information on approximately 32,000 customers was compromised – although passwords were not taken.

8. Help! Hackers Stole My Password Just By Listening To Me Type On Skype!

For many, everyday life involves sitting in front of a computer typing endless emails, presentation documents and reports. Then there’s the frequent typing of passwords just to get access to those files. But beware: researchers have hacked together a tool that can harvest what’s being typed simply by listening to the sounds of the keys.

9. Ransomware Smackdown: NotPetya Not as Bad as WannaCry

Microsoft says the outbreak of NotPetya – aka SortaPetya, Petna, ExPetr, GoldenEye, Nyetya and Diskcoder.C – that began June 27 resulted in “a less widespread attack” than WannaCry, aka WannaCrypt. That was despite NotPetya being even more sophisticated than WannaCry – by many security experts’ reckoning – as well as NotPetya targeting the same EternalBlue server message block exploit in Windows that had enabled WannaCry to spread far and fast.

10. Pre-Installed Software Flaws Expose Dell Systems to Code Execution

Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

 

Security Tips and Tricks from Top Experts
2016.06.27 SLOW READ

50+ Internet Security Tips & Tricks from Top Experts

Expert Roundup Software Patching
2016.04.06 SLOW READ

15+ Experts Explain Why Software Patching is Key for Your Online Security

27 Cyber Security Experts
2015.08.25 SLOW READ

The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing

Comments

Howdy, I do think your blog could possibly be having internet browser compatibility problems. When I look at your web site in Safari, it looks fine but when opening in IE, it’s got some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, fantastic site!

Thanks for letting us know. Are you sure your browser resolution is set to the standard for your desktop resolution? We’ve found that other readers experienced this and, when they set their browser resolution to normal, the issue was gone. The fastest way to do this is to hold CTRL and press 0.

And thanks for the awesome feedback!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
165 queries in 6.001 seconds