Help Net Security

Don't miss:

MacOS Proton backdoor delivered via Trojanized media player app

EU MEPs want stronger privacy rules for Internet-enabled communication services

New infosec products of the week: October 20, 2017

Hot stuff

Android malware

Millions download botnet-building malware from Google Play

Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the …

binary

The pervasive risk of vulnerable open source components

Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk …

chess

Using a robust platform for cyber threat analysis training

We have recognised threats coming more regularly from varied origins such as nation-states, hacktivist and cybercriminal actors. Coupled with many new public policies aimed at mitigating the negative effects of data breaches, cyber espionage and intellectual property theft, it’s clear a new ecosystem of cyber threat intelligence sharing is …

now

Why wait to be breached? Three reasons to secure your data now

“I’m working on it.” “We don’t have room in this year’s budget.” “Something else more important came up.” “Well, we’ve not been breached before…” “The risk of it happening is so small and it’s hard to quantify…” These are some of the most common excuses companies give for …

chess

Spotlight

Using a robust platform for cyber threat analysis training

stop

Business suffers as over-zealous security tools block legitimate work

Most security teams utilise a ‘prohibition approach’ – i.e. restricting user access to websites …

Google

Google wants bug hunters to probe popular Android apps for bugs

Google has started another bug bounty initiative: the Google Play Security Reward Program. …

binary

The pervasive risk of vulnerable open source components

keys

Vulnerability in code library allows attackers to work out private RSA keys

Expert corner

Using a robust platform for cyber threat analysis training

Joep Gommers CEO at EclecticIQ

Using a robust platform for cyber threat analysis training

Protecting networks from DNS exfiltration

David Williamson CEO at EfficientIP

Protecting networks from DNS exfiltration

iPhone X gets facial authentication, is the enterprise next?

Ryan Zlockie Global VP of Authentication at Entrust Datacard

iPhone X gets facial authentication, is the enterprise next?

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Corey Nachreiner CTO at WatchGuard Technologies

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Navigating GDPR in the mobile enterprise

John Aisien CEO at Blue Cedar

Navigating GDPR in the mobile enterprise

The real cost of alarm fatigue

Tony Rowan Chief Security Consultant at SentinelOne

The real cost of alarm fatigue

What’s the use of a privacy policy?

Raj Samani Chief Scientist at McAfee

What’s the use of a privacy policy?

The security status quo falls short with born-in-the-cloud software

Manish Gupta CEO at ShiftLeft

The security status quo falls short with born-in-the-cloud software

SIEM challenges: Why your security team isn’t receiving valuable insights

Brad Taylor CEO at Proficio

SIEM challenges: Why your security team isn’t receiving valuable insights

We can’t rely on black swans: Three areas to improve cyber policy now

Dr. Andrea Little Limbago Chief Social Scientist at Endgame

We can’t rely on black swans: Three areas to improve cyber policy now

Where does corporate cloud security responsibility begin and service provider responsibility end?

William Hurley AVP Software Lifecycle Services at Astadia

Where does corporate cloud security responsibility begin and service provider responsibility end?

Has healthcare misdiagnosed the cybersecurity problem?

Kevin Magee Global Security Strategist at Gigamon

Has healthcare misdiagnosed the cybersecurity problem?

What's New

FileCloud

New infosec products of the week: October 20, 2017

Ransomware protection intercepts threats targeting enterprise data FileCloud announced FileCloud Breach Intercept, which offers ransomware protection. FileCloud offers branding and customization tools, allowing you to set your own policies, and …

Trojan

MacOS Proton backdoor delivered via Trojanized media player app

A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found. The threat The compromised package was made to deliver the newest …

EU flag

EU MEPs want stronger privacy rules for Internet-enabled communication services

With 31 votes for, 24 against and one abstention, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has backed new privacy protections for EU citizens. The approved draft proposals would apply to SMS and …

Ubuntu

Ubuntu 17.10 brings enhanced security and productivity for developers

Canonical released Ubuntu 17.10 featuring a new GNOME desktop on Wayland, and new versions of KDE, MATE and Budgie. On the cloud, 17.10 brings Kubernetes 1.8 for hyper-elastic container operations, and minimal base images for containers. …

mobile payment

Can it be true? Most consumers value security more than convenience

52 percent of UK consumers think fraud is an inevitable part of shopping online, according to Paysafe, a global payments provider. What are the top three challenges of identifying, managing and protecting against fraud across different payment …

family

The complex digital life of the modern family: Online safety and privacy concerns

The National Cyber Security Alliance (NCSA) conducted a study to better understand teens and parents’ attitudes, concerns and knowledge base about online safety and privacy and how they view their own responsibility to keep themselves safe …

Reviews

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Don't miss

Trojan

MacOS Proton backdoor delivered via Trojanized media player app

EU flag

EU MEPs want stronger privacy rules for Internet-enabled communication services

FileCloud

New infosec products of the week: October 20, 2017

Google

Google wants bug hunters to probe popular Android apps for bugs

stop

Business suffers as over-zealous security tools block legitimate work

Android malware

Millions download botnet-building malware from Google Play

Google security

Google offers Advanced Protection for high-risk users of its services

Oracle

Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update

binary

The pervasive risk of vulnerable open source components

Businessman juggling

Should non-security functions get more involved in cybersecurity?

keys

Vulnerability in code library allows attackers to work out private RSA keys

tunnel

Are you employees snooping on the corporate network?

Malware news

MacOS Proton backdoor delivered via Trojanized media player app

A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found. The threat The compromised package was made to deliver the newest …

Millions download botnet-building malware from Google Play

ESET helps Google protect Chrome users from unwanted software

Android DoubleLocker ransomware encrypts data, changes device PIN

Compromised analytics provider made Equifax’s site point to malware

Privacy news

EU MEPs want stronger privacy rules for Internet-enabled communication services

With 31 votes for, 24 against and one abstention, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has backed new privacy protections for EU citizens. The approved draft proposals would apply to SMS and …

As GDPR implementation date approaches, cyber risk gets more attention

Accenture inadvertently exposes highly sensitive corporate, client data online

Beyond GDPR: Data protection as a competitive advantage

The privacy implications of email tracking