Week in review: Big data, patching for industrial cyber security, and the new issue of (IN)SECURE Magazine
Here’s an overview of some of last week’s most interesting news, interviews and articles:
Consumers don’t trust banks with personal data
Banks top the list of organizations consumers trust least with their personal data, according to a survey of 2,000 UK consumers. Mobile phone operators and retailers also fare badly in the eyes of the consumer in a report from Avaya and Sabio.
2013 will be the year of larger scale big data adoption
According to a worldwide Gartner survey of IT leaders, 42 percent of respondents stated they had invested in big data technology, or were planning to do so within a year.
Zoosk asks users to reset passwords following mass leak
Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs.
Who are the enemies of the Internet?
In their latest report on online surveillance, Reporters Without Borders have named Bahrain, China, Iran, Syria and Vietnam as “state enemies” of the Internet due of their continuous and intensive efforts at spying on journalists, bloggers, human rights defenders and political dissidents. The French-based international non-governmental organization that advocates freedom of the press and freedom of information also considers five big private-sector companies as “corporate enemies,” because they sell products that are liable to be (and have been) used by governments to violate human rights and freedom of information.
Tips for removing data from mobile devices
While the factory reset button seems like the logical place to start, numerous industry and security experts report that even after consumers carry out this exercise, personal information often remains.
(IN)SECURE Magazine issue 37 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.
Adobe patches Flash again, but not the flaws exploited at Pwn2Own
As promised last year, Adobe has been issuing its scheduled Flash updates on the second Tuesday of each month – the same day that Microsoft chose for its monthly Patch Tuesday.
CSOs must adopt new risk management trends
The shift requires senior management and C-level executives to think about risk strategically versus simply crossing off regulatory check boxes.
Mandiant threat report on advanced targeted attacks
Mandiant released its fourth annual M-Trends report, which details the tactics used by threat actors to compromise organizations and steal data. It also highlights incident response best practices employed by organizations that are most successful in combating advanced attackers.
Published celeb credit reports came from government-mandated website
U.S. First Lady Michelle Obama, former California Governor Arnold Schwarzenegger, former U.S. Vice President Al Gore and socialite Kris Jenner are four additional victims of the hackers who set up a site and posted on it confidential personal and financial information of a slew of celebrities and politicians.
Google unveils site to help webmasters recover their hacked sites
As the most widely used Internet search engine, Google Search is the de-facto starting point for hundreds of millions of queries each day. It you are an administrator of a website – and especially if that websites belongs to a business whose success depends on it being always available to customers – one of your primary tasks is to keep it popping up in relevant searches as close as possible to the first page, and to keep it “clean” so that Google doesn’t mark it as potentially compromised and dangerous to users.
Hacker to business owner: Spotting innate talent in others
In a classroom environment, children who question teachers are labelled as trouble makers, and those that take things apart as delinquent. But surely that’s exactly what’s needed in today’s world?
NIST National Vulnerability Database down due to malware
U.S. National Institute of Standards and Technology’s National Vulnerability Database is unavailable, and has been since they discovered malware on some of its servers nearly two weeks ago.
Encrypting Trojan targets users, demands $5,000
A significant number of systems have now been compromised by the Trojan in Spain and France: over the past 48 hours, Doctor Web’s technical support has gotten dozens of requests from people whose files have been encrypted by Trojan.ArchiveLock.20, and such requests are still being received.
Governance and assurance guidance for big data
To help enterprises use big data effectively, global nonprofit IT association ISACA issued guidance on how to manage the chaos and address the business benefits and challenges.
Identity fraud is up, but banks are up to the security challenge
Javelin’s security research found that 5 of the top 25 FIs prohibit the use of the Social Security number (SSN) to authenticate a user’s identity, up from none in 2011. While this represents a major improvement, 20% adoption is still distressingly low, especially with account takeover fraud at a seven‐year high. Yet, a promising consumer empowerment trend is finally gaining momentum among FIs – 40% of FIs are leveraging customers’ unique knowledge of their own financial behavior to prevent fraud by blocking types of transactions the customer knows he or she would never initiate.
Doctors used silicone fingers to fool fingerprint scanner
Fingerprint scanners might not work with severed fingers, but artificial ones still manage to fool them, as proved by the recent discovery of a fraudulent scheme set up by doctors working in the Ferraz de Vasconcelos hospital in the Sao Paulo state in Brazil.
Executive challenges of expanding a disaster recovery and backup business
Kevin Moreau is the Managing Director for EMEA at Unitrends. The company recently announced its expansion into Europe so it was a perfect time to talk with Moreau about challenges related to operations and growth throughout the EMEA region.
New ZeuS-based modular rootkit offered to cybercriminals
Given the popularity of the Zeus crimeware, and the fact that its source code has been ultimately offered for sale at bargain basement prices, it’s no wonder that every now and then malware based on it gets offered on underground forums.
Patching for industrial cyber security is a broken model
While patching such systems is important as part of an overall Defense in Depth strategy, the difficulties of patching for industrial systems mean that compensating controls are often a better method of providing immediate protection.
Japanese student sets up free VPN service
Based on the SoftEther open-source VPN freeware, which is designed to run on Windows, Linux, Mac, FreeBSD and Solaris, the VPN Gate service relies on volunteers around the world to download the server software and set up Public VPN Relay Servers for others to use.
Reuters editor indicted for allegedly helping Anonymous hack news site
A former web producer for a Tribune Company-owned television station in Sacramento, Calif., was charged today in an indictment for allegedly conspiring with members of the hacker group “Anonymous” to hack into and alter a Tribune Company website, the Justice Department announced.