Week in review: Apple patches critical OS X SSL flaw, Mt. Gox goes bankrupt, MS EMET’s protections bypassed

Here’s an overview of some of last week’s most interesting news, reviews and articles:

RSA Conference USA 2014 coverage
You didn’t make it to this year’s edition of the most prominent information security conference, and wonder what you missed? Wonder no more – visit our dedicated coverage website for news about talks, newly released products, research, and a bevy of photos from the event.

The time for responsible reporting has come
I have no problem with security vendors and service providers using their research to help promote the products and services they sell. However, I am a seeing a worrying trend in how some vendors are reporting on new threats or are issuing analysis on the latest major security breaches.

Whitepaper: Solving the password management paradox
Discover how to solve the need for security without burdening the worker with oppressive requirements.

Details about Neiman Marcus breach revealed
The Neiman Marcus breach is not as bad as previously believed, as the number of potentially affected cards dropped from 1.1 million to approximately 350,000.

Target hack spurred US businesses to spend more on cyber security
New research conducted this month reveals that the attacks on international businesses, including banks and retail giants such as Target, led to a significant 60% of US businesses surveyed increasing their cyber security budget.

Apple finally patches critical SSL flaw in OS X
Apple has released an update for OS X that, among other things, patches the infamous “gotofail” bug whose existence was publicly revealed last Friday. The flaw was initially patched on iOS and Apple TV with updates pushed out on that same day, but OS X users were left to wonder why a fix hasn’t been provided for them as well.

Free tool helps fend off most cyber attacks
Qualys announced that it has collaborated with the SANS Institute and the Council on CyberSecurity to release a new free tool to help organizations implement the Top 4 Critical Security Controls to fend off attacks.

Consumers want privacy, but don’t take advantage of opt-out technologies
A majority of consumers worry about how marketers use their personal data, but 79 percent are more likely to provide personal information to what they consider a “trusted brand,” according to a new consumer behavior study.

Microsoft testing EMET’s new protection mechanisms
Just as researchers made public their successful attempt of creating attack code for bypassing the protections of the latest version of Microsoft’s Enhanced Mitigation Experience Toolkit (v4.1), the Redmond giant has announced the preview release of EMET 5.0.

SpyEye and Tilon banking malware have the same author(s)
Analysts from Fox IT believe that the creators of Tilon are Gribodemon, the infamous author of the SpyEye banking Trojan, and his colleagues.

Third-party programs responsible for 76% of vulnerabilities in popular software
Third-party programs are responsible for 76% of the vulnerabilities discovered in the 50 most popular programs in 2013, say the results of Secunia’s Vulnerability Review 2014, which is based on a sampling of the company’s seven million PSI users.

University of Maryland sets concrete cybersecurity goals in wake of data breach
The University’s president shared his plan to launch a “comprehensive, top-to-bottom investigation of all computing and information systems” – both the central ones operated by the University, as well as the local systems operated by individual administrative and academic units.

Two of every five CryptoLocker victims pay the ransom
But just how much money are we talking about here? Also, ransomware has been around for a while now – surely people aren’t falling for these tricks anymore? Well, as it turns out, they do, and in much greater numbers that generally thought.

Review: Two-factor authentication for WordPress using Rublon
Rublon provides automatic two factor authentication for web applications. It currently supports Drupal, WordPress, Magento, PrestaShop and OpenCart.

Mt. Gox Bitcoin exchange files for bankruptcy protection
After a series of bad news from Mt. Gox comes the ultimate blow to its users: the prominent Bitcoin exchange has filed for bankruptcy with the Tokyo District Court in Japan.

More about

Don't miss