Week in review: Apple devices hijacked in blackmail scheme, inside the malware war zone, and hacking for the greater good

Here’s an overview of some of last week’s most interesting news, interviews, reports and articles:

In wake of breach, eBay has to deal with multiple web vulnerabilities
As eBay flounders while trying to adequately respond to the breach it disclosed last week, and deems weak passwords to be good but stronger ones to be weak, researchers are coming forth with vulnerabilities affecting the company’s web properties.

Instant messaging Trojan spreads through the UK
Hundreds of computer systems have been infected with the latest instant messaging Trojan. Bitdefender has spotted an increasing wave of infections in the past week in countries such as the UK, Germany, France, Denmark, Romania, the US and Canada.

Web application penetration testing with ImmuniWeb
Switzerland-based ethical hacking and penetration testing experts High-Tech Bridge recently released an interesting security product that uses a hybrid approach towards web application security testing. Based on years of experience, the new ImmuniWeb offering is a Software-as-a-Service tool that combines manual and automated penetration testing in a cost effective way.

Change auditing and Netwrix Auditor
Michael Fimin is the CEO of Netwrix. In this interview he talks about the importance of change auditing and outlines the features of Netwrix Auditor.

Small businesses and the cloud: How to mitigate the risks
Security concerns are still preventing many small businesses from using new technology methods to accelerate growth. The cloud is one major example of a “hot topic” that has perpetuated the news cycle as something that could help small businesses, but new and unsolved old risks are blocking a mass uptake in cloud-based services.

Secure file sharing uncovered
Ahmet Tuncay is the CEO of Soonr, a provider of secure file sharing and collaboration services. In this interview he talks about making security a priority, discusses what drives employees to routinely use personal online file sharing solutions for confidential data, outlines the critical features of secure file sharing solution, and more.

Hacker hijacks Apple devices remotely, asks for ransom
An unusual case of cyber extortion has been spotted in Australia: Apple device users in Queensland, NSW, Western Australia, South Australia and Victoria have woken up to see messages displayed on their devices saying they have been hacked.

Apps on your Android phone can take photos without you knowing
A researcher has demonstrated that it’s possible for malicious attackers to create an Android app that will surreptitiously take pictures and upload them to a remote server without displaying any notification, without the presence of the app being visible (i.e. on the list of installed applications), and even without the screen being on.

Outlook for Android fails to keep emails confidential
Did you know that Outlook and many other email and mobile messaging Android apps store your emails and messages on the device’s SD card, unencrypted, and accessible to any third-party app that is permitted to access the card’s contents? Couple that with the (widely given) permission to access the Internet, and your potentially confidential conversations might be exfiltrated and stored on remote servers for attackers to peruse and misuse.

Hybrid Zberp Trojan targets bank users around the world
A new threat created by the amalgamation of the publicly available code of two of the most (in)famous malware around is targeting users of over 450 financial institutions around the world, warn Trusteer researchers. Currently the most targeted are users in the US, Australia, and the UK.

Online gaming threats and protection tips
In this podcast, recorded at Infosecurity Europe 2014, Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, talks about online scams and phishing attacks, specifically those related to protected Steam accounts. He also offers tips that can enable gamers to make their accounts more secure.

Risk management issues, challenges and tips
Gary Alterson, is the Senior Director, Risk and Advisory Services at Neohapsis. In this interview he discusses the most significant issues in risk management today, offers tips on how to develop a risk management plan, and more.

The cloud will transform the airport experience
Airports are increasingly identifying the need to switch to cloud systems in order to improve operational efficiencies, according to Amadeus, who collected the viewpoints of over 20 senior IT leaders from the airport industry to investigate the business case for adopting cloud based Common Use systems at airports.

Data brokers collect info on nearly every U.S. consumer
In a report issued on the data broker industry, the Federal Trade Commission finds that data brokers operate with a fundamental lack of transparency. The report is the result of a study of nine data brokers, representing a cross-section of the industry, undertaken by the FTC to shed light on the data broker industry. Data brokers obtain and share vast amounts of consumer information, typically behind the scenes, without consumer knowledge.

Fraud study finds MasterCard holding lowest fraud rate
2Checkout released a study of online payments fraud, based on a worldwide sample of approximately one million payment transactions tracked each quarter.

Inside the malware war zone
Adam Kujawa is the Head of Malware Intelligence for Malwarebytes. In this interview he talks about the evolution of malware in the past decade, illustrates the differences in global malware based on the point of origin, highlights the events that changed the threat landscape, offers insight about future threats, and more.

eBook: Top 3 Big Data security myths
Data volumes are growing rapidly with no end in sight. Big Data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. How are they protecting that data? This eBook addresses three myths of Big Data security.

8 key cybersecurity deficiencies and how to combat them
While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organizations’ cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries. According to the report, only 38 percent of companies have a methodology to prioritize security investments based on risk and impact to business strategy. The survey is a collaborative effort with PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the U.S. Secret Service.

Hacking for the greater good
As long as people write code, they will write code with flaws, says Katie Moussouris, former Senior Security Strategist Lead at Microsoft Security Response Center and, as of last week, Chief Policy Officer of HackerOne. But security researchers should empathize with them, not just tell them that their “baby” is ugly and flawed, she noted. They should note and praise the things they did good and point them towards ways of making their code better and more secure.

Malware creation breaks all records! 160,000 new samples every day
Malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.

Strategic security acquisitions: What makes sense?
Thanks to a steady stream of high-profile data breaches, a rapidly shifting threat environment, and the recent indictment of 5 members of Chinese People’s Liberation Army “Unit 61398″ for state-sponsored espionage, security is top-of-mind, even in the boardroom. Collectively, these forces have major implications for the security technology marketplace. Already, we’re seeing some “old guard’ technology vendors being overcome by newer, more agile vendors. In addition, security technology vendors are scrambling to build out their security product portfolios through strategic acquisitions.

Walking through Hack In The Box 2014 Amsterdam
This year’s Hack In The Box conference is being held at the De Beurs van Berlage, which is an impressive venue located in central Amsterdam. The organization, the presentations and, best of all, the atmosphere are – as usual – fantastic. For the first time, the Haxpo floor is open and free to outside visitors, who took the opportunity to peek into the infosec world and to bring their kids with them.

What inspired you to start hacking?
This is a question that Jennifer Steffens, IOActive CEO, often asks hackers she meets on conferences around the world. More often than not, the answer is movies: War Games, Hackers, The Matrix, and so on. But today, it is the real life hacking that is inspiring the movies of tomorrow.

Keeping your data secure while on the move
John Michael is the CEO at iStorage, a provider of secure portable data storage. In this interview he discusses the often overlooked repercussions of data loss, offers tips for organizations to make sure their data is secure even when on the move, and more.

More about

Don't miss