Week in review: Replicating NSA’s gadgets using open source, World Cup-themed threats, and life after TrueCrypt

Here’s an overview of some of last week’s most interesting news, podcasts, interviews and articles:

Replicating NSA’s gadgets using open source
In this podcast recorded at Hack In The Box Amsterdam 2014, wireless security researcher Michael Ossmann shares his insights on what to use – and how – to duplicate hardware devices found in the ANT catalog.

Have today’s privacy policies made us a society of liars?
In a world where a click of a mouse or a swipe of a card provides organizations with an in-depth look into our most personal information, consumers must demand corporations take actions to foster (or regain) their trust.

Crypto-ransomware brings in quite a profit
Crypto-ransomware is quickly becoming cybercrooks’ favorite tool to extort money from computer users. After the amazing success of CryptoLocker, copycats have begun popping up, targeting both PC and Android users.

Breakdown of traditional security models and strategies
Gartner predicts that by 2018, 25 percent of large organizations will have an explicit strategy to make their corporate computing environments similar to a consumer computing experience.

German startup raises $2M for NSA-proof server
A German startup has broken crowdfunding records as it managed to get pledges for 1.5 million Euros (around $2 million) in less than a few hours. The project that prompted such a huge positive reaction? An “NSA-proof” server that provides scalability, high storage capacity and control, as well as location-independent data access and a thought-through social collaboration platform.

Some governments have direct access to Vodafone networks
Telecommunications giant Vodafone has released its first-ever Law Enforcement Disclosure Report, and among the things revealed in it is the scary fact that some countries have direct and permanent access to the company’s servers and to customer communications via their own direct link.

Winning the war on web stealth attacks
The “National Strategic Assessment of Serious and Organised Crime 2014”, published in May by the UK National Crime Agency, listed DDoS as a major concern for business critical systems for the first time.

World Cup Brazil 2014: How cybercriminals are looking to score
Cybercriminals are using various attack techniques to exploit the World Cup theme, including fraudulent domains selling fake tickets, fake giveaways, and several phishing and malware campaigns. They are also using methods like credit card cloning and ATM scams to attack those attending the games in Brazil.

How the cloud can be used and misused
Peter Jopling, CTO and Software Security Executive, IBM UK & Ireland, talks about threats to cloud infrastructure providers, the importance of real-time data analytics, illustrates the way cloud enables cybercriminals to expand the scope and size of their attacks, and more.

Whitepaper: How Big Data fights back against APTs and malware
This whitepaper is essential reading for CEOs, CTOs, Network Security Professionals, and everyone else who needs to know why “Big Data = Big Protection” in today’s threat landscape.

ISO 27001: An overview of ISMS implementation process
Although many people consider ISO 27001 as a bureaucratic standard with no real benefits, actually the opposite is true – if it is implemented properly, not only will it enhance the marketing position of your organization, but it will also help you organize all information security activities in a clearly defined framework, and consequently decrease the level of risks.

Retail breaches and the SQL injection threat
Continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against major U.S. retailers.

Payment card breach at US restaurant chain P.F. Chang’s
Asian-themed US restaurant chain P.F. Chang’s China Bistro has suffered a breach that resulted in the theft of customers’ payment card data.

iOS 8 will randomize devices’ MAC address to increase privacy
The next major release of Apple’s iOS mobile operating system will include an important change: when local wireless networks scan for devices in range, devices running iOS 8 will provide random, locally administrated MAC addresses.

Microsoft battles US search warrant requesting customer emails stored abroad
Microsoft is battling a search warrant that could have a great impact on the future of US tech companies in the global market.

Google End-to-End: The encryption silver bullet?
To those of us in the IT security business, it is easy to treat the Google announcements as marketing hype to shore up concerns over security. Their messaging leaves some questions.

Fake, malicious World Cup-themed apps targeting Android users
Mobile users should be aware that cyber crooks have taken to cloning popular apps and adding to them malicious routines.

GFI Cloud gets remote control and screen sharing
GFI Software announced the addition of remote control and remote access capabilities as part of a major update to GFI Cloud, the company’s IT platform for SMBs.

Life after TrueCrypt
While speculation continues around the fate of popular disk encryption software TrueCrypt, Sophos conducted a survey of over 100 IT professionals regarding their use of encryption, including TrueCrypt.

Automatic updating of Android apps becomes riskier
Google has made unwelcome changes to the way new app permissions are disclosed to users: no warnings will be shown if a new permission if is in the same category as an old one that has previously been accepted.

Authentication innovation, identity and credential management
In this interview, Richard Parris, CEO of Intercede, talks about how the digital world has shaped our identity, the main catalyst behind authentication innovation as well as key issues you have to deal with when implementing identity and credential management.

The state of GRX security
In this podcast recorded at Hack In The Box Amsterdam 2014, Stephen Kho and Rob Kuiters explain what GRXs are, how they function, how vulnerable they are, and what their operators can do to secure them better.

The privacy attitudes of 15,000 consumers from 15 countries
Spanning 15 countries and 15,000 consumers, the the EMC Privacy Index reveals consumers hold viewpoints on privacy that vary widely by geography and the type of activity engaged in while online.

Use your own encryption keys for Amazon S3 storage
Amazon Web Services has some good news for users of S3, its popular online file storage web service: they can now use their own encryption keys to protect their data at rest.

Mobile security risks and challenges
Nat Kausik, the CEO at Bitglass, offers advice to organizations moving to an increasingly mobile workforce and discusses the most common mobile security pitfalls.

More about

Don't miss