Week in review: GCHQ intercepts Google, Facebook users’ communications, Code Spaces destroyed by extortion hack attack

Here’s an overview of some of last week’s most interesting news, podcasts, interviews and articles:

Five great computer security tips that few people follow
Here are five rarely implemented security practices that offer great security benefits, but which few people actually apply in real life.

600,000 customer details compromised at Domino’s
Although it is not certain exactly what records have been affected, it is staggering that the personal details of so many customers were seemingly left unencrypted and susceptible to this kind of attack – especially when you consider the warning shots that have been issued with previous high profile attacks.

Being a CISO at a higher education institution
In this interview, Matt Santill, CISO of Broward College, talks about the requirements and peculiarities of his job, the technologies the college uses to make its network safe, and offers advice for CISOs working in other educational institutions.

Analysis of 3000 vulnerabilities in SAP
Here are 6 highlights from a research conducted by the ERPScan team during 7 years of deep analysis of SAP vulnerabilities. A significant share of the analyzed vulnerabilities was found by the ERPScan research team themselves.

Service providers need different core competencies in a digital world
Traditional sourcing strategies that are either too centralized or not centralized enough, too customized or too industrialized, actually reduce, rather than enhance, agility.

There’s a new banking Trojan in town
Dubbed “Dyreza,” the malware targets users of a number of major online banking services in the US and the UK: Bank of America, Natwest, Citibank, RBS, and Ulsterbank.

Could you maintain security in event of IT failure?
A study investigating the priorities for the UK and Ireland’s top banks and insurance companies has revealed low confidence in the ability to remain secure in the event of an IT collapse.

Hacker nets over $600k by compromising NAS systems to mine Dogecoin
A single threat actor is responsible for the compromise of a considerable number of Synology NAS systems that were set to mine Dogecoing in secret and have netted him over $620,000, researchers from Dell SecureWorks reported.

Whitepaper: Extended Validation SSL Certificates
Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.

A new defense against kernel-mode exploits
Over the past many years, there’ve been a plethora of security solutions available for Windows-based endpoints, but most of them are helpless against malicious code targeting the kernel – even when we employ layered security and stack them one upon the other. The time has come to change the security paradigm and architecture, say Rafal Wojtczuk and Rahul Kashyap. “Windows kernel vulnerabilities are frequent, and this is not going to change anytime soon,” they say. “We have to live with them and be able to defend against them.” In this podcast recorded at Hack In The Box Amsterdam 2014, they propose a solution to the problem.

Remove Android ransomware for free
avast! Ransomware Removal is a free app that eliminates Android ransomware and decrypts locked and ransomed files.

GCHQ legally intercepts Google, Facebook users’ communications
A successful legal challenge has forced the UK’s top counter-terrorism official to reveal the (until now) secret government policy that allows the GCHQ to intercept British residents’ emails, text messages, and communications sent via Facebook and other social networking sites and webmail services, as well as web searches made via Google – all without needing a warrant.

Microsoft patches DoS flaw in its Malware Protection Engine
Microsoft has released an update for its Malware Protection Engine to fix a privately reported security vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a specially crafted file.

Would you run potentially malicious programs in return for a dollar?
A group of researchers have discovered a depressing fact: some computer users will download and run an executable that they can’t be sure isn’t malicious for as little as one cent, and over 40 percent of them will do the same if they are offered to earn a dollar.

Five steps towards cyber breach preparation
What is the new normal for companies wanting to prepare for a cyber breach? What steps should organisations be seeking to put into place in order to have the best possible response to a breach incident?

Android smartphones pre-installed with malware hit the market
Cheap Android-based smartphones pre-installed with spyware are being distributed to European users, experts from German security vendor G Data are warning.

Authorization model for home automation
Apple’s recent announcement of their HA framework HomeKit in iOS 8 positions the user’s iPhone or iPad as the control point for the home’s devices (at least those that are HomeKit compatible).

Scan of Google Play apps reveals thousands of secret keys
A team of researchers from Columbia University has downloaded and decompiled over 880,000 applications found on Google Play, and has discovered – among other things – that app developers often embed their secret authentication keys in the apps, which can lead to attackers stealing server resources or user data available through services such as Amazon Web Services or Facebook.

Code hosting Code Spaces destroyed by extortion hack attack
Cloud code hosting service Code Spaces is forced to shut down, as a DDoS attack coupled with an unsuccessful extortion attempt was followed by the attacker deleting most of its code repositories and backups.

Identity theft consequences and tips to stay secure
In this interview, Tom Feige, CEO of idRADAR, shares alarming identity theft stories, explains the consequences of getting your identity stolen, offers advice to organizations that want to prevent their employees from becoming victims of identity theft, and more.

Are your third-party vendors leaving the door open to hackers?
In every arena, smart enemies choose the path of least resistance. In the data security realm, that path increasingly goes through third-party vendors and subcontractors.

Demand for PaaS on the rise
As many as 85% of survey respondents said that there is demand within their organization to reduce the time it takes to develop and deploy applications, highlighting that the Develop Your Own Application (DYOA) trend is primarily being driven at a business rather than IT level.

TrueCrypt developer says forking the software is impossible
Even though a number of people have expressed interest in continuing the development of TrueCrypt, the future of these projects is questionable as one of the TrueCrypt developers feels that “forking” the software would not be a good idea.

Critical flaw exposes admin passwords of nearly 32,000 servers
Over 30,000 servers with Supermicro baseboard management controllers (BMCs) on their motherboards are offering up administrator passwords to anyone who knowns where to look.




Share this