Week in review: Google catches India with fake certificates, and the risks of selling used smartphones

Here’s an overview of some of last week’s most interesting news, interviews, reviews and articles:

Exploring the mobile security landscape
In this interview, Adam Ely, COO of Bluebox, discusses the most significant mobile security challenges for enterprise security professionals, illustrates how BYOD is shaping the enterprise mobile security landscape, and offers advice for CISOs trying to protect data confidentiality and integrity while working with an increasingly mobile workforce.

Penetration Testing: A Hands-On Introduction to Hacking
There are many people out there fascinated by the idea of penetration testing, but they believe they could never learn to do it, or haven’t got a clue on where to start. This book aims to be the first book that aspiring pentesters will pick up and, according to the author, the only thing they need to know before working though it is to install software on their computer.

Travelers targeted by infected travel websites
Proofpoint security researchers recently were the first to discover that a large number of travel destination websites had been compromised and were being used to deliver the Nuclear exploit kit.

Why IAM will be worth over $10 billion by 2018
According to research firm MarketsandMarkets, the IAM Market is expected to grow 15.1% over the five years from 2013 to 2018. IAM isn’t new, so what’s driving adoption?

Security weakness found in WiFi enabled LED light bulb
Researchers at Context Information Security have been able to expose a security weakness in a WiFi enabled, energy efficient LED light bulb that can be controlled from a smartphone. By gaining access to the master bulb, Context was able to control all connected light bulbs and expose user network configurations.

Risks of selling used smartphones
From used devices, researchers was able to recover more than 40,000 personal photos, emails, text messages, and – in some cases – the identities of the sellers.

DPAPI vulnerability allows intruders to decrypt personal data
Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems.

Global cloud services market to reach $555 billion by 2020
In 2014, the overall cloud services market revenue will reach $209.9 billion, led by public cloud services. The community cloud services segment is gaining momentum and is expected to garner revenue of $1 billion this year, thanks to its adoption in healthcare segment.

1 in 5 enterprises experienced an APT attack
An ISACA global study shows that one in 5 organizations (21 percent) have experienced an advanced persistent threat (APT) attack, and 66 percent believe it’s only a matter of time before their enterprise is hit by an APT. Yet only 15 percent of enterprises believe they are very prepared for an APT attack.

Dispelling the myths behind DDoS attacks
Distributed Denial of Service (DDoS) attacks are quickly becoming the preferred method for cyber attackers to wreak havoc on the internet. With a recent spate of attention grabbing headlines focused on the hacker’s favorite tool, this article busts some myths about DDoS attacks.

Cloud security threats, tips and best practices
In this interview, Gray Hall, CEO at Alert Logic, illustrates today’s top cloud security threats, tackles privacy and surveillance issues, and offers security best practices organizations should implement when moving to the cloud.

CryptoLocker is temporarily disabled, users still at risk
The Trojan often comes bundled with spam messages, but the most effective vector is a secondary delivery mechanism that involves the GameOver Zeus botnet deploying CryptoLocker in a pay-per-install affiliation mechanism.

The emergence of the Digital Risk Officer
More than half of CEOs will have a senior “digital” leader role in their staff by the end of 2015, according to the 2014 CEO and Senior Executive Survey by Gartner. Gartner said that by 2017, one-third of large enterprises engaging in digital business models and activities will also have a digital risk officer (DRO) role or equivalent.

Nearly 70% of critical infrastructure providers suffered a breach
In a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies, 64 percent of respondents anticipated one or more serious attacks in the coming year.

Checklist: Should I use Linux?
For those who aren’t sure how to evaluate the efficacy of Linux for themselves, here is a simple guide that can walk you through the criteria you need to look at.

Businesses are deprioritizing information security
Businesses are deprioritizing information security and decreasing their investment in the destruction of confidential information.

Big Data security mistakes, tips and tricks
In this interview, Mark Cusack, Chief Architect at RainStor, talks about the main challenges of handling petabyte-scale volumes of data, illustrates the most obvious mistakes that companies make with their Big Data projects and offers advice to organizations about to welcome Big Data into their cloud storage environments.

Google catches India with fake certificates
Right now, every enterprise should be using certificate whitelisting to make sure the Indian Controller of Certifying Authorities are no longer trusted.

Securing the virtual environment
So you have you a shiny new virtual environment up and running. You may have virtualised all your servers, so that your business-critical databases, CRM systems, ERP applications and email all reside in a virtual environment. It has been a long project, but now it is complete and you are experiencing the operational, performance and cost gains. Stop! Think! Have you covered all the bases? Have you thought about security?