Week in review: Tails 0-days, iOS backdoors, and the psychology of phishing

Here’s an overview of some of last week’s most interesting news, interviews and articles:

EFF invites hackers to test, secure its Open Wireless Router
The Electronic Frontier Foundation (EFF) has released Open Wireless Router, an experimental alpha release of wireless router software that is meant to improve some and add new capabilities to existing routers.

Metadata-hiding Dark Mail protocol soon to be reality
At the Hackers on Planet Earth X (HOPE X) conference held this weekend in New York, NSA whistleblower Edward Snowden called for hackers, coders and developers to “help build a better future by encoding our rights into the programs and protocols upon which we rely everyday.”

What does the future hold for cloud computing?
The majority of coverage indicates that growing numbers of businesses are embracing the technology’s many benefits – such as cost and time savings – and this mirrors our own intelligence. However, amongst the positivity remain concerns about security, with discussions surrounding the storage of, and access to, sensitive data remaining ever-present.

Computer Incident Response and Forensics Team Management
In this day and age, it’s only a matter of time when an organization’s systems and networks will be breached by cyber attackers. Having an internal security incident response team (SIRT) should a no-brainer (if the budget allows, of course). This book aims to teach how to manage such a team, help you decide when it’s the time to had over the investigation to a forensics team, and how to manage that team, as well.

How Nigerian cyber criminals have evolved
Cyber criminals in Nigeria have evolved common malware campaigns to infiltrate businesses that have not previously been their primary targets.

WordPress Security Checklist
WordPress is not only easy to use, it also comes with many plugins and themes for you to choose from, making it extremely customizable. However, like all other popular platforms, it is also more prone to hacking. For those who are not sure how to beef up your WordPress security, download the checklist to follow how to keep your site safe.

IT security training: Be proactive
To ensure that employee knowledge is current and relevant, security training should be at least twice a year. Whilst that is obviously a big outlay both in terms of time, resource and money, when we’re staring at a global economic bill that mounts to hundreds of billions, surely it is an investment worth making?

The psychology of phishing
Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually.

EFF releases Firefox, Chrome plugin to stop online tracking
The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission.

8 online safety rules for college-bound kids
Previous generations didn’t need to have “the digital talk” but in a world where what goes online stays online, it’s essential.

Critical de-anonymization 0-days found in Tails
The claim has been made by researchers with vulnerability and exploit research company Exodus Intelligence, who are scheduled to give a talk about it at the Black Hat hacking conference next month.

Intentional backdoors in iOS devices uncovered
A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.

Interest for SSL and PKI on the rise
The surge in the number of data breaches and recent security bugs such as Heartbleed has generated strong interest in digital certificates and technologies, including SSL and PKI.

Internet Explorer vulnerabilities increase 100%
Analysis indicates that Microsoft Internet Explorer vulnerabilities have increased more than 100 percent since 2013, a trend underscored by a progressively shorter time to first patch for its past two releases.

40% of orgs running VMware still susceptible to Heartbleed
According to data collected by data analytics company CloudPhysics, more than half of deployed VMware vCenter servers (57%) and ESXi hypervisor hosts (58%) affected by the flaw are still unpatched.

Android Simplocker ransomware hits English-speaking users
From a technical perspective, the file-encrypting functionality remains virtually unchanged from earlier versions, apart from using a different encryption key, but this recent Simplocker variant does contain two additional tricks to make the victim’s life more miserable.

The 25th anniversary of the firewall: Celebrating a new generation
The McAfee Infographic that depicts the “lifetime’ of the firewall is open on my laptop and I’m a little nostalgic as I remember the events that were part of its evolution.

Operation Emmental exploits holes in banking security
Trend Micro researchers have discovered and analyzed a clever attack aimed at customers of Austrian, Swiss, Swedish, and Japanese banks. They dubbed it Emmental, after the famous Swiss cheese, because the online banking protections these banks use are similarly full of holes.

How organizations deal with BYOD and mobile security
A new study found that nearly half of respondents agreed that users bringing downloaded apps or content with embedded security exploits into their organization, as well as malware infections, are top BYOD security concerns.

Apple confirms iOS backdoors, researcher says explanation is misleading
In the wake of the discovery of undocumented features in Apple’s iOS that can serve as backdoors, the company has modified a knowledge base article to enumerate and explain the three questionable services found by iOS forensics expert Jonathan Zdziarski.

European Central Bank blackmailed in wake of data breach
The European Central Bank (ECB) – the central bank for the euro – has suffered a data breach, and has only discovered it after receiving a blackmail letter from the attacker.

New type of ransomware bucks established trends
Ransomware is now one of the fastest growing classes of malicious software, says Kaspersky Lab researcher Fedor Sinitsyn. This should not comes as a surprise, when we know that 35 percent of those who get infected by it end up paying the ransom.

The evolution of backup and disaster recovery
In this interview, Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department’s approach to backup and disaster recovery, and much more.

Open source responsible disclosure framework released
Bugcrowd, known for crowdsourced security testing, publicly released a new guide for companies looking to set up their own responsible disclosure programs.

Fake GoogleBots are third most common DDoS attacker
An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals.

Google and EU debate on implementation of “right to be forgotten”
It is, by now, widely known that European users can ask Google to “forget” sites with content these users find damaging to their reputation, but the European Court of Justice’s ruling will not be easy to implement, given the global nature of the Internet.




Share this