Week in review: Microsoft axes Trustworthy Computing Group, Apple’s new privacy policy, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news, interviews, reviews and articles:

(IN)SECURE Magazine issue 43 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Kit: The Essentials of IT Security
The Essentials of IT Security brings together the latest in information, coverage of important developments, and expert commentary to help with your IT Security related decisions.

Emerging cloud threats and how to address them
As organizations deploy and harness private, community and hybrid clouds, they encounter new types of threats, along with the old ones they’ve been battling for years. Here are some emerging security threats and issues cloud providers and their clients should be aware of.

Review: Secure mobile messaging with Threema
Threema is a mobile messaging app that comes with end-to-end encryption and supports iOS and Android, with a Windows Phone edition in the works.

Best practices for skimming prevention
The PCI Security Standards Council released an update to its guidance for merchants on protecting against card skimming attacks in POS environments.

Researcher creates exploit for compromising scammers’ computers
Even if you never had to deal personally with “Windows support” scammers, chances are someone you know did or you have heard about these type of scams.

Bug bounty programs: The road to hell is paved with good intentions
“Bug bounties can be an extremely effective tool if they are implemented and operated correctly. The problem, however is that this is difficult to do and rarely achieved; and they can actually do more harm than good.

Citadel malware becomes APT tool in newest hacking campaign
APT attackers wielding a newer, more dangerous versions of the Citadel malware have been targeting a number of Middle Eastern petrochemical companies.

XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ Amazon account, a German researcher has warned.

Macro based malware is on the rise
Malware authors have a rediscovered their love for Visual Basic, as the percentage of macro based malware rose from around 6% of all document malware in June to 28% in July.

How to talk infosec with kids
As cybersecurity professionals, we know first-hand how the cyber world is filled with battles between good and evil. But do your kids know that? If you’re a parent, like me, chances are you’re concerned about your kids using the Internet.

Apple adds two-step verification for iCloud
Apple has announced that the two-step verification option for iCloud accounts now also extends to iCloud backups, preventing attackers who know the target’s password from installing the target’s backup on a new device and, thusly, from accessing the information contained in it.

Critical Android Browser bug threatens users’ privacy
Earlier this month, security researcher Rafay Baloch has released a proof-of-concept exploit that takes advantage of a vulnerability in an Android Browser’s security mechanism and could allow attackers to harvest confidential user data.

Security compliance is necessary for real-time mobile data access
Security compliance often varies from organisation to organisation due to varied industry regulation as well as internal security policies and procedures. We often see organisations attempt to repurpose security frameworks from the PC world and apply them to mobile. Mobile is fundamentally different than other enterprise technology and therefore requires a revised approach to security policies and countermeasures.

Tinba Trojan targets major US banks
Tinba, the tiny (20 KB) banking malware with man-in-the-browser and network traffic sniffing capabilities, is back.

Hackers penetrated systems of key defense contractors
Hackers associated with the Chinese government successfully penetrated the computer systems of U.S. Transportation Command contractors at least 20 times in a single year, intrusions that show vulnerabilities in the military’s system to deploy troops and equipment in a crisis, a Senate Armed Services Committee investigation has found.

Malicious eBay listings redirect users to phishing site
An IT worker from Scotland who is also an “eBay PowerSeller” has discovered an eBay listing for an iPhone that was rigged to redirect potential buyers to a spoofed eBay login page.

iOS 8 fixes bucketload of severe security bugs
Apple has released the latest version of its mobile OS on Wednesday, and in it has fixed over 50 vulnerabilities, many of which are very serious.

How to keep your contactless payments secure
Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.

Simply Secure aims to make security technology usable
Just two days after they joined a collaboration that will focus on making open source “easier for everyone,” Google and Dropbox have announced that they will be working together on another initiative: Simply Secure.

Apple drops the “warrant canary” from transparency report
In the wake of the change of Apple’s Privacy Policy, and the encryption technology used in iOS 8 that makes it “not technically feasible” for Apple to respond to government warrants for data extraction, GigaOm’s Jeff John Roberts has noted one more crucial change: the disappearance of Apple’s “warrant canary.”

Microsoft kills off its Trustworthy Computing Group
Microsoft’s Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company’s Cloud & Enterprise Division or its Legal & Corporate Affairs group.




Share this