Week in review: Shellshock exploits, privacy breaches in Europe, and protecting charities online

Here’s an overview of some of last week’s most interesting news and articles:

Information security experts: Act and protect charities online
The Give A Day campaign aims to provide a platform that would enable professionals to donate their time to help charities with their cyber security issues.

Whitepaper: BYOD security that works
Today’s emerging security technologies for cloud and mobile give IT organizations more control, while also protecting employee privacy. Persistent digital watermarking technology and data leakage prevention make it possible to protect each piece of important data, rather than trying to control an entire device or application. The advantages of this strategy offer a revolution in the way today’s CIO can approach IT security.

AT&T suffers another insider breach
US telecom AT&T has lately been having problems with malicious insiders, and the latest incident has resulted in the compromise of account and personal information of some 1,600 customers.

Android browser SOP bypass bug: Who’s affected, and what to do?
According to the numbers provided by mobile security firm Lookout, around 45 percent of their users have a vulnerable version of the AOSP browser installed.

Yahoo says its servers weren’t Shellshocked
After researcher Jonathan Hall’s claims that a group of hackers has been exploiting the Bash Shellshock vulnerability to compromise a number of servers belonging to Yahoo, Lycos and Winzip made headlines, the companies in question were forced to address the fact.

Windows 10 will not come with built-in keylogging capabilities
In case you missed it, a big fuss has been raised about the keylogging and other “spying” capabilities of the recently released Technical Preview version of Windows 10. While the claim is true, it’s also true that this ability is not a secret.

Bugzilla bug that could reveal other software flaws has been patched
The successful exploitation of the flaw in question could allow attackers to access reports about unfixed vulnerabilities in a number of software – information that can be misused by the attackers themselves or sold on to cyber crooks or spies for big money.

How consumers foot the bill for data breaches
Some of the most expensive hacks that do occur regularly are typically those affecting major companies. Directly or indirectly, the customers end up paying for the breaches.

Apple updates XProtect to kill iWorm botnet threat
Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr. Web.

Infected ATMs give away millions of dollars without credit cards
Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars.

How can parents keep their children safe on the Internet?
In today’s society, children are unquestionably more tech-savvy than ever before, with far greater access to gadgets and a veritable wealth of information at their fingertips along with a heightened understanding of technology and how it works. However, children will not be as aware of the scams that cyber-criminals are crafting specifically to dupe them.

133 DDoS attacks over 100Gbps so far in 2014
Arbor Networks released global DDoS attack data for Q3 2014 showing a remarkable increase in Simple Service Discovery Protocol (SSDP) reflection attacks.

Privacy breaches in Europe
Half of all the privacy breaches affecting people in Europe are inside jobs according to new research from Central European University.

How Shellshock can be exploited over DHCP
Attacks exploiting the Shellshock vulnerability (actually, vulnerabilities) are popping up daily, but while Shellshock attacks on web apps have been the most documented and discussed, attacks via other attack surfaces are possible, too.

Seven Destiny video game tactics that translate to cyber security
Why learn by grinding through dry security best practices when you can make education unique by mixing in a little geeky fun? In the third installment of Corey Nachreiner’s security pop culture series, he shares what Destiny – Bungie’s popular new MMOFPS video game – can teach you about network and information security.

Aggressive Selfmite SMS worm variant goes global
The Selfmite Android SMS worm is back, and this new version is both more dangerous and more widespread that the initial one.

Integrating IT security at the board level
Why are businesses still failing to implement efficient, functional IT security strategies?

Google reports on “right to be forgotten” requests
Nearly a month after the release of the latest Google Transparency Report, which showed that government demands for user information have risen 150% over the last five years, a new section has been added that shows how many European privacy requests for search removals have been received by the company.

Backoff POS malware found at nearly 400 Dairy Queen locations
The company discovered and confirmed the breach back in late August, but only now revealed the full extent fo the compromise, which has, by now, apparently been contained.

The number of JPMorgan hackers’ targets rises
The distressing news that the JPMorgan Chase breach resulted in the compromise of data of some 76 million households and 7 million small businesses may be soon followed by more unwelcome announcements of the same kind.

Twenty five years of firewall innovation
When the internet was first launched on a mass scale back in the late 80s, it is understandable that the technology industry got more than a little excited – the way we communicate and thus the entire world around us was being changed for good. But there was one problem: the internet was not designed with security in mind.




Share this