Week in review: Obama backs net neutrality, Darkhotel espionage, working at Pwnie Express

Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews:

Darkhotel espionage campaign targets corporate executives traveling abroad
Kaspersky Lab researched the Darkhotel espionage campaign, which has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad.

China is building a quantum encryption network between Beijing and Shanghai
The race for setting up a secure long-distance communication network based on quantum encryption is on, and China is currently in the lead.

Obama backs net neutrality, asks FCC to reclassify broadband as a utility
The US president has sided with net neutrality advocates and has encouraged the Federal Communications Commission (FCC) to reclassify consumer broadband service from a “information service” to a “telecommunications service.”

Internet of Things to reach 30 billion devices in 2020
While most everyone agrees that the Internet of Things (IoT) is poised for explosive growth and represents boundless opportunities – billions of connected things driving trillions in revenue – understanding where the revenue opportunities lie across different technology layers has remained elusive.

Aligning risk analysis and IT security spending
Eight years on from the Jericho Forum identifying the phenomena of de-perimeterization, and the consequences of this on information security, it is more than a little discouraging how much of the security technology spend across the industry is still focused on network security controls, and how little is spent on application security and data-centric security controls.

A holistic approach to protecting intellectual property
What exactly is included under the umbrella of IP? And what’s the best way to protect IP within an organization?

Review: ESET Smart Security 8
Aiming to be a complete security solution for desktop PCs and notebooks, ESET Smart Security surely packs a punch, as it contains practically everything home and small office users need to secure their system.

Vigilance and the Enterprise of Things
Most enterprises allow BYOD in their environment, with varying levels of supervision. Typically, these are tablets and smartphones but the number of other Internet of Things devices being brought into the enterprise is on the rise.

First victims of the Stuxnet worm revealed
After analyzing more than 2,000 Stuxnet files collected over a two-year period, Kaspersky Lab can identify the first victims of the Stuxnet worm. After Stuxnet was discovered over four years ago as one of the most sophisticated and dangerous malicious programs, researchers can now provide insight into the question: what were the goals of the Stuxnet operation?

Application Threat and Usage Report 2014
The Application Usage And Threat Report provides an analysis of applications and their link to cyber threats within the enterprise. The report summarizes network traffic assessments performed worldwide in more than 5,500 organizations where 2,100 applications, 16,000 unique threats and billions of threat logs were observed.

8 criteria to decide which ISO 27001 policies and procedures to write
If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not.

Personal info of 800,000 USPS employees compromised in breach
The US Postal Service has joined the ranks of private sector companies and governmental agencies that have been breached and had data stolen by hackers.

German spy agency wants to buy and use 0-day bugs
The Bundesnachrichtendienst (BND) – Germany’s Federal Intelligence Service – has asked a parliamentary oversight committee for big money to buy vulnerabilities on the open market.

Organized cyber crooks plunder SMBs with simple, cheap keyloggers
The popularity and pervasiveness of Zeus/Zbot has made it almost a synonym for banking malware, but there are unfortunately many more types of malicious software that allow attackers to steal money from their victims. Some of these, in the “right” hands, can bring in an astounding amount of money.

Infosec industry: Time to put up or shut up
The information security industry is one of the most exciting industries to be involved in. It offers many opportunities to exercise one’s passion and curiosity about technology and address the challenges of keeping that technology secure. To some this an opportunity to reach out to those outside of information security to help them understand how these technologies should be adapted in a secure manner.

Tips for a safe holiday season
Cyber scrooges leverage all types of digital devices, social media platforms and mobile apps to take advantage of consumers’ distraction during this festive and busy time of year. To stay protected and ensure a happy and safe holiday season, McAfee has shared some safety tips.

Whitepaper: Still using proxies for URL filtering? There’s a better way
A standalone, proxy-based URL filtering solution remains to this day an isolated, disconnected tool – partially because it has an incomplete view of all network traffic, and due to its limited role among other security devices on the network.

Latest Microsoft patches crucial for all Windows users
Microsoft has closed a great many flaws, including a 0-day abused by the Sandworm team, in November’s Patch Tuesday. But there is another vulnerability that you should be worried about and should implement a patch for as soon as possible: the one that affects the Microsoft Secure Channel (Schannel) security package in all supported releases of Microsoft Windows.

Shaping mobile security
Usually, organizations have taken one of two approaches: either enabled mobility to boost productivity, with security inevitably being compromised; or they’ve tried to deliver more effective security for mobile fleets, compromising productivity. Recent research shows that a majority of organizations have used the first approach, with mobility racing ahead of security.

The most unpopular person in the room
From the deployment of billions of connected sensors into our everyday life, to connected wigs, and mining onto comets, our future looks exciting. Yet, throughout the entirety of the week, Raj Samani was referred to as the policeman that would constantly ask the recurring question: “What security and privacy controls are implemented?”

The biggest challenges around connected devices
Few European IT departments or workplaces are ready for the invasion of wearable technology and other connected devices.

ISPs are removing encryption from customers’ emails
A number of ISPs in the US and Thailand have recently been spotted actively removing encryption from their customers’ data sent to email servers, the Electronic Frontier Foundation warned on Monday.

Americans’ privacy behaviors and attitudes in the post-Snowden era
Most Americans are aware of and worried about government efforts to monitor communications and access their data but, interestingly enough, they still look to the government to protect their personal information by regulating advertizers’ use of that data, the most recent Pew Research Privacy Panel Survey has shown.

Enabling secure file sharing in the enterprise
According to a 2014 report from SkyHigh Networks, enterprises may have as many as “24 different file sharing services and 91 different collaboration services” in use to collaborate and share content. While these numbers are surprising to some, others recognize this as a sign of two important issues: one, the workplace is evolving; and two, employees are also consumers and will adopt the tools that best meet their needs, whether they’re authorized or not.

Mobile Pwn2Own 2014: Windows Phone’s sandbox resists attack
The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.

Default ATM passcodes still exploited by crooks
This time the passcode hasn’t been guessed, or ended up online for everyone to know because it was printed in the ATM’s service manual – the individual who, with the help of an accomplice, managed to cash out $400,000 in 18 months was a former employee of the company that operated the kiosk ATMs they targeted.

Job description: Infosec Ranger at Pwnie Express
When I learned that well-known hacker and conference speaker Jayson Street decided to join the Pwnie Express team, I knew this was the perfect time for an interview.

More about

Don't miss