Week in review: Regin spy malware, hacking RFID payment cards, and how to detect fraudulent activity in a cloud

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Fighting malware, emerging threats and AI
Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.

Tips to avoid online scammers this holiday season
With Black Friday and Cyber Monday offers, often dramatically cutting prices for one day only, there will be many genuine deals to be had. The problem for many of us is how to spot the real deal, from the scam? Here’s five tips to prevent you gifting your money to the criminals these holidays.

Regin backdoor: Sophisticated, stealthy, state-sponsored?
Symantec researchers are warning about a new, complex cyber espionage tool that has been around for years and that has likely been created and is wielded by a nation state.

ENISA guidelines on cryptographic solutions
ENISA published two reports. “Algorithms, key size and parameters” is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection. The “Study on cryptographic protocols” provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data.

Sony Pictures hacked, blackmailed
The breach has still not been confirmed by the company, whose only comment so far is that they are “investigating an IT matter.”

ISO 27001: An overview of ISMS implementation process
This interactive live online training is designed to enable you to walk away with knowledge on how to fit ISO 27001 as the main framework for information security management in your organization.

Hacking RFID payment cards made possible with Android app
Paying via RFID cards is becoming more popular nowadays as more mobile devices add NFC support. Banks, merchants or public services issue RFID cards to their customers with prepaid credits. But what is the security risk of RFID payment cards?

The context-aware security lifecycle and the cloud
Ofer Wolf is the CEO at Sentrix, a provider of cloud-based web security solutions. In this interview he talks about the challenges of delivering enterprise-grade security, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.

Leveraging network intelligence and deep packet inspection
Tomer Saban is the CEO of WireX Systems, a provider of network intelligence solutions. In this interview he talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and illustrates what the information security industry needs to in the next 5 years to combat highly targeted attacks.

Regin spy malware was used in Belgacom, EU government hacks
Which nation state is behind the sophisticated Regin espionage malware? According to The Intercept, it’s likely wielded by the UK spy agency GCHQ and/or the US NSA.

SaaS deployments are now mission critical
The decision to deploy SaaS-based applications within an enterprise depends on the business-criticality of the solution, as well as the organization’s geography, business agility, usage scenario and IT architecture.

The rise of account takeovers
Account takeover fraud is the primary means of attack from fraudsters and attack origins occurring predominantly outside of the US. Account takeovers have beaten out credit card cycling as a more popular means of fraud.

Adobe urges users to implement critical out-of-band Flash Player update
For the second time in a month, Adobe has issued a security update for Flash Player. This out-of-band update finally fixes a critical vulnerability that could be misused by remote attackers to take control of an affected system.

How to detect fraudulent activity in a cloud without invading users’ privacy
A group of researchers have found a clever way for cloud providers to detect fraudulent activities in their clouds without actually probing into the kind of activity a user performs, but by using privacy-friendly billing data.

How to evaluate national cyber security strategies
ENISA issued an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy.

Preparing for an information audit
Two ways that an organization can easily and cost efficiently ensure that they are meeting not only security needs but also audit and compliance laws are with role-based access control (RBAC) and two-factor authentication. These two solutions can make a dramatic difference in the way that organizations handle their security measures, and allow them to efficiently address their security needs, as well as any requirements established by the government.

Siemens pushes out emergency SCADA updates
According to a security advisory published by the US ICS-CERT, the bugs are easily exploitable by low skill attackers. In fact, they say that “indicators exist that this vulnerability may have been exploited during a recent campaign.”