Week in review: Sony hack, turning kids into infosec heroes, and cybersecurity in 2015

Here’s an overview of some of last week’s most interesting news and articles:

Protecting your child’s digital identity
Kids’ identities are stolen over 50 times more than those of adults!. We’re often so focused protecting our kids from so many threats in the real world; we forget that in cyberspace bad guys are stealing children’s identities to open credit cards, apply for loans, rent homes and even receive health care.

Tens of thousands web servers backdoored via pirated CMS themes and plug-ins
Over 23,000 websites set up with the help of Joomla, WordPress and Drupal content management systems have been compromised and used for illegal search engine optimization by an attacker who managed to social-engineer site administrators to install a backdoor on their servers.

What to expect in the unpredictable world of IT security?
No-one was prepared for the massive vulnerabilities which were discovered in established IT components, such as the Heartbleed OpenSSL bug and the BadUSB flaw. These issues highlighted just how unpredictable – and challenging – it can be to enforce and maintain security.

If anything shouldn’t be taken for granted, it’s Information Security Management
The goal of the Information Security Management process is to provide guidance or direction for security activities and to ensure that security goals are achieved. What does that mean?

Cybersecurity concept for unmanned systems
The University of Virginia School of Engineering and Applied Science Department of Systems and Information Engineering announced the success of an early-stage demonstration to improve defenses for unmanned aerial vehicles against cyber attacks.

eBook: Cybersecurity for Dummies
Controlling APTs requires multiple security disciplines working together in context. While no single solution will solve the problem of advanced threats on its own, next-generation security provides the unique visibility and control of, and the true integration of, threat-prevention disciplines needed to find and stop these threats — both known and unknown.

Training kids to become infosec superheroes
Our kids must be prepared to fight and win the oncoming digital battle. This is what motivated three cybersecurity professionals to create The Cynja, a new comic series teaching infosec concepts in a way that kids can grasp, and why they’ve launched The Cynja Field Instruction Manual, an activity book for “trainee cyberheroes”.

Coordinated cyber attacks on global critical infrastructure exposed
Cylance identified coordinated attacks by hackers based in Iran on more than 50 targets in 16 countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities.

Hackers hit execs for insider info to gain stock market advantage
FireEye’s researchers have identified yet another hacking group. Dubbed FIN4, the hacking crew seems to be comprised of native English speakers with “deep familiarity with business deals and corporate communications, and their effects on financial markets.”

New LusyPOS malware is a cross between Dexter and Chewbacca
The RAM scraper is currently detected by 23 of the 55 AV engines used by VirusTotal. When the executable was initially submitted to the service – on November 30 – it was detected by only 7 of them, and two of these detections were triggered by the tor.exe component in the bundle.

Improving your readiness for OCR audits
In the wake of healthcare data breaches, OCR audits for HIPAA compliance have become more common – and the consequences have been more highly publicized. But many healthcare providers still don’t know how to prepare effectively for an audit.

2015 predictions: Cyber attacks aimed at critical infrastructure, Attacks as a Service
In 2014, we witnessed the rise of POS malware and ransomware, more targeted, advanced evasion by both cyber crooks and hackers backed by nation states, and government grade malware going mainstream (bolted-on to ransomware and financial Trojans). So, what can we expect in 2015?

Google simplifies CAPTCHAs down to a single click
The company has introduced the latest iteration of its reCAPTCHA tool, and it most cases, it will allow users to push on to the wanted websites by simply ticking off the box that confirms that they are not a robot.

Pre-loaded malware on new Android phones is on the rise
The danger of having your Android handset come preloaded with malware is rising, especially if you live in Asia and Africa and are on the market for a cheap, low-level phone.

Best practices in knowledge-based authentication
A group of senior IT pros got together during a Wisegate Roundtable session and had unguarded, honest conversations about knowledge-based authentication.

Application Threat and Usage Report 2014
The Application Usage And Threat Report provides an analysis of applications and their link to cyber threats within the enterprise. The report summarizes network traffic assessments performed worldwide in more than 5,500 organizations where 2,100 applications, 16,000 unique threats and billions of threat logs were observed.

Internet of Things predictions for 2015
IDC provides organizations with insight and perspective on long-term industry trends along with new themes that may be on the horizon.

Researchers analyze destructive malware used in Sony hack
Who is behind the Sony Pictures Entertainment hack, and how extensive is it? These are two questions to which we still don’t know the answers, but new leaks and hints are popping up every day.

RFID forensic evidence management
Radio frequency identification (RFID) tags—devices that can transmit data over short distances to identify objects, animals or people—have become increasingly popular for tracking everything from automobiles being manufactured on an assembly line to zoo animals in transit to their new homes. Now, thanks to a new NIST report, the next beneficiaries of RFID technology may soon be law enforcement agencies responsible for the management of forensic evidence.

Bebe Stores latest victim of a payment card breach
According to information initially gathered by Brian Krebs and several banks, Bebe Stores – a women’s retail clothier with 312 stores in the US, Canada, Puertorico, but also in several Asian, Latin American, Middle Eastern countries and Russia – is the common denominator in the shopping history of a number of credit cards that have been used to make fraudulent charges.

Sony hack: Lousy security, customized malware linked to previous attacks
The security picture painted by the stolen and leaked documents from Sony Pictures Entertainment becomes uglier by the day, as several companies and news outlets continue to show the results of their rummaging through the leaked data.

Top 3 security, privacy and data protection trends for 2015
Topics and discussions that used to be relegated to security and compliance professionals will be the front page stories and business drivers of 2015.




Share this