Week in review: Anthem breach, critical IE 11 bug can be used for phishing attacks

Here’s an overview of some of last week’s most interesting news and articles:

Overcoming the daily challenges of a security team
The institutionalization of domestic security and incident-response into a distinct profession have formed three major challenges for large enterprises.

Security outlook: Technologies and key trends
Anonymous threats and lone wolf attacks, increasing fears on cyber security and concerns over immigration will generate significant debate over foreign policy and how to mitigate the security risk posed by terrorist organizations. There will also be an increasing focus on how to manage the global cyber threat, including the growing concern of state sponsored involvement and complexity of attacks on private business.

Outlook for iOS breaks company security, developer warns
One the same day that Microsoft released its new Outlook app for iOS, a developer has warned that it breaks corporate security in multiple ways.

Browser security warning redesigned with partial success
How to make users understand a browser’s SSL warning, and make them choose the link that will lead them away from a site that has been deemed unsafe for use?

What infosec can learn from the Greek elections
From an infosec perspective, the importance of disruption must not be forgotten.

Beware of emails pushing Google Chrome updates!
Google Chrome users are being actively targeted with a spam email campaign impersonating the Internet giant, urging them to download a newer version of the popular browser because theirs is “potentially vulnerable and out of date.”

How a penetration test helps you meet PCI compliance guidelines
In order to protect credit card data, sometimes businesses have to think like a hacker.

RSA Conference 2015: Challenging today’s security thinking
Some of the program highlights at RSA Conference 2015 will include Innovation Sandbox contest 10-year anniversary and the Sandbox, Peer2Peer and crowdsourced sessions, RSAC TV, which will feature the best of RSA Conference content distilled into concise and engaging presentations.

Who are the role models in cyberspace?
Who do our kids aspire to be in their digital lives?

APT players lack deep skills of exploitation, fail at QA
Advanced Persistent Threat (APT) actors are generally considered to be among the most sophisticated cyber exploiters out there. But is this perception correct? Gabor Szappanos, a researcher with SophosLabs Hungary, says no.

League of Legends exploit allows attackers to access gamers’ accounts
A string of hacks has revealed the existence of an exploit targeting League of Legends players, which allows the attackers to open up the game’s store from a web browser and initiate transactions paid with a user’s Riot Points (RP) and Influence Points (IP), two of the in-game currencies.

How to protect your identity this tax season
The majority of taxpayers will prioritize protecting their personal information this tax season, yet some safeguards go underused, according to Experian.

Massive malvertising campaign leads to latest Flash Player zero-day exploit
The recently discovered zero-day vulnerability (CVE-2015-0313) affecting the last existing version of the software is being actively exploited in the wild via the Hanjuan exploit kit. The flaw has been patched on Thursday.

Critical IE 11 bug can be used for effective phishing attacks
A hacker has discovered a universal Cross Site Scripting (XSS) flaw that affects Internet Explorer 11 on Windows 7 and 8.1, and which could allow attackers to execute extremely convincing phishing attacks against Internet users.

iOS spyware used by Pawn Storm cyber spies
Trend Micro researchers have unearthed two variants of a spyware specially designed for targeting devices running iOS, and at least one of them can be installed on non-jailbroken devices.

Reactions to the extensive Anthem data breach
Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Here are some of the comments Help Net Security received.

Ross Ulbricht is Dread Pirate Roberts, risks life imprisonment
Ulbricht was found guilty of conspiracy to distribute narcotics, launder money and hack computers, as well as of engaging in a continuing criminal enterprise (so-called “kingpin” charge). The initial murder-for-hire solicitation charges were dropped before the trial.

Five key IT security trends for 2015
A look at five key IT security trends and solutions for 2015.

IT professional, hack thyself
One way that security practitioners improve the security of their networks is by contracting security professionals to perform penetration testing and vulnerability assessment.

Investigating online dating fraud
The one thing that online dating scammers have in common is that their preferred target demographic is vulnerable and trusting people with a limited social circle or support group.

Anthem breach dates back to December
As more details about the Anthem data breach come to light, sources close to the investigation say that Chinese state-sponsored hackers might be behind the attack.

GPG development will continue as donations pour in
An article by Julia Angwin on ProPublica has become the catalyst for an avalanche of much needed donations for the survival of Gnu Privacy Guard (GPG), a free email encryption software that’s used by security and privacy-minded people across the globe.

How can organizations guard against hackers in 2015?
Advanced persistent threats, malware sent via attachments, direct targeting of specific users through spear phishing techniques, vulnerabilities exploited to silently deliver malware and poor implementations of BYOD policies in the corporate environment – these are only a few of the numerous ways hackers will continue to use to target the enterprise environment in 2015.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS
More about

Don't miss