Week in review: Drone detection, crypto wars, and tracking wearable tech

Here’s an overview of some of last week’s most interesting news and articles:

Sniffing and tracking wearable tech and smartphones
Researchers at Context Information Security have demonstrated how easy it is to monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, raising concerns about privacy and confidentiality.

If we want strong encryption, we’ll have to fight for it
As digital rights lawyer and special counsel to the Electronic Frontier Foundation Marcia Hofmann correctly noted in her keynote at Hack in the Box Amsterdam 2015 on Thursday, this issue is like a pendulum: sometimes, like in the wake of the 1990s crypto wars, it swings towards strong encryption, but it could now swing in the other direction.

Travel smart: Tips for staying secure on the road
Wombat Security Technologies pulled together four essential tips from our security awareness and training materials that you can use to stay safe when you travel.

Why insider threats are succeeding
Data leaks and other news events over the past few years have brought insider threats to the forefront of public attention, but most companies still lack the means or motivation to protect themselves from malicious insiders.

Millions of users installed malicious Minecraft apps from Google Play
Since August 2014, Minecraft lovers who like to play the popular game on their Android phones have been targeted with apps that are purportedly cheats for the game, but are ultimately aimed at tricking them into believing their device has been infected.

Internet of Things: Whose data is it, anyway?
Smart devices are generating huge amounts of data. Who is in control of all it, and what happens to it?

Massive campaign uses router exploit kit to change routers’ DNS servers
Well-known security researcher Kafeine has spotted an active campaign aimed at compromising SOHO routers and changing their DNS settings so that the attackers can seamlessly redirect users to phishing sites, hijack their search queries, intercept their traffic, and more.

Researchers track Android users by collecting accelerator readings
A group of researchers from Nanjing University, China, have demonstrated that Android users’ movements can be tracked by simply analyzing the data provided by the devices’ accelerometers and orientation sensors. And unlike GPS data, these readings are easily harvested by potentially malicious apps, as they can access it without requiring specific permissions.

15,000 spam emails have hit the inboxes of Android users in recent days
Thousands of Android users are at risk of having their mobile devices and private contents locked by a particularly ruthless ransomware that demands $500 to restore access. Users that try to independently unlock their devices will see the amount increase to $1,500, with payment demanded via Money Pak and PayPal My Cash transfers.

How businesses can stem the flow of leaky data
What can businesses do to bolster their IT security and file sharing services and ensure they don’t become the next company to make the headlines for the wrong reasons?

Reactions to the IRS hack that impacted 100,000 people
Cybercriminals were able to successfully steal tax forms full of personal information of more than 100,000 taxpayers through IRS’ Get Transcript application. This data included Social Security information, date of birth and street address.

Solving the cybersecurity challenges of smart cities
Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the global Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing.

Drone detection: What works and what doesn’t
Another drone was discovered flying in restricted air space around the White House two weeks ago. The Secret Service found the pilot simply because they happened to see him. In other words, there is no indication that the Secret Service would have found the pilot if he had not been in plain view. This person didn’t have bad intentions, but one day someone will. A little drone-detection education is in order.

Whitepaper: 10 things your next firewall must do
For enterprises looking at Next-Generation Firewalls, the most important consideration is: will this new technology empower your security teams to securely enable applications to the benefit of the organization? It’s not about blocking applications, but safely enabling them. Get this whitepaper from Palo Alto Networks to learn more.

Complex security solutions are exposing companies to risk
Companies are putting their customers’ data at risk because IT teams do not have the expertise or time to deploy today’s complicated IT security products, a new survey from Lieberman Software revealed.

Cybersecurity strategies and the boardroom
Cybersecurity has clearly become an important board-level priority. In fact, more than 80 percent of respondents to a NYSE Governance Services/Veracode survey reported that cybersecurity is discussed at most or all boardroom meetings.

The challenges of data classification
Understanding what and where this data is, along with proper classification, will allow an enterprise to set appropriate levels of protection.

Exposing the vulnerabilities in Oracle PeopleSoft applications
During his talk at the Hack in the Box conference, Alexey Tyurin, Head of the Oracle Security Department at ERPScan, spotlighted several vulnerabilities in Oracle PeopleSoft applications.

Breach detection: Five fatal flaws and how to avoid them
When the Sarbanes-Oxley Act of 2002 was passed, it fell on corporate security teams to translate its requirements into technical controls. That threw the IT Security function into the deep end of the pool, and it has been sink or swim ever since.

More about

Don't miss