Week in review: Windows 10 security, developing honeypots, IoT security holes

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

Brain’s reaction to certain words could replace passwords
You might not need to remember those complicated e-mail and bank account passwords for much longer. According to a new study, the way your brain responds to certain words could be used to replace passwords.

Windows 10: More security with non-stop patching
In this podcast recorded at Infosecurity Europe 2015, Wolfgang Kandek, CTO at Qualys, talks about what comes next after the death of Patch Tuesday. Windows 10 encourages the idea of continuous patching, and we learn what that means for individual users and enterprises.

MalumPoS can be customized to target different systems
A new Point-of-Sale RAM scraper is being offered for sale, and is currently designed to collect data from a very specific type of PoS systems: those running on Oracle MICROS (often used in the hospitality and retail industries, mostly in the US).

The Firewall Buyers Guide
Make an informed decision on the right firewall for your business with The Firewall Buyers Guide.

IoT is full of gaping security holes, says Shodan creator
Shodan is a means to measure things that couldn’t be measured before. And with the advent of the Internet of Things, the available data set will keep growing day by day.

iOS 9 will use 6-digit passcodes for enhanced protection
If you use Touch ID, it’s a change you’ll hardly notice. But with one million possible combinations — instead of 10,000 — your passcode will be a lot tougher to crack.

Users care about their privacy, but feel powerless to protect it
Users are resigned to the loss of privacy, but not because they feel they are getting good value for their data, but because they believe marketers will eventually get it anyway, a new study by University of Pennsylvania researchers has revealed.

90% of DLP violations occur in cloud storage apps
90 percent of data loss prevention (DLP) violations occur in cloud storage apps, and a large percentage of these are for enterprise confidential intellectual property or customer or regulated data that the customer did not know or want to store there.

How to develop effective honeypots
In this podcast recorded at the Hack in the Box conference recently held in Amsterdam, Pedram Hayati, the founder of Smart Honeypot, talks about the most effective use cases for honeypots.

Kaspersky Lab reveals cyberattack on its corporate network
In early spring 2015, Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. Following this finding the company launched an intensive investigation, which led to the discovery of a new malware platform from one of the most skilled threat actors in the APT world: Duqu.

Instilling a culture of cyber security
What can your business do to make sure that your employees are part of the solution, rather than part of the problem?

Hackers can tamper with medical drug pumps, leading to fatal outcomes
Researcher Billy Rios has discovered serious vulnerabilities in several types of drug infusion pumps manufactured by US-based company Hospira – vulnerabilities that can be exploited remotely by attackers looking to take control of the medical devices, and to effect changes that could threaten patients’ lives.

49 suspected members of cybercriminal group arrested in Europe
A joint international operation led to the dismantling of a group of cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia, who are suspected of committing financial fraud involving email account intrusions.

On Windows 10, apps can actively defend users from malware
With Windows 10, Microsoft will be adding a new layer of protection against dynamic script-based malware and non-traditional avenues of cyberattack: the Antimalware Scan Interface (AMSI).

DDoS attacks now resemble APTs
DDoS attacks are beginning to resemble advanced persistent threats, evidenced by long durations, repetition and changing attack vectors aimed at evading simple, signature-based defense systems, according to Imperva.

Bug in iOS Mail app is a dream come true for phishers
A serious bug in the default Apple iOS Mail application can be easily exploited to show extremely realistic-looking pop-up prompts and trick users into sharing their Apple iCloud login credentials, security researcher Jan Soucek warns.

Serious MitM flaw plugged in latest watchOS version
If you’ve recently bought an Apple Watch, or if you have had one for a while now, but you haven’t updated to the latest watchOS version, now is the time to do it – but not while you’re connected to a network you can’t trust.

153 machines still infected with Stuxnet
The threat that Stuxnet presents for nuclear power plants is far from over, as there are still 153 distinct machines infected with it around the world.

IT admin errors that lead to network downtime and data loss
Kroll Ontrack today released its most recent list of common IT administrator errors that can lead to data loss and network downtime.

Privacy profession: An equal playing field for men and women?
In the midst of the public debate around the lingering gender gap in salary and professional achievement, the International Association of Privacy Professionals (IAPP) revealed that in the privacy and data governance fields, women are similarly compensated and reach similar career heights as men. In fact, the single most predictive indicator for salary and achievement is professional certification.

Microsoft flags Ask toolbar as unwanted and dangerous
From this month on, all versions of Ask.com’s infamous browser toolbar except the very last will be detected as unwanted software by Microsoft security products and removed.

More about

Don't miss