Week in review: WiFi jamming, Flash zero-day actively exploited, and abusing the Internet of Things
Here’s an overview of some of last week’s most interesting news and articles:
WiFi jamming attacks more simple and cheaper than ever
A security researcher has demonstrated that jamming WiFi, Bluetooth, and Zigbee networks is not difficult to perform but, most importantly, also not as costly as one might think.
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Whether you like it or not, the Internet of Things is happening. As the author himself noted in a recent interview, some – arguably, too many – people think they don’t have to worry about the security implication of IoT because they believe that living in a traditional world of disconnected devices will continue to be an option. That particular future looks increasingly unlikely, and this is why we simply must start seriously addressing the problem. This book paints a clear picture of the current situation, and what we can learn from it in order to create a safer future for all of us.
Theoretical computer science provides answers to data privacy problem
The science of understanding human behavior, health, and interactions is being transformed by the ability of researchers to collect, analyze, and share data about individuals on a wide scale. However, a major challenge for realizing the full potential of such data science is ensuring the privacy of human subjects.
Authentication bypass flaw in Netgear SOHO routers exploited in the wild
The attack has been spotted by security expert Joe Giron late last month when he discovered that the Domain Name System (DNS) settings of his personal router had been changed from Google’s IP address to another one.
We’ve been hacked! Okay, I’ll deal with it next week
This response is not uncommon, and to be fair it is better than the usual indifferent response of “So what?” Yet it is disheartening to act as messenger only to realize that your audience has left the auditorium.
How to become a nightmare for cyber attackers
Chris Nickerson, CEO of Lares Consulting, has been a penetration tester for the last 15 year or so. He headed red teams targeting systems and environments known and unknown, and wasn’t always successful. But his defeats means that the targets were doing things right, and Nickerson decided to share those good practices and tricks with the BruCON audience last week.
Top 3 trends in today’s threat landscape
Every day there seems to be a new malware threat that we hear about, from remotely controlling cars and medical equipment, to attacks on well-known security vendors such as Kaspersky Lab and Bitdefender. Each threat seems to be bigger and more dangerous than the last. Among this never ending stream of publicized cyber threats and attacks, here are three trends to keep an eye on.
USB Killer 2.0: A harmless-looking USB stick that destroys computers
Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0.
Global Internet experts reveal plan for more secure, reliable Wi-Fi routers
In a letter submitted to the Federal Communications Commission (FCC), Dave Täht, co-founder of the Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet, along with more than 260 other global network and cybersecurity experts, responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by unveiling a new approach to improve the security of these devices and ensure a faster, better, and more secure Internet.
The countdown to the EU Data Protection Regulation
The scope of the changes under the proposed shift to a single EU Data Protection Regulation, means that organisations should be doing the groundwork now to ensure they’re not playing catch-up with compliance when the Regulation comes into force.
Internet of Things: Connecting the security dots from application design to post-sale
The Internet of Things has come a long way in the last year, but security is still seemingly low on the industry agenda. Many IoT security failures can often be traced back to poor decisions about the type of ‘smart’ features to implement and their scope for hacker invasion.
Hackers are exploiting zero-day flaw in fully patched Adobe Flash
These hackers are known for its high-profile targets, and in this most recent campaign they are targeting foreign affairs ministries from around the globe.
Android ransomware gets new, professional look thanks to Google’s Material Design
Ransomware authors are stepping up their game: they have begun using Google’s Material Design language to create extremely convincing notices/ransom requests that will likely induce many users to pay the asked-for sum.
Don’t sink your network
Modern ships are not built under the assumption that their hull is too strong to breach. In fact, they are designed to contain a breach as quickly as possible to keep the entire vessel from going under. Organsations can adopt this philosophy to make sure that one intrusion doesn’t compromise all of their data.
UK, US law enforcement agencies disrupt Dridex botnet
The UK’s National Crime Agency is spearheading an onslaught against the Dridex (aka Bugat, aka Cridex) banking malware and the criminals that wield it.
Prices of stolen data on the Dark Web
McAfee Labs examined pricing for stolen credit and debit card data, bank account login credentials, stealth bank transfer services, online payment service login credentials, premium content service login credentials, enterprise network login credentials, hospitality loyalty account login credentials, and online auction account login credentials.
Attackers can use Siri, Google Now to secretly take over smartphones
A team of researchers from the French Network and Information Security Agency (ANSSI) has devised a way to covertly exploit the Siri and Google Now voice activated personal assistants in order to make the target’s smartphone send messages and emails, visit potentially malicious sites, make pricey phone calls or even become an eavesdropping device.
Cyber warfare fears spur US Navy to teach celestial navigation again
The US Naval Academy is reintroducing celestial navigation into the curriculum, as the current cyber threat landscape shows that past low-tech and no-tech solutions can still come in hand when one can’t trust one’s computer.
Cyber liability insurance is becoming an increasing necessity
The challenge for most organizations is determining how much coverage to purchase and how specified amounts of coverage offset cyber security risks.
Point-and-shoot weapon stops drones without destroying them
Unmanned aerial vehicles – so-called drones – can be helpful, malicious, or simply disruptive, depending on the intentions of those who use them. But while regular folks have to be worried about law suits if they shoot one down, law enforcement officers have a better solution, and one that’s currently legal (for them): stop one mid-flight.