Week in review: Linux ransomware, university researchers unmask Tor users, and how one man changed the way we understand SSL
Here’s an overview of some of last week’s most interesting news and articles:
Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
“When I originally came with the idea of SSL Labs, my primary audience were people like me, those who had to deploy encryption but were faced with poor documentation and behaviours. There were so many opportunities for mistakes and misconfiguration that the only way then (and today) was to inspect a running service to be absolutely sure,” he explained to us his motivation for starting the project.
The transformative technology security nightmare
They say that every silver lining comes with a cloud attached and that’s certainly true of today’s transformative technologies. CEOs and the board rightly see BYOD, Cloud and IoT initiatives as a gateway to a world of increased productivity and growth. But for IT and information security departments that same gateway leads somewhere quite different: to a networked environment littered with security vulnerabilities.
Linux Encoder victims catch a lucky break: a flaw in the malware means no ransom has to be paid
The recently spotted Linux Encoder crypto-ransomware is very disruptive, but the good news is that the malware makers have made a mistake that allowed Bitdefender researchers to recover the AES encryption key without having to decrypt it with the RSA private key held by the criminals.
How the threat landscape will change by 2020
McAfee Labs’ five year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.
Evading cyber legislation: Jurisprudence cloaking is the future of cyber warfare
Hackers have come up with virtual ways to be transparent – at least to the law: cyber cloaks. In general, the cloak consists of one or more of five core ingredients, and there are almost immeasurable ‘flavors’ that can be combined with great care and precision.
Why governments need to take the lead in cybersecurity
Time and time again we hear people lament about the impact cybercrime has on our businesses, our individual lives, the economy, and on society. We blame companies, vendors, standards bodies, users, law enforcement, academia and criminals. But there is one group that is often missing from all of the above finger pointing and arguably this group has the most influence in how we improve cybersecurity and how we tackle cybercrime: the governments of each of our countries.
Tor Project claims FBI paid university researchers $1m to unmask Tor users
Have Carnegie Mellon University researchers been paid by the FBI to unmask a subset of Tor users so that the agents could discover who operated Silk Road 2.0 and other criminal suspects on the dark web? Tor Project Director Roger Dingledine believes so, and says that they were told by sources in the information security community that the FBI paid at least $1 million for the service.
Long-term skills shortage drives tech salaries up
Four in 10 technologists changed jobs this year, according to the Harvey Nash Technology Survey. Respondents listed a good salary as their main motivator (77 percent) behind the switch, up 16 percent from last year and pushing work/life balance out of the no. 1 spot.
Rooted, Trojan-infected Android tablets sold on Amazon
If you want to buy a cheap Android-powered tablet, and you’re searching for it on Amazon, the best thing you can do is carefully read all the negative reviews you can find. If you are lucky, you’ll see some that will warn you about the device being rooted and coming pre-installed with malware.
Database of 70 million prisoner phone calls breached, leaked
A vast collection containing metadata of over 70 million records of phone calls placed by prisoners to at least 37 US states and links to actual recordings for each call has been leaked to reporters of The Intercept by an anonymous hacker. The origin of the stockpile is Securus Technologies, a company that provides phone services inside prisons and jails via its Secure Call Platform.
Digitally signed spam campaign spotted delivering malware
We’ve all heard about digitally signed malware, but have you ever been targeted with a digitally signed spam email?
Factors that influence breach costs
A variety of both positive and negative factors influence the expenses organizations incur as a result of breach, according to the SANS Institute. A lot of it depends on their preparedness, along with the types of data breached and scope of the breach.
Data breaches and bots are driving cybercrime surge
Fraudsters are using bots and botnets to run massive identity testing sessions in order to penetrate fraud defenses.
The automation and industrialization of cyber attacks
A new Imperva report highlights cyber criminals’ use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive data.
Most companies don’t believe their information security meets their organization’s needs
More than one-third (36%) of global organizations still lack confidence in their ability to detect sophisticated cyber attacks.
ProtonMail restores services after epic DDoS attacks
After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the week before last.
The appliance straightjacket and its effect on security
We have a love/hate relationship with our IT appliances. These technology workhorses impress us with their modern, industrial designs, bright colors, and slick branding. Behind the scenes, we take comfort knowing they’re busy going through billions of bits looking for needles in an endless supply of haystacks. But our love for appliances is tested when it comes to their constraints on matters of flexibility, manageability and security, and it’s enough to make one go insane.
Vizio Smart TVs track your viewing habits, info is sold to third parties
Owners of Smart TVs manufactured by California-based consumer electronics company Vizio should be aware that their viewing habits are being tracked and that information sold to third parties (“partners”). Also, that these Smart TVs are vulnerable to man-in-the-middle attacks and attacks that could lead to attackers taking over control of the smart device and/or the entire home network.
Comcast resets passwords for 200,000 users after login credentials go on sale
Someone has been peddling a batch of 590,000 email address/password combinations allegedly belonging to Comcast customers. The price set for the lot was 3.23 Bitcoin (around $1,000).
Three indicted in largest theft of customer data from a U.S. financial institution in history
On Tuesday, federal prosecutors unsealed a superseding indictment charging Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein with orchestrating massive computer hacking crimes against U.S. financial institutions, brokerage firms and financial news publishers.