Week in review: Mainframe security, cross-device tracking, and how online fraud will evolve in 2016

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Android adware tricks users into giving it power to secretly download other apps
Lookout researchers discovered and shared another trick that Shedun uses to install additional apps on the compromised devices: it tricks users into enabling it to control the Android Accessibility Service.

Inside the largely unexplored world of mainframe security
The security of mainframe computers – the so-called “big iron”, which is mainly used by large organizations for critical applications, bulk data and transaction processing – is not a topic that has garnered much interest from the public. And, according to Phil “Soldier of Fortran” Young, the security community has not shown much interest so far, either.

Cross-device tracking via imperceptible audio beacons threatens user privacy
As consumers use multiple devices through the day, and tracking cookies become increasingly less effective, the advertising industry is looking for new ways to track users’ online behavior.

Five hacks that will affect your life in 2016
While data breaches are common news today, here are the top five hacks that are likely to affect your life in a variety of ways in 2016.

Exploit kit activity up 75 percent
Exploit kits are a particularly alarming category of malware because they represent automation.

eBook: Website Security for Dummies
Website Security for Dummies demystifies the science behind SSL authentication, encryption and more in the world-famous ‘For Dummies’ style. It’s the how-to guide to keeping a company safe from online threats.

Information security innovation and the fast-paced threat landscape
Gary Warner recently became the Chief Threat Scientist at PhishMe. In this interview he talks about how his past positions prepared him for this new job title, information security innovation, the greatest challenges that we face in the current threat landscape, and more.

BadBarcode: Poisoned barcodes can be used to take over systems
Researchers from Tencent’s Xuanwu Lab have proved that a specially crafted barcode can be used to execute commands on a target system, saddle it with malware, or perform other malicious operations.

Bug in Android Gmail app allows effective email spoofing
Yan Zhu, a Technology Fellow at the Electronic Frontier Foundation, has unearthed a flaw in the Gmail Android app that can lead to very effective phishing attacks.

Cyber crooks actively hijacking servers with unpatched vBulletin installations
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are searching for servers running vulnerable versions of the popular Internet forum software package.

9271 crucial vulnerabilities found in 185 firmware images of embedded devices
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices – routers, DSL/cable modems, VoIP phones, IP/CCTV cameras – represent a significant attack surface.

Unsafe password policies leave shoppers vulnerable
Dashlane examined password security policies on 25 of the most popular online retailers. They tested 22 criteria.

Will 2016 mark the end of the Advanced Persistent Threat?
Advanced Persistent Threats (APTs) as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts.

Microsoft’s new security posture leads to baked-in security
More than ever, Microsoft wants its products to be the first choice for enterprises, organizations, and governments. And to do that, they embedded security in the core.

Point of Sale malware gaining momentum as holiday shopping season approaches
Point of sale (POS) systems – what consumers often call the checkout system – are often the weak link in the chain and the choice of malware.
New Dyre variant can target Windows 10 and Microsoft Edge users
As Microsoft continues to push Windows users towards adopting the latest version of the popular OS, malware authors have started adding support for it.

A Jihadi Help Desk assists ISIS terrorists and sympathizers with encryption?
The terrorist group has apparently set up a 24-hour help desk service for all its members, followers and sympathizers who need help with using encryption and other secure communications for recruitment, propaganda and operational planning purposes, counterterrorism analysts claim.

Mass adoption of mobile payment services derailed by security, privacy concerns
Evaluating the mobile payment preferences of 1,217 consumers from the U.S., a new Research Now survey revealed that 17 percent of respondents who did not make holiday purchases with their mobile phone last year, plan to use a payment service such as Apple Pay, Android Pay, Samsung Pay or a proprietary service from their bank or card issuer to make the leap to mobile payments this holiday season.

The worst data disasters from 2015
What’s stronger than a speeding locomotive and can survive the heat of a fire? Data. The device that contains that data is a different story. Each year, Kroll Ontrack – which performs over 40,000 data recovery jobs each year around the world – collects and publishes a list of the toughest physical and logical data losses from its global offices.

How fake users are impacting business through acts of fraud and theft
A new report by The Ponemon Institute highlights the average economic value of a company’s user base ($117M) and the financial and brand reputation damage that can be done if fraudsters are allowed to create fake accounts and wreak havoc within a business and across the Internet.

Secure messaging service Telegram blocks 78 ISIS-related channels
The company introduced channels in September 2015, and presented it as a tool for broadcasting messages to large (unlimited) audiences.

University implies they helped FBI break Tor protection because of a subpoena
The University dubbed media reports that publicized Tor Project Director Roger Dingledine’s claims that the researchers were paid for this work as “inaccurate.”

FTC amends telemarketing rule to ban payment methods used by scammers
The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers.

How online fraud will evolve in 2016
To prepare users for the year head, researchers at Visor released their top 5 online fraud predictions for 2016.

PwnBin: A script for scraping Pastebin for leaked API keys, SSH credentials
Finding out if your API keys and other critical credentials have been compromised is crucial for developers and system administrators, and Canada-based developer Luke Mclaren has created a script that can help them see if they were dumped online.

ISIS operation security guide gives insight into group’s cybersecurity practices
The Combating Terrorism Centre (CTC), an academic institution at the US Military Academy in West Point, has managed to get their hands on a guide to operational security that’s apparently given out to members and sympathisers – a guide that defines which tools to use (and how to use them correctly) and which to avoid.

More about

Don't miss