Week in review: Panama Papers, dark web mapping, WhatsApp end-to-end encryption

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

Panama Papers breach was the result of lax security practices?
News items based on the so-called “Panama Papers,” a set of 11.5 million documents leaked from the networks of Panama-based law firm Mossack Fonseca, keep popping up, but it’s still unknown who the person behind the leak is and how he or she managed to get ahold of the documents. That huge amount of data couldn’t have been exfiltrated in a short time, and one wonders how the company failed to spot the data going out. But maybe that astonishment is misplaced, as bit by bit details of the company’s poor security posture are coming out. Here are some reactions from the security industry to the breach.

Opera Software founder launches Vivaldi, a new browser
“Our business model is not based on understanding a user’s online behavior and profiling our users to monetise that information. We have no intention of knowing what people do on the web. What we focus on to provide superior experience for anything our users choose to do online,” Jon von Tetzchner, CEO at Vivaldi, told Help Net Security.

Calculate the cost and probability of a DDoS attack
Incapsula’s DDoS Downtime Calculator is designed to help you assess the risks associated with an attack, offering case-specific information adjusted to the realities of your organization.

Beware of phishing emails sporting your home address!
The latest ransomware delivery campaign takes the form of spear-phishing emails targeting specific individuals and, for added credibility, includes their real-world home addresses and names, likely stolen from a compromised database.

The dangers of bad cyber threat intelligence programs
Carl Herberger, VP of Security Solutions at Radware, outlines four key areas where a CTI program can actually harm your organization by exposing vulnerabilities, a surprise ending neither welcome nor easily remedied.

WhatsApp implements end-to-end encryption by default
Over 1 billion users will get end-to-end encryption by default once they update to the latest version of the software.

US passport and visa database open to intrusion?
The Consular Consolidated Database (CCD), which contains over 290 million passport-related records, 184 million visa records, and 25 million records on US citizens living abroad, has been found to be vulnerable to cyber attack and possibly data tampering.

HackingTeam’s global export license revoked
The Italian Ministry of Economical Progress (Il Ministero dello Sviluppo Economico – MISE) has revoked HackingTeam’s licence to export their Galileo remote control software outside of the EU.

Why you should read the Oculus Terms of Service
But for all of you out there who are thinking about buying the device, it might be a good idea to know first what information you will allow the company (bought by Facebook in 2014) to collect, share with third parties and related companies (including Facebook, Instagram and WhatsApp), and use, as well as how the company will collect that info and, finally, how your User Content can be used by them.

Secure any kind of data, wherever it goes
In this podcast recorded at RSA Conference 2016, Grant Shirk and Veliz Perez, Head of Product Marketing and Product Marketing Manager at Vera respectively, talk about how the industry has been very focused on protecting data within the enterprise and on managed devices. But because there’s so much information constantly being shared beyond our walls, we need a new approach.

Subgraph OS: Open source, hardened OS that prioritizes security and anonymity
Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks.

Healthcare industry has an alarming mobile security gap
The healthcare industry is massively adopting smart mobile devices, but still moves very slowly when it comes to implementing cyber security measures to protect those devices.

Dark web mapping reveals that half of the content is legal
Cyber threat intelligence firm Intelliagg and dark net indexing company Darksum have recently released the results of their efforts to map the dark web (in this case, only the Tor network).

Researchers release PoC exploit for broken IBM Java patch
Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors.

eBook: Guide to protecting SaaS apps from DDoS attacks
With a business model dependent on 100% uptime for their online customers, the last thing SaaS companies can afford is a DDoS attack.

Centrally manage all of your intelligence data with ThreatQ
In this podcast recorded at RSA Conference 2016, Chris Jacob, Global Director of Threat Intelligence Engineers at ThreatQuotient, introduces the ThreatQ threat intelligence platform.

Take it to the boardroom: Elevating the cybersecurity discussion
As data breaches continue to rise, organizations, regardless of their size or industry they are in, must take into consideration a new mindset.

The security impact of IoT evolution
It is likely that our estimation of the final form for the Internet of Things is likely to be as ill-shapen as the innovation itself.

Black hat SEO campaign targets WordPress and Joomla installations
In this latest campaign, the attackers inject a fake jQuery script into the head section of the websites, so that it goes unnoticed by random visitors (unless they check out the source code and know enough to spot it).

Who owns corporate data? Employees think they can just take it
A third of all employees believe they own – or share ownership of – the corporate data they work on, with half thinking they can take the data with them when they leave.

BEC scammers stole $2.3 billion in less than three years
Once again, the FBI has issued a warning about business email compromise scams. Their numbers say there has been a 270 percent increase in identified victims and exposed loss since January 2015.

New application level attack bodes ill for hybrid DDoS protection
Imperva has recently witnessed a new type of DDoS attack they believe might become a go-to for cyber criminals looking to take sites and services down.