Week in review: Hackers targeting healthcare, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Exfiltrating data from air-gapped computers by modulating fan speed
For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies (“AirHopper”); using heat (“BitWhisper”), using rogue software (“GSMem”) that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine’s fans.

Why are hackers increasingly targeting the healthcare industry?
In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways.

Tor Project tests new tool for foiling de-anonymization attacks
Created by a group of researchers from the University of California, Irvine, and dubbed “selfrando,” the technique allows for enhanced and practical load-time randomization.

(IN)SECURE Magazine issue 50 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Bloatware-be-gone refresh tool added to Windows 10
In the latest test build of Windows 10 Anniversary Update released last week, Microsoft has introduced a tool that allows users to get rid of bloatware and crapware with one fell swoop.

FBI doesn’t need a warrant to hack a suspect’s computer, US judge rules
A senior US district judge has decided that the warrant authorizing the search of a suspect’s home computer by the FBI was issued based of probable cause, but even if it wasn’t, it wouldn’t matter, “because the Government did not need a warrant to capture Defendant’s IP address,” and did not need it to extract additional information from his computer.

Where does your cloud data live? 3 questions to ask
Three questions to ask at the start of any new cloud project.

ApocalypseVM ransomware decrypter released
AV company Emsisoft has added yet another ransomware decrypter tool to its stable: a decrypter for ApocalypseVM. The tool works on the latest versions of the ransomware.

Tech support scammers impersonate victims’ ISP
Tech support scammers have switched from cold calls to pop-ups ambushing users online, seemingly coming from the victims’ ISP.

The hunting approach to defeating cyber attacks
After tracking attackers for many years in his days working for the U.S. government lab at The MITRE Corporation, Todd O’Boyle and his team recognized something important — an advantage that they weren’t acknowledging. For an attack to happen, the bad guys have to use their systems — and when they do, they have an opportunity to tear them apart.

154 million US voter records exposed following hack
MacKeeper security researcher Chris Vickery has discovered yet another database containing voter profiles of US citizens, accessible to anyone who stumbled upon it or knew where to look.

How MDM software exposes your personal data
Bitglass tracked the personal mobile devices of several willing employee volunteers with mobile device management (MDM) software to understand how MDM could be misused and to assess the true extent of access employers have to personal data and user behavior.

Unsecured security cameras lead to privacy erosion
The results of a recent analysis of some 6,000 open security cameras across the United States has shown that 15 percent of them are located in users’ private homes.

Changes to Rule 41 will increase law enforcement hacking, surveillance
The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.

FAA finalizes operational rules for drones
Although the new rule does not specifically deal with privacy issues in the use of drones, and the FAA does not regulate how UAS gather data on people or property, the FAA is acting to address privacy considerations in this area.

Rethink network security outside the box
In theory, the idea of individually securing each IT element sounds effective. However, because security technologies tend to be deployed in response to immediate threats and organizations don’t want to be left completely vulnerable while making updates, you end up layering new technologies over outdated ones to address specific needs as they arise. Hackers love this dynamic because all they have to do is peel back the layers until they find a weak entry point. The more layers, the more potential entry points.

Google’s new authentication option: a tap on the screen
Google knowns that usability is a pre-requisite for security, so they’ve come up (yet again) with a new option within the 2-step verification feature for Google accounts: Google prompt.

How to assess your stakeholder matrix as part of a cloud security strategy
Cloud security needs to take a strategy-first approach, where every tool purchased and solution leveraged fits into a bigger strategy that meets the needs of each stakeholder within the organization.

GoToMyPC remote desktop service resets all passwords in wake of attack
GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a “very sophisticated password attack.”

Malware families attacking business networks continue to grow
The number of active global malware families increased by 15 percent in May 2016, according to Check Point.

Microsoft Wallet enters the mobile payments fray: Is the industry secure?
Digital payments have proven so popular with consumers that MasterCard predicted this week that cash would be effectively extinct within 20 years, so it’s little surprise the tech giants are so keen to stake their claims.

More about

Don't miss