Week in review: Anti-ransomware, Pokémon GO dangers, and a new anonymity system
Here’s an overview of some of last week’s most interesting news and articles:
Researchers create effective anti-ransomware solution
Are you willing to sacrifice a dozen or so of your files in order to save the rest from the grasping hands of modern crypto-ransomware?
Keys to successful security vendor collaboration
There are some important considerations for vendors looking to collaborate, which also reflect some of the characteristics of collaboration that end users should be looking for from their vendors.
Hacking smartphones via voice commands hidden in YouTube videos
A group of researchers from Georgetown University and UC Berkeley have demonstrated how voice commands hidden in YouTube videos can be used by malicious attackers to compromise smartphones.
Tor Project gets whole new board of directors
Tor Project’s entire board of directors has stepped down and announced their successors. Among them are the noted “security guru” Bruce Schneier and Cindy Cohn, the Executive Director of the Electronic Frontier Foundation (EFF).
“I agree to these terms and conditions” is the biggest lie on the Internet
Two communications professors have proven what we all anecdotally knew to be true: the overwhelming majority of Internet users doesn’t read services’ terms of service (ToS) and privacy policies (PP), and those few they do, they do it far from thoroughly. Despite this, all click on that button that says “I agree to these terms and conditions.”
The EU-US Privacy Shield: What happens next?
Companies wishing to self-certify to the EU-US Privacy Shield will need to start putting the pieces in place to comply with the Privacy Principles.
US DOJ can’t access data stored abroad with just a warrant, court rules
The US Department of Justice cannot force Microsoft to produce the contents of a customer’s email account stored on a server located outside the US with just a warrant, a US Court of Appeals has ruled on Wednesday.
What happens to consumer trust when a business is breached?
In this podcast recorded at Infosecurity Europe 2016, Bill Mann, Chief Product Officer at Centrify, talks about what happens to consumer trust when a business is breached.
How your online business can fend off APTs
With more and more companies conducting their core business operations in the cloud, APTs have begun to target websites and web applications as a “soft spot” in the security architecture. Read this whitepaper and find out what are the methods and tactics used by APTs to pierce through your perimeter security, what are the dangers that APTS pose to your organization, and how Incapsula prevents APTs from compromising your production environment.
Shard: Open source tool checks for password re-use
Security researcher Philip O’Keefe has created a tool that allows users to check whether they have reused a password on multiple accounts.
Cybersecurity concern continues to rise
A new Black Hat report reveals some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises.
Riffle: A new anonymity system to rival Tor
A group of researchers from MIT and the Swiss Federal Institute of Technology in Lausanne have come up with a new anonymity system that is both bandwidth and computation efficient, as well as less susceptible to traffic analysis attacks than Tor, the currently most widely used anonymity network.
Pokémon GO-themed malicious apps lurk on Google Play
Google has already removed them, but not before thousands of users downloaded them and infected their devices.
CMS Airship: Free secure content management
CMS Airship is a free content management system designed and maintained by a team of PHP security experts at Paragon Initiative Enterprises.
Network monitoring tips for an increasingly unsafe world
Whether it’s an internal employee using a non-sanctioned device or service, or an external act of cybercrime, proactive visibility that is also actionable is the key to combat network security and performance threats.
Manage cybersecurity risk by restoring defense-in-depth’s promise
The point here is not that layered security is a flawed approach, but rather that you need to understand those human, procedure and technology layers in context like never before.
Cybersecurity risks in 3D printing
3D printing (i.e. additive manufacturing) is a $4 billion business set to quadruple by 2020. One day, manufacturers may print everything from cars to medicines, disrupting centuries-old production practices. But the new technology poses some of the same dangers unearthed in the electronics industry, where trusted, partially trusted, and untrusted parties are part of a global supply chain.
Microsoft splats bug that turns printers into drive-by exploit kits
In this month’s Patch Tuesday, Microsoft has released 11 sets of patches – 6 “critical” and 5 “important.” One of the fixed vulnerabilities that has garnered much attention is CVE-2016-3238, discovered by Vectra Networks’ researchers in the Windows Print Spooler service.
Fiat Chrysler Automobiles launches bug bounty program
The convergence of connectivity technology and the automotive industry is creating a more enjoyable driving experience. Features such as self-diagnostics, keyless entry and ignition is becoming commonplace. However, they can also introduce IT security issues.
Malware offers backdoor to critical infrastructure targets
SentinelOne Labs has discovered a new form of malware, which has already infected at least one European energy company.
Pokémon GO gets full access to players’ Google account
Pokémon GO, the mobile augmented reality game that has become hugely popular in record time, brings with it a lot of unexpected dangers.
Why the Vivaldi browser wants you to control everything
A long time has passed since the IT industry was abuzz with browser wars, and when Jón S. von Tetzchner, co-founder and former CEO of Opera Software, announced he’s building a new browser, many were skeptical whether he can start one again.
91.1% of ICS hosts have vulnerabilities that can be exploited remotely
To minimize the possibility of a cyber attack, Industrial Control Systems (ICS) are supposed to be run in a physically isolated environment. However this is not always the case.
Android Trojan prevents victims from calling their banks
Some malware prevents victims to visit sites from which they could download antivirus software, or kills AV software found running on the infected machines and devices. Newer variants of the backdoor-opening, information-stealing FakeBank Android Trojan use another tactic to prevent victims from protecting themselves and their bank accounts: they blocks calls to their bank.
Secret Conversations: End-to-end encryption for Facebook Messenger
After integrating Open Whisper Systems’ Signal Protocol into WhatsApp earlier this year, Facebook has done the same to the Facebook Messenger app, and called the feature Secret Conversations.