Week in review: Security fatigue, open source jobs, and compromised online shops

Here’s an overview of some of last week’s most interesting news and articles:

100+ online shops compromised with payment data-stealing code
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping.

DMARC email security is now mandatory for the UK government, what can the enterprise learn?
The UK government has recently undertaken powerful action to protect both its employees and citizens from being attacked by criminals using the trusted .gov address.

Security fatigue is real – we need usable security
A preliminary study involving 40 computer users of different ages, occupations, and living in different settings has shown what most of use already know to be true: security fatigue is a real thing.

Open source jobs: Insights from European professionals
The 2016 Open Source Jobs Report released earlier this year by Dice and The Linux Foundation analyzed trends for open source careers and the motivations of professionals in the industry. Now, the data have been broken down to focus specifically on European open source professionals, and how they compare to their counterparts around the world.

Polyglot ransomware decryption tool released
Kaspersky Lab experts have released a Polyglot ransomware decryption tool, which enables users who have suffered from this ransomware, also known as MarsJoke, to restore their files.

Why attaching security to each piece of data is critical
In a world with crumbling perimeters and network security systems outright failing, we’re just now waking up to the fact that there is no ‘safe zone’ for data anymore and we must accept that our most critical information will inevitably travel beyond our control.

Yahoo scanned incoming emails on behalf of US intelligence
In 2015, Yahoo created custom software for covertly scanning their customers’ incoming emails, and deployed it on behalf of a US intelligence agency, Reuters reported on Tuesday.

Security startup confessions: Hiring and firing
Building a great team is critical for any startup, and organizational culture matters in any organization, no matter the size or sector it operates in.

Database containing info of 1.5 million online daters found leaking
Sensitive personal information of some 1.5 million users of several dating/cheating websites and apps has been found to be accessible via the Internet. This information includes the users’ username, (plaintext) password, email address, gender, date of birth, country of residence and photos, as well as sexual preferences.

Using Big Data for intelligent enterprise security
In order for a successful deployment of security analytics to meet the requirements of today’s threat landscape, it is essential that organisations retain the colossal amounts of data needed for large-scale analytics.

Facebook Messenger end-to-end encryption rolled out for all users
The thing to keep in mind is that the feature is not turned on by default, so you have to actively choose to secure your messages.

OverSight detects when Mac malware uses built-in camera, mic
Users who want to be warned each time their Mac’s camera and microphone are switched on – either by a legitimate process or, more importantly, by malware – can try out OverSight, a free tool created by Patrick Wardle.

Checklist: IoT security and privacy
The Online Trust Alliance (OTA) released the consumer IoT security and privacy checklist, which contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies.

Leaked: Source code for Mirai IoT DDoS botnet
IoT-powered DDoS attacks are on the rise, and the situation is poised to become even worse now that the source code for the Mirai malware has been made public.

Digital disruptors demand a new approach to IT
Digital disruptors such as algorithms, artificial intelligence (AI), bots and chatbots are already transforming businesses.

OpenChain Project: Best practices for an ecosystem of open source software compliance
The Linux Foundation announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain.

How much is your privacy worth?
Take for example your bank account number, sort code, name, and address. Is it worth more than £25?

Samsung Knox flaws open unpatched devices to compromise
Researchers from Viral Security Group have discovered three vulnerabilities in Samsung Knox, a security platform that allows users to maintain separate identities for work and personal use, and is built into some of the company’s Android smartphones and tablets.

EU wants to curb export of cyber-surveillance tech
The European Commission has proposed a new amendment to the regulation that forms the basis of EU’s export control regime of dual-use technology, i.e. technology that can be used for both peaceful and military aims.

Nmap 7.30: New NSE scripts, Npcap, fingerprints
Nmap 7.30 is the first stable release since 7.12 back in March. Apart from bug fixes, it comes with new features, including more NSE scripts, an improved version of Npcap (Windows packet capturing driver/library), new service probes and OS fingerprints, and more.

DressCode Android malware found in 3,000 apps
When Check Point researchers unearthed more than 40 apps on Google Play (and 400 on third party app stores) infected with the so-called DressCode malware in late October, it was just the tip of the iceberg.

How to close your Yahoo account
In light of the recent massive Yahoo breach an the fact that Yahoo scanned incoming emails on behalf of US intelligence, many are opting to close their accounts to protect their privacy.

More about

Don't miss