Week in review: Social media surveillance, ransomware recovery, US accuses Russia of hacking

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Twitter, Facebook revoke access to social media surveillance software used by cops
Geofeedia, a US-based company that offers its social media aggregation platform “to a broad range of private and public sector clients”, also numbers among its clients over 500 law enforcement and public safety agencies across the country.

Quickly audit and adjust SSH server configurations with SSH-audit
SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available.

6000+ compromised online shops – and counting
A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates payment card information users enter to pay for their shopping. But, as it turns out, that was just the tip of the iceberg.

Review: FourV Systems GreySpark
GreySpark is a solution for measuring and managing organizations’ IT security risk.

How to implement an EFSS ransomware recovery plan
Although there is no single solution to prevent an attack, there are measures corporations can take to protect themselves and help to address data loss as a result of ransomware.

Clinton campaign chief’s Twitter, iCloud accounts hijacked
Some 12 hours after WikiLeaks published emails stolen from the email account of Hillary Clinton campaign Chairman John Podesta, someone has hijacked the man’s Twitter account and tweeted out “I’ve switched teams. Vote Trump 2016. Hi pol.”

Components of an effective vulnerability management process
We often hear the terms “vulnerability assessment”, “vulnerability scanning” and “vulnerability program” used interchangeably, but these terms are not synonymous. So, let’s understand what is involved in the vulnerability management program.

October Patch Tuesday: Changes, urgent updates and what’s coming next
Microsoft has officially released its first delivery under the new servicing model, and there’s still some uncertainty about how the changes will affect organizations.

Most businesses don’t inspect cloud services for malware
The growing use of cloud services and the lack of visibility into sensitive information in the cloud can result in more damaging or costly data breaches.

SSHowDowN Proxy attacks using IoT devices
Akamai’s Threat Research team has identified a recent spate of SSHowDowN Proxy attacks whereby attackers are using Internet of Things (IoT) devices to remotely generate attack traffic by using a 12-year old vulnerability in OpenSSH.

Scan Ruby-based apps for security issues with Dawnscanner
Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby.

Steps to developing secure IoT products
The Cloud Security Alliance (CSA) released a new guidance report created to help designers and developers of IoT related products and services understand the basic security measures that must be incorporated throughout the development process.

WSF attachments are the latest malware delivery vehicle
WSF files are designed to allow a mix of scripting languages within a single file, can be launched like an executable, and are not automatically blocked by some email clients.

Google wants to revamp public Wi-Fi networks, but what about security?
Google recently announced Google Station, a suite of tools designed to make it easy to create, maintain and log in to Wi-Fi networks at places like parks, airports and coffee shops.

130,000 Avtech IP cameras, DVRs can be easily roped into IoT botnets
Security researcher Gergely Eberhardt has unearthed over dozen of vulnerabilities in most IP cameras, NVRs and DVRs by Taiwanese manufacturer Avtech, including things like plaintext storage of administrative password and authentication bypass flaws.

US officially accuses Russia of hacking to influence presidential election
With just a month left until the 2016 United States presidential election, the Department of Homeland Security and Office of the Director of National Intelligence officially stated that Russia is behind the recent hacks of US political targets.

ISIS suspect charged with researching encryption, encrypting website
A man from Cardiff, Wales, has been charged with six terrorism-related charges, including one that involves actions that are not usually considered illegal: researching encryption software, publishing instructions on how to use it, and encrypting a website.

UK prosecutors get new guidelines for pursuing cyberbullies, stalkersCyber bullying, virtual mobbing, doxxing, cyber stalking and harassment, revenge pornography – these are just some of the behaviors that the Internet and social media have enabled.

The impact of intelligent systems on IT teams
88% of IT professionals saying their organisation has already invested in one or more intelligent solutions, from bots, through smart business applications, to full-blown expert systems.

Reposify: An IoT search engine that you can integrate into your products
There are already several IoT search engines out there (Shodan, Censys, Thingful, etc.), but Israel-based Reposify has created a new one.

New Linksys WRT3200ACM open source Wi-Fi router is optimization ready
The WRT3200ACM is open source ready for complete flexibility and customization of networking functions or for optimizing the router for specific use cases such as gaming, security, advanced users/IT administrators or for commercial applications.