Week in review: Tesco Bank breach, and a checklist for people who understand cyber security

Here’s an overview of some of last week’s most interesting news and articles:

Bug in Chrome for mobile exploited for drive-by Android malware downloads
Users of the mobile version of Google Chrome should be extra careful when faced with unsolicited offers to install a popular app.

20,000 affected by Tesco Bank security breach
Several of the customers commented online that they had never used the card they received for their affected account, so it seems that the cards were never skimmed at an ATM or a retailer’s PoS system.

Tesco Bank hack shows that attackers continue to follow easy money
Large banks have committed extensive resources to protecting their critical information and money. Gaps still remain though, especially with smaller financial institutions and organizations that are only now coming around to thinking about security.

Review: The Basics of Cyber Safety
Do I own the information I publish on Facebook? Where should I store my files? How can I remove content from the Internet? What is encryption and how should I use it? How can I encrypt my mobile device? How can I protect myself on social media? These are just some of the question this book gives an answer to, and it does so simply and clearly.

Pawn Storm raced to pop many targets before Windows zero-day patch release
No matter how much we wish that it isn’t so, security updates are rarely implemented as soon as they are pushed out.

TrickBot banking Trojan is the next big threat
After months of testing, a new banking Trojan called TrickBot is being aggressively slung at owners of personal and business bank accounts in UK and Australia.

Navigating a way through the cloud
There are many challenges to a successful hybrid cloud implementation, but they can be overcome.

OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts
The flaw can be exploited remotely, with no involvement and/or awareness of the victim.

Dutch police takes over darknet market, posts warning
As law enforcement agencies around the world continue taking down online markets on the Dark Web, the Dutch National Police and the nation’s Public Prosecution Service are trying out a new strategy for deterring sellers and buyers of illegal goods.

A checklist for people who understand cyber security
Most detailed checklists are designed to be applied mechanically by technically proficient idiots. The US-CCU Cyber-Security Matrix is designed to be applied intelligently and creatively by people who actually know what they are doing.

CloudConnect: Enabling the Industrial Internet of Things
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about Unidirectional CloudConnect, an essential enabler for the Industrial Internet of Things. CloudConnect transmits the unified data securely out of the site and into the industrial cloud.

Telecrypt ransomware uses Telegram for command and control
Telecrypt, a newly spotted piece of crypto ransomware that uses Telegram’s communication protocol to deliver the decryption key to the crooks, is targeting Russian-speaking users.

Signal Protocol’s crypto core has no major flaws, researchers find
A group of computer science and cryptography professors and doctoral students has effected a security analysis of the secure messaging Signal Protocol – specifically, of its Key Agreement and Double Ratchet multi-stage key exchange protocol (the effective cryptographic core).

How to prepare your company for cybersecurity threats
You can’t send your IT teams to law school, deputize your executives for international manhunts or break the bank hiring professionals to hunt down cybercriminals who aren’t likely to be caught. Instead, try these three steps, which every business should consider before they suffer a hack.

SMBs risk data security by using free cloud storage
11% of SMBs are storing banking information and 14% are storing medical records in free cloud storage.

GDPR privacy, preparations and understanding
A new GDPR privacy benchmarking study by IAPP and TRUSTe provides insight into how companies are preparing for the sweeping changes to privacy laws under the EU General Data Protection Regulation (GDPR).

Exposing voting machine vulnerabilities
Cylance announced the successful exploitation of critical vulnerabilities in a common model of voting machine. The exploitation of these vulnerabilities was previously thought to only be theoretical.

14 arrested for laundering millions stolen with malware
The money was stolen after the victims were infected with Dridex and Dyre malware, which collected their bank details and allowed the criminals to access their bank accounts.

10 predictions on IT changes over the next 36 months
Today’s IT organizations are divided into two camps: those that thrive by effectively leveraging digital technologies, new business models, and entrepreneurial cultures; and those that are saddled by technical debt, plodding business processes, and lack of a digitally-fueled vision for the future.

Submissions are open for RSA Conference Innovation Sandbox Contest 2017
The 12th annual Innovation Sandbox Contest at RSA Conference is now accepting submissions to name the “RSAC Most Innovative Startup 2017.” Past winners include successful companies such as Sourcefire, Imperva, Waratek, and most recently Phantom.

Millions of job seekers’ info exposed via easily accessible database backups
A data leak has exposed sensitive information about millions of job seekers that used global recruitment firm Michael Page.

New infosec products of the week​: November 11, 2016
A rundown of new infosec products released last week.

More about

Don't miss