Week in review: PoisonTap compromises locked computers, how hackers will exploit IoT in 2017

Here’s an overview of some of last week’s most interesting news, podcasts, reviews and articles:

Researchers reveal WiFi-based mobile password discovery attack
A group of researchers has come up with WindTalker, a new attack method for discovering users’ passwords and PINs as they enter them into their smartphones.

New users flock to ProtonMail in wake of Trump’s victory
ProtonMail is a Swiss-based secure email service launched by a group of CERN and MIT scientists in 2013.

Ransoc browser locker/ransomware blackmails victims
An unusual combination of browser locker and ransomware, dubbed Ransoc by researchers, is targeting users who visit adult sites.

Review: iStorage diskAshur Pro SSD
The iStorage diskAshur Pro SSD is the hard drive for users with security on their mind.

Traveling on business? Beware of targeted spying on mobile
Corporate spying is a real threat in the world of cyber war. Employees traveling on behalf of their company could create opportunities for sophisticated adversaries to take sensitive corporate data. This is especially true if they are not careful with their mobile devices.

Low-cost PoisonTap tool can compromise locked computers
Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.

Fraudsters accessed Three UK customer database with authorised credentials
Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach.

8 million GitHub profiles scraped, data found leaking online
Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. The backup of the database was downloaded by at least one third party, and it’s likely being traded online.

Encryption ransomware hits record levels
PhishMe’s Q3 2016 Malware Review identified three major trends previously recorded throughout 2016, but have come to full fruition in the last few months

How hackers will exploit the Internet of Things in 2017
Here are three IoT threats likely to emerge in 2017 and what organizations can do to protect themselves.

Why Unidirectional Security Gateways can replace firewalls in industrial network environments
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about Unidirectional Security Gateways. They can replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks.

Final warning: Popular browsers will soon stop accepting SHA-1 certificates
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates. Other browser makers plan to do the same.

Researchers identify domain-level service credential exploit
The exploit could allow cyber attackers to harvest encrypted service credentials from the registry and inject them into a new malicious service to achieve lateral movement and full domain compromise.

Dangerous Android threat points to Italian spyware maker
A piece of Android spyware recently analyzed by researchers with the RedNaga Security team seemed to be yet another Hacking Team spying tool but, according to more recent revelations, another Italian company is its likely source.

Compromised: 339 million AdultFriendFinder users
Friend Finder Networks, the company that operates sites like Adultfriendfinder.com (“World’s largest sex & swinger community”), and Cams.com (“Where adults meet models for sex chat live through webcams”) has been breached – again!

Weave a web of deception to secure data
How can organizations leverage deception-based network security to keep sensitive data safe? Here are three basic steps what to look for.

Analyzing the latest wave of mega attacks
A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record‑setting DDoS attacks caused by the Mirai botnet.

Cloud adoption hits all-time high, Microsoft and Google dominate
Fifty-nine percent of organizations worldwide now use Office 365 or G Suite, up from 48 percent in 2015.

Critical Linux bug opens systems to compromise
Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on affected Linux systems.

Facebook, Google ban fake news sources from their ad networks
Despite Mark Zuckerberg’s dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads.

The new age of quantum computing
Quantum encryption is the holy grail of truly secure communications. If and when quantum computing becomes a widespread reality, many public-key algorithms will become obsolete.

Consumer and business perspectives on IoT, augmented reality risks
As every business becomes a digital business, the spread of technology such as augmented reality (AR) and Internet of Things (IoT) devices can add significant business value and personal convenience. Yet a new study from ISACA shows that consumers and IT professionals disagree on the risks and rewards.

Waterfall BlackBox: Restoring trust in network information
Waterfall Security Solutions announced the launch of the Waterfall BlackBox, developed to maintain the integrity of log repositories in the event of a cyber attack. Based on Waterfall’s patented unidirectional technology, the Waterfall BlackBox creates a physical barrier between networks and logged data, so that stored logs become inaccessible to attackers who are trying to cover their tracks.

Cyber risk in advanced manufacturing: How to be secure and resilient
Study results indicate nearly 40 percent of surveyed manufacturing companies were affected by cyber incidents in the past 12 months, and 38 percent of those impacted indicated cyber breaches resulted in damages in excess of $1 million.

New infosec products of the week​: November 18, 2016
A rundown of infosec products released last week.

More about

Don't miss