Here’s an overview of some of last week’s most interesting news and articles:
Fruitfly: Unusual Mac backdoor used for tightly targeted attacks?
The malware – detected as OSX.Backdoor.Quimitchin by Malwarebytes but dubbed Fruitfly by Apple – is believed to have been around for some years, but was never before flagged as a specific malware family.
In 2017, the digital will get physical when machines start to lie
The key to our connected existence is accurate data.
New Gmail phishing technique fools even tech-savvy users
An effective new phishing attack is hitting Gmail users and tricking many into inputing their credentials into a fake login page.
Advancing a standard format for vendors to disclose cybersecurity vulnerabilities
The work of the new OASIS Common Security Advisory Framework (CSAF) Technical Committee will enable greater interoperability among products and ensure that structured, machine-readable security advisories can be produced and consumed much more broadly.
Satan: A new Ransomware as a Service
If you’ve been hit by ransomware that has scrambled the names of your encrypted files and has appended the .stn extension to them, you’ve been targeted by Satan – not the “Prince of Darkness”, but by the eponymous new Ransomware as a Service.
Security audit of Dovecot mailserver reveals good security practices
Dovecot – a popular open source IMAP and POP3 server for Linux/UNIX-like systems – is as secure as its developers claim it is.
Kali Linux certification, first official Kali book on the horizon
The Kali Linux distribution celebrates its 10th anniversary this year. The hugely popular open source project, maintained by Offensive Security, announced today that its new Kali Linux Certified Professional (KLCP) will debut in Black Hat USA 2017.
Key Transparency: A secure directory of public encryption keys
Google has released Key Transparency, an open source public directory meant to simplify the discovery of intended recipients’ public encryption key.
The most common passwords of 2016
According to Keeper Security’s analysis of 10 million passwords leaked in 2016, four of the top 10 passwords on the list are six characters or shorter.
Apple’s malware problem is accelerating
For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the perceived invulnerability of Macs to all manner of computer nasties may not have any grounding in reality – or at least, not anymore.
Data breaches hit all-time record high, increase 40% in 2016
This raises the question: are there actually more breaches or is it because more states are making this information publicly available?
Accurate cross-browser fingerprinting is possible, researchers show
A group of researchers have come up with a browser fingerprinting technique that can allow interested parties to “identify” users across different browsers on the same machine.
Meitu photo retouching app may be invading your privacy
Have you heard about Meitu, the photo retouching mobile app that turns people into more cutesy or beautiful versions of themselves? Chances are that even if you don’t know the app’s name, you’ve already seen examples of the final product posted on a social network of your choice.
Redefining the role of security in software development
By bringing development, security and operations teams together, organisations have the opportunity to create a culture of secure software development.
Spora ransomware could become the new Locky
Spora (meaning “spore” in Russian) is spread by email, but it can also spread via USB drives.
Retailers largely lack on-site security and IT expertise
A new Cybera survey of more than 50 retail professionals found that many retailers lack the necessary IT staff at the store level to ensure proper solution implementation and security.
Majority of SOCs are below optimal maturity levels
Hewlett Packard Enterprise (HPE) examined nearly 140 SOCs in more than 180 assessments around the globe.
RSA Conference Innovation Sandbox Contest 2017 finalists announced
The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry.
Patch and security management take 8 hours per month for most companies
Shavlik and AppSense used VMworld Europe 2016 to collect data from frontline experts, and to highlight patch management and security concerns in corporations.
SWIFT systems of three Indian banks compromised to create fake trade documents
Attackers usually use banks’ compromised SWIFT system to send information about fraudulent financial transactions, but in attacks aimed at three government-owned banks in India, they chose to create fake trade documents such as letters of credit and guarantees.
New infosec products of the week: January 20, 2017
A rundown of infosec products released last week.