Week in review: Leaked Windows exploits, mobile payment card cloning

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Here’s an overview of some of last week’s most interesting news and articles:

Microsoft patched the flaws allowing leaked Windows exploits to work
Microsoft has patched the vulnerabilities that allowed nine of the exploits released by the Shadow Brokers on Friday to work, and said that of the three remaining exploits, none will work on supported platforms.

Bracing for the Denial of Things
Every benefit of technology invariably brings with it a level of dependency on the services that technology provides.

Why businesses should care about identity theft
Identity theft is a type of fraud that’s directed squarely against individuals, but to believe that businesses don’t suffer any consequences or costs associated with it is simply wrong.

Attackers can steal smartphone users’ PINs by tapping into data collected by mobile sensors
Researchers have demonstrated that a malicious website or app could work out smartphone users’ PINs or passwords based just on the data collected by various motion sensors on modern mobile devices.

MS Office zero-day is used to infect millions of users with Dridex
A (now patched) MS Office vulnerability is being exploited to deliver the infamous Dridex banking malware, and the attack doesn’t rely on users to enable macros or do anything else except opening the booby-trapped document.

Pressures security professionals face have become more personal
While 53% of security professionals report increased pressure in trying to secure their organization, there has been a shift in the source of this stress.

Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. They have now published PoC exploit for it.

Similarities in partial fingerprints may trick biometric security systems
No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.

Mobile payment card cloning: Understanding the risks
Mobile contactless payments have grown exponentially and Host Card Emulation (HCE) – the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware – has also boosted the number of applications.

Evolution of security operations from reactionary survival mode to forced sophistication
The most security-sensitive companies approach their job and their day with the default assumption that they have been hacked, and they set out to prove that important components of their environment are safe.

IoT devices under attack: Amnesia hijacks, BrickerBot destroys
Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets. Security researchers have recently highlighted two of these threats coming after Linux- and BusyBox-based systems and devices.

Hacking tools in Vault 7 data dump linked to prolific cyber espionage group
While security researchers and companies go through the collection of hacking tools contained in the data dump that the Shadow Brokers failed to sell, Symantec has tied hacking tools from WikiLeaks’ Vault 7 documents to “Longhorn,” a cyber espionage group whose activity they have been following for years.

How fraudsters stole millions with the help of a legitimate online tool
Identity thieves have managed to steal $30 million from the US Internal Revenue Service by taking advantage of an online tool designed to help students fill out financial aid applications.

Of machines and men: AI and the future of cybersecurity
Artificial intelligence has become so important for the industry that this relationship could already be described as symbiotic.

Cyber insecurity is pervasive, citizens feeling concerned and vulnerable
More than three-quarters of U.S. citizens (79 percent) are concerned about the privacy and security of their personal digital data, and 63 percent say they would feel more confident if the government agencies and service providers with which they interact had stronger data-privacy and security policies.

Hack of emergency siren system kept Dallas citizens up for hours
It was initially thought that the emergency sirens system was malfunctioning, and fire dispatch crews were tasked with shutting the sirens off manually. It took a while for the authorities to discover what was going on, but they finally managed to figure out the system was being repeatedly hacked.

270,000 customers affected in UK loan firm Wonga data breach
The data that was accessed by the attackers includes the name, e-mail address, home address, and phone number of around 245,000 customers in the UK and 25,000 customers in Poland, as well as the last four digits of their payment card number and/or their bank account number and sort code.