Week in review: Open source security threats, secure C++ coding

Here’s an overview of some of last week’s most interesting news and articles:

Will blockchain liability be similar to Bitcoin liability?
Blockchain can be used for cryptocurrencies other than Bitcoin, and can be used for more than just cryptocurrencies. A Blockchain is a list of transactional records on a distributed ledger technology. Blockchain can be used to record real estate transactions, testing records, health care record storage and more.

Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities.

Hajime IoT worm infects devices to head off Mirai
Hajime is a piece of malware that works much like Mirai: it spreads via unsecured devices that have open Telnet ports and use default passwords. But unlike Mirai, it also secures the target devices by blocking access to certain ports.

What motivates youngsters to get into cybercrime?
A UK National Crime Agency report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime.

Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials.

Microsoft users can ditch password-based logins for phone sign-in 2FA
Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password.

An untold cost of ransomware: It will change how you operate
Many victims attacked are tempted to just pay the ransom and be done with it; a strategy that is more widely-used than you might think.

Oracle fixes Solaris 10 flaw targeted by leaked NSA exploit
Oracle has pushed out a record-breaking 299 fixes for vulnerabilities in its many, many products, and among them is a Solaris 10 bug whose existence has been revealed through Shadow Brokers’ latest data dump.

Fake LinkedIn emails phishing job seekers
Fake LinkedIn emails are hitting inboxes, trying to get recipients to hand over their CVs.

InterContinental confirms card data breach at over 1,000 locations
InterContinental Hotels Group (IHG) has reported last week that a huge number of their hotels in the US and Puerto Rico have been compromised with payment card information-slurping malware.

Security and the human factor: Creating a positive user experience
Building security for people and the way they work is critical in protecting against data breaches.

Linksys Smart Wi-Fi routers full of flaws, but temporary fix is available
Over 20 models of Linksys Smart Wi-Fi routers have been found to have vulnerabilities that, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, change restricted settings, and inject and execute commands on the operating system of the router with root privileges.

A third of employees say it’s common to take corporate data with them when leaving a company
Today’s workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data.

Attacks exploiting software vulnerabilities are on the rise
Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver dangerous code without arousing user suspicion.

Threat hunting still maturing and mostly ad-hoc
Threat hunting is still an immature practice that relies mostly on human intuition to conduct the searches.

Organizations are not effectively dealing with open source security threats
Open source use is ubiquitous worldwide and recent research reports show that between 80% and 90% of the code in today’s apps is open source.

Flashlight app on Google Play delivered highly adaptable banking Trojan
According to their analysis, the malware works on all Android versions, and is able to minimize its visibility on the infected phones, display fake (phishing) screens mimicking legitimate apps, intercept text messages, and temporarily lock the device to prevent victims from interfering with the crooks’ fraudulent activity.

New infosec products of the week​: April 21, 2017
A rundown of infosec products released last week.




Share this