Week in review: PowerPoint malware delivery, dark web fraud guides, security through APIs

Here’s an overview of some of last week’s most interesting news and articles:

UK ICO offers grants for practical privacy research
The programme is open to academic institutions, civil society groups, trade and industry associations and organisations with a genuine commitment to public benefit outcomes. Proposals do not need to be technology based but must have practical application and provide real world solutions for the UK public and organisations.

New PowerPoint malware delivery technique tested by spammers
A spam run detected by several security companies has attempted to deliver malware through an innovative technique: a link in a PowerPoint slideshow.

Unprotected database exposes VINs, owner info of 10 million cars
A database containing information on 10 million cars sold in the US and personal information about their owners has been found exposed online.

Google game teaches kids about online safety
Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder. To that end, Google has launched a new program called Be Internet Awesome, which includes an online video game called Interland, a classroom curriculum, and a YouTube video series.

Foscam IP cameras riddled with gaping security holes
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months ago, Foscam has still not fixed the issues.

Al-Jazeera reportedly hit by systematic hacking attempts
Al-Jazeera, the Doha-based broadcaster owned by the ruling family of Qatar, said the websites and digital platforms of Al Jazeera Media Network, its parent company, “are undergoing systematic and continual hacking attempts.”

Backdoored Firefox extension checks Instagram for C&C info
Turla, an APT cyberespionage group that has been targeting corporations, intelligence and other government agencies for years, is using a malicious Firefox extension to backdoor targets’ systems.

Whitepaper: Confronting advanced threats as an organization
In this whitepaper, you’ll learn what email security threats are most common for emerging businesses today, as well as what innocuous behaviors and habits are most dangerous, and how cyber criminals use social engineering tactics to exploit them for their own profit.

Enterprise endpoint security: Millions of devices still running outdated systems
Duo Security analyzed the security health of 4.6 million endpoint devices, including 3.5 million mobile phones across multiple industries and geographic regions.

Stealthy DDoS attacks distract from more destructive security threats
The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions.

It’s time for a common sense security framework
Privacy Rights Clearinghouse maintains a database of every data breach made public since 2005, and as the total number of records rapidly approaches one billion, board members, infosec leaders, and consumers are all asking the same question: Why does this keep happening?

Websites built by freelance developers are plagued with security failures
To test whether “budget” developers take security in consideration, the Tripwire Vulnerability and Exposure Research Team (VERT) took on a non-technical persona and hired nearly 20 developers to create a website, with bids going up to $250.

Email-borne threats: Watch your inbox closely on Thursdays
Malicious email attachment message volume spikes more than 38% on Thursdays over the average weekday volume. On the other hand, Wednesday is the peak day for banking Trojans.

Malicious ads trigger drive-by download of persistent Android adware
The malicious ads were posted on forums, including one named GodLikeProductions, a relatively popular site that serves a community of conspiracy theorists.

GnuPG developers start new fundraising effort
“We want to continue this work in the long term. But, we want to do so in such a way that our first loyalty is unambiguously to the general public. This means making sure that a majority of our funding comes from individual donors, and not corporations,” the developers say.

Dark web fraud guides reveal potential threats to orgs
An in-depth look at content from more than 1,000 fraud guides available for sale on the dark web revealed that the majority of these guides are useless. Still, as many as 20 percent have the potential to cause financial harm to individuals and organizations by instructing readers how to exploit legitimate policies and processes or use malicious code against an organization’s systems.

The cost of IoT hacks: Up to 13% of revenue for smaller firms
Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach, which can cost up to 13% of smaller companies’ annual revenue.

Introducing security into software through APIs
APIs are also a great way to implement/enhance the information security aspects of a product.

Google CTF 2017 announced: Test your skills!
The teams that earn the ten highest scores will be invited to participate in the final round. The team that wins in the final (again, by achieving the highest point score) will get $31,337.

New infosec products of the week​: June 9, 2017
A rundown of infosec products released last week.

More about

Don't miss