Week in review: Risk assessment, fileless attacks, and the most hackable holiday gifts

Here’s an overview of some of last week’s most interesting news and articles:

Review: EU GDPR Documentation Toolkit
The General Data Protection Regulation (GDPR) aims to strengthen data protection for all individuals within the EU (citizens and residents). It was adopted in April 2016, and it becomes enforceable from 25 May 2018.

Sneaky malware downloader found in apps on Google Play
Google has removed from Google Play eight apps that have served as downloaders for Android banking malware.

Free security tool protects Internet users through DNS
IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) launched a free service designed to give consumers and businesses added privacy and security protection as they access the Internet.

The long tail of phishing attacks
Targeted phishing has become the single most effective attack type in the world today.

Google will remove apps that misuse Android Accessibility Services from Google Play
Android app developers whose offerings implement Accessibility Services for reasons other that helping users with disabilities use their apps have less then 30 days to switch to other methods, or risk their apps being removed from Google Play and their developer account terminated.

Is your CCTV system GDPR compliant?
Organisations are putting themselves at risk of breaching the GDPR because they’re failing to realise that the new regulation covers their CCTV systems and the visual data they collect.

IcedID: Original new banking Trojan emerges
IcedID, a new banking Trojan that does not seem to have borrowed code from other similar threats, has entered the financial cybercrime arena.

Half of organizations do not audit SSH entitlements
Cybercriminals, such as malicious insiders, use SSH keys to access systems from remote locations, evade security tools and escalate privileges.

What motivates bug hunters?
Crowdsourced security penetration testing outfit Bugcrowd has released its second annual “Mind of a Hacker” report, to provide insight into bug hunters’ motivations and preferences, and help companies tailor their bug bounty initiatives so they can lead to better results for everyone.

Sharp rise in fileless attacks evading endpoint security
A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit.

Firefox Quantum: Security and privacy improvements
Mozilla has released Firefox 57, aka Firefox Quantum. It comes with many performance improvements, security fixes and enhancements.

For strong unified communications security, behavioral analytics is critical
Attacks against unified communications (UC) are some of the fastest growing and most misunderstood threats organizations face today, with the main threats being denial of service, toll fraud and data exfiltration.

Governments manipulate social media, threaten global Internet freedom
Governments around the world are dramatically increasing their efforts to manipulate information on social media, threatening the notion of the Internet as a liberating technology, according to Freedom House.

Risk assessment: The first step in improving cyber security
A comprehensive risk assessment needs to not only take into account the internal processes at the company, but also a variety of third parties including suppliers and contractors, as well as the role of an increasingly mobile workforce.

A third of US businesses do not feel prepared for GDPR deadline
New research by Censuswide captures the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as their perceptions on the new regulation’s business impact.

Rise and evolution of ransomware attacks
While enterprises are just now preparing themselves to fight these threats, ransomware is not new.

Safeguard mobile devices: VPNs and personal firewalls are vital
Digital containers can also be used to protect data like a virtual safe and only release data once a secure connection is established to the company network.

How to stop Emotet malware from infecting your computer
The Emotet banking Trojan has been around since 2014. It continues to evolve, and has even been spotted acting like a distribution method for other banking malware.

Infosec expert viewpoint: IoT security initiative
IoT went quickly from buzzword to mainstream, and connected devices have become common in households and enterprises around the globe. A worrying lack of regulation has fueled a plethora of security problems causing headaches to security teams and endangering end users.

Bot-driven web traffic and its application security impact
Bots conduct 52% of all Internet traffic flow. For some organizations, bots represent more than 75% of their total traffic. This is a significant finding considering one-in-three organizations cannot distinguish between ‘good’ bots and ‘bad’ ones.

This year’s most hackable holiday gifts
McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this holiday season.

The tools criminals use to prepare a stolen iPhone for resale
Reselling stolen mobile phones is a lucrative business all over the globe, and iPhones are very much in demand.

Critical flaws open Foscam C1 IP cameras to compromise
Cisco Talos researcher Claudio Bozzato has unearthed a dozen of critical vulnerabilities affecting the Foscam C1 series of indoor HD cameras.

New infosec products of the week​: November 17, 2017
A rundown of infosec products released last week.

More about

Don't miss