Here’s an overview of some of last week’s most interesting news, articles, and whitepapers:
British teenager hacked top ranking US officials using social engineering
How did British teenager Kane Gamble, who at the time was only 15 years old, manage to break into email accounts of the CIA and DNI chiefs, as well as gain access to a number of sensitive databases and plans for intelligence operations in Afghanistan and Iran? The answer is social engineering.
Download: 2018 Cybersecurity Checklist
Today’s attacks are spreading faster, evolving quicker, and evading even the most widely used security solutions. But that doesn’t mean you can’t fight back. Get practical recommendations for preventing and mitigating the latest attacks with this free checklist.
Rise in cryptomining malware impacts organizations worldwide
Cybercriminals are increasingly turning to cryptominers to develop illegal revenue streams, while ransomware and malvertising adware continue to impact organizations worldwide.
Old Bitcoin transactions can come back to haunt you
A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services.
ICO protection: Key threats, attack tools and safeguards
Group-IB has analyzed the basic information security risks for the cryptoindustry and compiled a rating of key threats to an ICO (initial coin offering).
How cybercriminals abuse the travel and hospitality industry
With the right combination of other underground services (compromised accounts, credit cards, etc.) it is possible to cover almost every aspect of the holidays, including food and restaurants, shopping, entertainment, guided tours and more.
Industries most at risk of phishing attacks revealed
A new KnowBe4 study of phishing statistics for top industries, shows small insurance companies have the highest percentage of phish-prone employees in the small to mid–size organization category. Not-for-profit organizations take the lead in large organizations.
Intel testing new Spectre fixes, tells everyone to hold off on deploying current firmware updates
Shortly after Red Hat stopped providing microcode to address variant 2 (branch target injection) of the Spectre attack, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current firmware updates that fix the same vulnerability (CVE-2017-5715).
Download: The Ultimate Guide to the CISSP
The CISSP is an elite way to demonstrate your knowledge, advance your career, and join a community of like-minded cybersecurity leaders. Earning your CISSP will show your employer that you have all it takes to design, engineer, implement, and run an information security program. The Ultimate Guide to the CISSP is a must-have resource if you are planning to sit for the exam – and it was developed by (ISC)², the creator of the CISSP Common Body of Knowledge (CBK).
Human trafficking victims forced to defraud Chinese computer users
Late last week, the Croatian police executed a coordinated raid on two houses where 59 individuals were confined and forced into defrauding Chinese and Taiwanese computer and smartphone users through a police-ransom-type-of-scheme.
Fake cryptocurrency wallet carries ransomware, leads to spyware
People around the world are rushing to acquire all kinds of cryptocurrency, hoping that prices will go up and they will be rolling in money when they sell their investment stash. Criminals have, expectedly, noticed the rush and are doing their level best to cash in on it. The latest attack on cryptocurrency-hungry users comes in the form of fake wallet software carrying ransomware.
GDPR: Whose problem is it anyway?
Effective GDPR compliance requires well-defined roles and division of responsibilities, as well as strong interdepartmental partnerships. Above all, it’s a team effort, and clear communication is the key.
Facebook, Microsoft announce new privacy tools to comply with GDPR
One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being processed.
Good privacy is good for business, so pay attention
Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study.
Escape future ransomware attacks by leveraging the right technology
Devising a ransomware defense plan isn’t easy. If you’re wondering where and how to start, here’s a short cheat sheet on a few security mechanisms that are especially helpful in preventing and detecting ransomware threats.
Alphabet enters enterprise cybersecurity market, launches Chronicle
Google’s parent company Alphabet has announced its entry into the lucrative enterprise cybersecurity market through Chronicle, a company started in early 2016 as a project at X, Alphabet’s “moonshot factory.” VirusTotal, a malware intelligence service acquired by Google in 2012, will be become a part of the new company, but Chronicle will also offer a new product.
PCI Council sets security requirements for mobile point of sale solutions
The PCI Security Standards Council has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf (COTS) devices such as smartphones and tablets.
DuckDuckGo offers new privacy extension and app
DuckDuckGo Privacy Essentials forces websites to serve users with an encrypted version of the site, blocks third-party trackers, and provides information about website’s terms of service and privacy policies.
Cybercriminals stole $172 billion from 978 million consumers in the past year
In the United States, 143 million consumers were victims of cybercrime – more than half the U.S. adult online population.
New infosec products of the week: January 26, 2018
A rundown of infosec products released last week.