Week in review: ATM attacks, security automation, hacking for fun and profit

Here’s an overview of some of last week’s most interesting news and articles:

iOS users are 18x more likely to be phished than to download malware
Phishing is the number one mobile threat affecting organizations. The Wandera’s Phishing Report 2018 shows that iOS users are 18x more likely to be phished than to download malware, and that 4000 new mobile phishing websites are launched every day.

Social media: The zero-trust game
Our value today is measured in numbers. Followers, connections, likes, tweets, and impressions now count toward not only the value of our opinions but also quantify our sphere of influence. These metrics, however, are easily manipulated to such an extent that even elections have allegedly been at the mercy of the social media numbers game.

Organisations across the UK are still struggling with ransomware
Webroot surveyed over 400 IT decision makers at UK businesses and found that 45 per cent of those surveyed had suffered a ransomware attack, with nearly a quarter (23 per cent) actually paying the ransom.

Leveraging security analytics to investigate and hunt modern threats
In this interview, Gary Golomb, co-founder at Awake Security, talks about how machine learning help develop a scalable enterprise cybersecurity plan, what technologies can make a security analyst’s job easier, he outlines the essential building blocks of a modern SOC, and much more.

ATM attacks: How hackers are going for gold
With confirmed strains of malware like Ploutus.D being used in ATM jackpotting attacks on U.S. soil, jackpotting can be added to the growing list of popular ATM attack types, including skimming, shimming and network-based attacks.

Hacking for fun and profit: How one researcher is making IoT device makers take security seriously
We should all be so lucky to enjoy our work as much as Ken Munro does. Generally attracted by research that “looks fun” and particularly interested in probing the security of technologies that have yet to be comprehensively investigated by security researchers, for the past few years Munro has been poking and probing consumer Internet of Things devices, and doing things such as denial of service attacks on Wi-Fi-enabled kettles, or showing that you can make a Bluetooth-enabled doll swear and listen in on users.

Build security into software up front: Believe it or not, it’s cheaper and faster
“You can pay me now, or you can pay me later” was the tagline of a 1981 ad promoting oil filters. Seems simple, but the implied message was much stronger: It wasn’t about paying the same amount now or later. It was about paying a little now for an oil change or vastly more for an engine rebuild later—which made the choice pretty much a no-brainer. For anybody in the business of building software products, the same logic applies.

How to adopt the mindset of continuous security for security operations
In this podcast recorded at RSA Conference 2018, Dino Dai Zovi, co-founder and CTO at Capsule8, talks about what continuous security is, and how you should bring more of this mindset to your security operations.

Do young people hold the key to closing the cybersecurity talent gap?
With limited educational opportunities and exposure to cybersecurity, the lack of qualified job candidates will persist.

Cybercriminals are turning to Telegram due to its security capabilities
Check Point researchers have revealed that cybercriminals are increasingly exploiting the popular messaging app, Telegram, to exchange information, recruit new partners and evade authorities.

Why collaboration can be a killer app for defense
In this podcast recorded at RSA Conference 2018, Travis Farral, Director of Security Strategy at Anomali, talks about the impact of blue team collaboration. Discover why collaboration is important, and how it can impact your organization.

Are SMBs driving the adoption of security automation by enterprises?
If you tracked the lifecycle of new security technologies, you’d likely see that most start as enterprise solutions and eventually trickle down to small and medium-sized businesses (SMBs). However, right now the reverse is happening with regards to security automation.

Risky business: Are mobile employees compromising business info?
While many businesses are increasingly investing in digital security strategies in light of heightened cyber attacks, physical data is often overlooked.

Breach activity declines, number of compromised records remains high
After year over year increases in the number of reported data breaches, Risk Based Security has released the results of their Q1 2018 Data Breach QuickView Report, showing the number of breaches disclosed in the first three months of the year fell to 686 compared to 1,444 breaches reported in Q1 2017.

GDPR Rails: Community GDPR compliance tool
Prey Software announced GDPR Rails, an open source tool set designed to help small to mid-sized businesses comply with the General Data Protection Regulation (GDPR).

SAP systems: The threat of insecure configurations
Onapsis researchers revealed a critical security configuration vulnerability that results from default installations in SAP systems which if left insecure, could lead to a full system compromise in unprotected environments. In this podcast recorded at RSA Conference 2018, Sebastian Bortnik, the Director of Research at Onapsis, talks about the discovered vulnerability and its impact.

New infosec products of the week​: May 11, 2018
A rundown of infosec products released last week.

More about

Don't miss