Week in review: Masking printers’ tracking dots, anti-privacy dark patterns, and WPA3

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

Here’s an overview of some of last week’s most interesting news and articles:

How Facebook and Google nudge users to make anti-privacy choices
Facebook, Google and Microsoft use design techniques and tricks to steer users toward sharing more information about themselves.

Mobile is the new frontier for malicious bots
Distil Networks analyzed over 100 million mobile devices on its networks. The findings suggest that sophisticated cybercriminals and bot operators now implement a new technique—leveraging mobile devices – to avoid detection and execute a number of nefarious acts.

Has your security evolved to counter Ocean’s Eleven of threat scenarios?
A risk-based approach to securing your organization is paramount to ensuring you invest your time, money and resources in an effective way.

Researchers release app that masks printers’ tracking dots
Did you know that nearly all modern color laser printers put tracking patterns of tiny yellow dots on each piece of paper they print? They are effectively invisible to the naked eye and they are ostensibly used to identify suspects in criminal counterfeit investigations. But they can also be used to track down political dissenters or leakers.

Identity verification: Staying ahead of post-breach era consumer preferences
Consumers must trust that businesses will protect them, and businesses must trust that they’re dealing with legitimate consumers.

How criminals abuse IDNs to conduct malicious activities
New research from Farsight Security examines the prevalence and distribution of IDN lookalike domain names, also called homographs, over a 12-month period with a focus on 466 top global brands across 11 vertical sectors ranging from banking to retail to technology.

For the love of a good IT book: The No Starch Press story
When No Starch Press founder Bill Pollock decided that his new venture would go for quality instead of quantity, he made the right choice. “We haven’t had a down year in at least the last 23. This year who knows? I hope we’ll be up but I’m not guessing,” he told Help Net Security.

IT chiefs keep obsolete systems running just to keep data accessible
89 per cent of IT decision makers in UK enterprises admit they are keeping old or legacy applications alive just to keep the historical data accessible, according to a new study. They recognize, however, that retaining these obsolete systems leaves businesses more open to security threats.

Know what’s happening on your network and make the most of your security tools
In an ideal world, all organizations would know at all times exactly what’s happening on their network: they would have deep enough pockets to buy the equipment and engage the personnel necessary to achieve this knowledge, no matter how much the speed and size of their network increases. In this world, though, budgetary constraints force organizations to often ask themselves “Can we make do without this or will we have enough money for that?”

Cisco ASA and Firepower flaw exploited in the wild
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online.

Data guides the new security perimeter
An assessment of the data breaches that crop up like weeds each year supports the conclusion that companies, absent data governance, wind up building security architectures strictly from a technical perspective.

Managing and maintaining security in the enterprise
With the ever-increasing focus on deep, real-time data compliance, organizations are faced with a new challenge: how to modernize old reporting practices to meet the needs of the new age of IT security?

WPA3: Next generation of Wi-Fi security now available
WPA3 security continues to support the market through two distinct modes of operation: WPA3-Personal and WPA3-Enterprise. All WPA3 networks use the latest security methods, disallow outdated legacy protocols, and require use of Protected Management Frames (PMF) to maintain resiliency of mission critical networks.

HMRC collected voiceprints of 5.1 million UK taxpayers
Her Majesty’s Revenue and Customs (HMRC) has collected voiceprints of some 5.1 million UK taxpayers without their explicit consent, and won’t reveal whether these IDs are shared with other government departments.

Whitepaper: Managing users and authentication with on-premises Active Directory for O365
The move to Office 365 (O365) requires IT departments to make some tough decisions regarding how and where to manage users and authentication. To confuse the picture further, there are many different options an organization can take, from out of the box Microsoft to using a third party solution.

Cybercriminals will gravitate to criminal activity that maximizes their profit
McAfee released its McAfee Labs Threats Report: June 2018, examining the growth and trends of new malware, ransomware, and other threats in Q1 2018.

91% of critical incidents involve known, legitimate binaries like PowerShell
Opportunistic threat actors are leveraging trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources.

Underground vendors can reliably obtain code signing certificates from CAs
More and more malware authors are switching to buying new, valid code signing certificates issued by Certificate Authorities instead of using stolen (compromised) ones, researchers have found.

Losses due to BEC scams are escalating
Despite falling down on the list of most often reported Internet-facilitated crimes, Business Email Compromise/Email Account Compromise is still the type of crime that results in the biggest losses.

Digital transformation: Visibility compliance in a transitional world
In this podcast, Darron Gibbard, Chief Technical Security Officer EMEA at Qualys, discusses digital transformation challenges, and illustrates what an organization has to do in order to stay compliant in this ever-changing world.

New infosec products of the week​: June 29, 2018
A rundown of infosec products released last week.