Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware

Here’s an overview of some of last week’s most interesting news, interviews and articles:

More than a year after GDPR implementation, half of UK businesses are not fully compliant
52% of UK businesses are not fully compliant with the regulation, more than a year after its implementation, according to a survey of UK GDPR decision-makers conducted on behalf of Egress.

Simjacker vulnerability actively exploited to track, spy on mobile phone owners
Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users.

Cybersecurity issues can’t be solved by simply buying a product
Year after year, data breach losses continue to rise and the cybercrime economy continues to thrive. What is the cybersecurity industry doing wrong?

Mini eBook: CISSP Practice Tests
Download the mini eBook for a sneak peek into the Official (ISC)² CISSP Practice Tests book.

Review: Cyberdanger
Whether you’re already familiar with cybersecurity or want to educate yourself on the topic, Cyberdanger is a great read.

Critical Exim flaw opens servers to remote code execution, patch now!
The Exim mail transfer agent (MTA) is impacted by a critical vulnerability that may allow local or unauthenticated remote attackers to execute programs with root privileges on the underlying system.

Sandboxie becomes freeware, soon-to-be open source
Sophos plans to open source Sandboxie, a relatively popular Windows utility that allows users to run applications in a sandbox. Until that happens, they’ve made the utility free.

281 BEC scammers arrested in worldwide law enforcement action
Federal authorities announced a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens.

IIoT security challenges: Dealing with cutting edge technologies
Dr. Jesus Molina is the Director of Business Development at Waterfall Security Solutions, and in this interview with Help Net Security he talks about the security issues related to emerging technologies.

Is your smartphone secretly listening to you?
The question of whether our smartphones are always listening to us is cropping up on online forums and Twitter almost daily, and most users have had the experience of talking about something then, soon after that, seeing online ads about that specific thing. But are the phones (or apps) actually “listening”?

Office 365 security: Automated incident response based on playbooks
Five months after introducing Automated Incident Response in Office 365 ATP, Microsoft has announced it’s making it more widely available.

eBook: A new gold standard for OT security monitoring
Intrusion detection and security monitoring are mature disciplines on enterprise IT networks but provide limited visibility into operations/OT control systems networks.

Bots evolving to better mimic humans during elections
Bots or fake accounts enabled by artificial intelligence on social media have evolved and are now better able to copy human behaviors in order to avoid detection, according to USC Information Sciences Institute (USC ISI) computer scientist, Emilio Ferrara.

Shine a light on shadow IT to improve organizational resilience
Shadow IT is one of the biggest challenges facing organizations today. According to Gartner, by 2020, a third of all cybersecurity attacks experienced by enterprises will be from their shadow IT resources.

SMBs show no improvement in IT maturity levels, security remains top concern
IT groups at small and midsize businesses (SMBs) show no improvement in IT maturity levels in three years, while security remains top concern, a Kaseya survey reveals.

More than 99% of cyberattacks rely on human interaction
Cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, steal data, and more, according to Proofpoint.

IoT attacks increasing in the cyber underground
Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes, according to Trend Micro.

Security holding back employers from meeting employees’ remote working expectations
Less than a third (32%) of UK workers are allowed to work remotely whenever they want, according to research from Capita which uncovers employee attitudes to remote/flexible working and the challenge employers face meeting their expectations of IT to do so.

New infosec products of the week: September 13, 2019
A rundown of infosec products released last week.

More about

Don't miss