1. Target's legal
woes continue to mount over its now-infamous data breach in 2013. Last week, a District Court judge in Minnesota ruled
that Target was negligent in its credit card data security and is therefore
liable to a class-action suit brought by banks affected by the hack. Following
the initial hack and disclosure in 2013, Target came under scrutiny from the
Justice Department and had its CEO step down in disgrace. The company has
already paid Visa $67 million for the trouble and attempted to give MasterCard
another $19 million, though that latter offering fell through.
2. Former AT&T
employees sued for fraudulently unlocking phones. In many markets across the world, service providers
offer mobile handsets with a software lock installed which prevents the user
from switching to competing networks. A US based company run by Prashant Vira,
bribed 3 AT&T employees and installed malware in their computers, through
which he could unlock any AT&T phone. AT&T says "hundreds of
thousands" of phones were unlocked as a result of this malware. AT&T's
charges include computer fraud, breach of loyalty and civil conspiracy.
3. Raytheon|Websense*
has been recognized by research and global advisory firm Forrester Research,
Inc. as a leader for the TRITON AP-WEB
with Web Cloud Module in the "Forrester Wave™: SaaS Web Content Security,
Q2 2015,” report. Forrester's independent, 26-criteria evaluation ranked
Websense among the highest scores for threat detection, automated malware
analysis, and endpoint support, as well as the top score among all vendors in
the reporting category. Websense also received among the highest scores in the
Data loss prevention — discovery and analysis category, authentication and
administration categories.
4. AirDrop,
Apple’s method for wirelessly transmitting data quickly, has a serious bug according to one security researcher. The problem
relates to security certificates, when a business wants to deploy apps outside
of the App Store, they ‘sign’ that software with an enterprise certificate. As
of now - bad actors can trick the device into accepting a fake certificate,
even if you never open an AirDropped file - this will give them root level
access to the device. For now, it’s a good idea to restrict AirDrop to contacts
only (or turn it off), and update to iOS 9 as soon as possible.
5. The head of
China's Cyberspace Administration, is holding a summit with US technology
companies. He's expected to further
press US technology companies operating in China to sign off on a pledge that
they will comply with Chinese information security policies—potentially giving
Chinese authorities direct access to user data. The terms of the pledge, which
the New York Times reports requires companies to “promise they would not harm
China’s national security and would store Chinese user data within the
country." The pledge also goes further, pressing for systems to be “secure
and controllable”—suggesting that companies may have to provide direct backdoors to systems for
surveillance and provide the Chinese government with source code to their
applications.
6. Unpatched
Android Lollipop devices open to lockscreen bypass bug "There's an
easy way to bypass the lockscreen in devices running Android 5.0 Lollipop - at
least those which have not yet received the latest security update. Now that
Google has released its September patch for Android Lollipop, which contained a
fix for a lockscreen bypass, a security researcher at the University of Texas
has detailed how to exploit the bug. The hack involves overloading the password
field after opening the camera app from the lockscreen."
7. 3 out of 4
organizations admit they aren't 'resilient' to cyberattacks. The survey—conducted by the Ponemon Institute —asked
more than 600 IT pros about their organizations’ “cyber resilience (The
capacity of an enterprise to maintain its core purpose and integrity in the
face of cyberattacks.)”, a mere 25% of respondents rated their organizations as highly
resilient, two-thirds of respondents
rated their organization’s ability to prevent a cyberattack as not high. And an
ever greater share—68%—graded their ability to recover from cyberattacks as not
high. In the face of cyberattacks on companies such as Sony Pictures, Hacking
Team, Ashley Madison and countless others - the self-assuredness of security
teams seems to be slipping.
8. Why is cybercrime
spreading rapidly? According to experts,
one of main reasons is ease with which hackers can launch an attack - with the
availability of Maas (Malware as a Service). Cyberattacks used to be the
exclusive domain of seasoned professional cyber-criminals, but now MaaS allows
non-professional hackers to buy or subcontract portions of complex and highly
evasive multi-stage attacks needed to build and distribute malware. This
changes the baseline of security - what was advanced last year is now basics.
IT managers need to constantly enhance a company’s security posture to counter
the continuously growing and evolving world of threats. Adopting a security
posture that protects your data across the kill chain is essential, businesses
need to move with the times and effectively protect the assets that keep them
running and reputable.
9. Idiot box no more
an idiot for Indian Army - the idiot box could be spying on you. Emergence of smart television and its rapid use in the
army have sounded the alarm bells as the army fears that these sets can be a
threat to cyber security and can leak data from sensitive locations. The Cyber
Security Division has also listed out some measures to mitigate the cyber
threat - Disable built-in cameras and microphones, Disable the location setting
feature, also web browsing through the smart TV should be avoided.
10. Darknet is full
of criminals. A darknet is an overlay
network that can only be accessed with specific software, configurations, or
authorization, often using non-standard communications protocols and ports. Two
typical darknet types are peer-to-peer connection and anonymity networks such
as TOR, which works via an anonymized series of connections. The Darknet is
also a platform for new and innovative ways to commit crime. Empowered by the
Darknet’s global reach and emboldened by the anonymity it offers, gamification
and crowdfunding of crimes like murder and human trafficking represent an
increasingly grim aspect of the Darknet.
No comments:
Post a Comment