Tuesday, January 9, 2018

iNews - Around The World This Week

1)     Breach of India's Biometric Database Puts 1 Billion Users at Risk – A breach of the Unique Identification Authority of India's Aadhaar biometric system is putting personally identifiable information (PII) of more than 1 billion Indian residents at risk, reports the Tribune, an Indian publication. Attackers created a gateway to the biometric database, in which any Aadhaar user's ID number can be entered into a portal, the Tribune reports. Once the number is entered, it will pull up the resident's name, address, postal code, photo, phone number, and email address, according to the Tribune.

2)     Google Apps Script vulnerability could lead SaaS apps to download malware – Google Apps Script is vulnerable to exploits that could allow malware to be delivered via URLs. Attackers could automatically download arbitrary malware hosted in Google Drive to a machine -- and the victim would have no idea it was happening. This type of attack is different from phishing and malware distribution via links to Google Drive URLs, which are fairly common. These normally involve sending a Microsoft Office doc, which is enabled to run macros when the user gives permission.

3)     Android malware targets bitcoin, bank apps, including SBI, HDFC, Axis Bank: Report - If you are using banking or cryptocurrency apps on your mobile phone, you need to read on. An Android Banking Trojan called Flash Player has affected over 232 banking apps, many of which are mobile apps of prominent Indian public as well as private banks. Android mobile phone users having third party app stores - an online app market to install apps, just like Google Play but not owned by Android OS or Google - run the risk of accidentally downloading this malware, putting confidential security details like netbanking customer id and password at risk. Links to download this can also come through spam emails or SMS.

4)     Enterprise machine learning will double and jump start business growth and adoption, Deloitte predicts – Machine learning will intensify amongst medium and large-sized enterprises, doubling the number of implementations and pilot projects using machine learning technology in 2018 compared to last year, and then doubling again by 2020. According to Deloitte’s Technology, Media and Telecommunications (TMT) Predictions, advancements in machine learning technology include data science automation and a reduced need for training data as well as new chips in both data centers and mobile devices. The advancements will help establish the foundation, which will over the near term make machine learning mainstream across industries where organizations have limited talent, infrastructure and data to train models.

5)     Payment system, network security under RBI radar - The Reserve Bank of India has again flagged cyber risks faced by banks and said it would continue to do surprise drills and inspections to ensure that they have systems in place to deal with any threats to payment systems and network security. While the assessment is factored in the overall risk profile of a bank under risk-based supervision, certain specific areas like payment systems and network security are proposed to be subjected to more intensive scrutiny during the year.

6)     Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers – Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM. Everything from smartphones and PCs to cloud computing affected by major security flaw found in Intel and other processors – and fix could slow devices.

7)     Behavioral biometrics will replace passwords by 2022 – In just a few years, we can all safely forget those cumbersome passwords we use to secure and unlock our devices. And we will be able to thank on-device artificial intelligence (AI) for easing the strain on our memory. Smartphones will be an extension of the user, capable of recognizing them and predicting their next move. Gartner analysts believe on-device AI, as opposed to cloud-based AI, will mark a paradigm shift in digital security, and will do so sooner than most people think.

8)     SplashData reveals the worst passwords of 2017 and they're still astonishingly terribleAfter trawling through the more than five million passwords that have leaked over the past year, mostly in North America and Western Europe, the California-based company said any one of the passwords included in its list of 100 worst passwords of the year would put users at "grave risk" of identity theft. For the fourth year in a row, "123456" took the top spot as the worst password of the year followed by "password". Naturally, variations of these two such as extra digits or replacing the "o" with a "0" (zero) in "password" were also included in the list.

9)     The Future of Seamless Hybrid Clouds – In a world that appears to be dominated by clouds -- both public and private -- the underlying infrastructure that provides connectivity becomes largely invisible to users. Indeed, one of the major promises of cloud is that the pools of resources that power the cloud can reside anywhere, are elastically available, and are dynamically adjusted to accommodate the fluctuating needs of the applications they power. The cloud is already a fractured marketplace, a situation that will only get worse. As cloud becomes more mainstream for enterprises, they will each focus on the things that make themselves attractive. If we assume for a moment that each of them will have some success, the likelihood that enterprises end up putting all of their resources into a single cloud seems low.

Bitcoin price rise could lead to smart home attacks and higher bills, cyber security expert warns – People’s homes could come under attack as a consequence of bitcoin’s price surge, a cyber security expert has warned. “Cryptojacking” incidents, in which people’s devices are quietly hijacked and forced to mine digital currencies for other people, are on the rise. “Any device that is ‘smart’ now has the three key ingredients to provide the cyber bad guy with everything they need – internet access, power and processing.

No comments:

Post a Comment