1) Breach
of India's Biometric Database Puts 1 Billion Users at Risk – A breach of
the Unique Identification Authority of India's Aadhaar biometric system is
putting personally identifiable information (PII) of more than 1 billion Indian
residents at risk, reports the Tribune, an Indian publication. Attackers
created a gateway to the biometric database, in which any Aadhaar user's ID
number can be entered into a portal, the Tribune reports. Once the number
is entered, it will pull up the resident's name, address, postal code, photo,
phone number, and email address, according to the Tribune.
2) Google
Apps Script vulnerability could lead SaaS apps to download malware –
Google Apps Script is vulnerable to exploits that could allow malware to be
delivered via URLs. Attackers could automatically download arbitrary malware
hosted in Google Drive to a machine -- and the victim would have no idea it was
happening. This type of attack is different from phishing and malware
distribution via links to Google Drive URLs, which are fairly common. These
normally involve sending a Microsoft Office doc, which is enabled to run macros
when the user gives permission.
3) Android
malware targets bitcoin, bank apps, including SBI, HDFC, Axis Bank: Report
- If you are using banking or cryptocurrency apps on your mobile phone, you
need to read on. An Android Banking Trojan called Flash Player has affected
over 232 banking apps, many of which are mobile apps of prominent Indian
public as well as private banks. Android mobile phone users having third party
app stores - an online app market to install apps, just like Google Play but
not owned by Android OS or Google - run the risk of accidentally downloading
this malware, putting confidential security details like netbanking customer id
and password at risk. Links to download this can also come through spam emails
or SMS.
4) Enterprise
machine learning will double and jump start business growth and adoption,
Deloitte predicts – Machine learning will intensify amongst medium and
large-sized enterprises, doubling the number of implementations and pilot
projects using machine learning technology in 2018 compared to last year, and
then doubling again by 2020. According to Deloitte’s Technology, Media and
Telecommunications (TMT) Predictions, advancements in machine learning
technology include data science automation and a reduced need for training data
as well as new chips in both data centers and mobile devices. The
advancements will help establish the foundation, which will over the near term
make machine learning mainstream across industries where organizations have
limited talent, infrastructure and data to train models.
5) Payment
system, network security under RBI radar - The Reserve Bank of India
has again flagged cyber risks faced by banks and said it would continue to do
surprise drills and inspections to ensure that they have systems in place to
deal with any threats to payment systems and network security. While the
assessment is factored in the overall risk profile of a bank under risk-based
supervision, certain specific areas like payment systems and network
security are proposed to be subjected to more intensive scrutiny during the
year.
6) Meltdown
and Spectre: ‘worst ever’ CPU bugs affect virtually all computers –
Serious security flaws that could let attackers steal sensitive data, including
passwords and banking information, have been found in processors designed by
Intel, AMD and ARM. Everything from smartphones and PCs to cloud computing
affected by major security flaw found in Intel and other processors – and
fix could slow devices.
7) Behavioral
biometrics will replace passwords by 2022 – In just a few years, we can
all safely forget those cumbersome passwords we use to secure and unlock our
devices. And we will be able to thank on-device artificial intelligence (AI)
for easing the strain on our memory. Smartphones will be an extension of the
user, capable of recognizing them and predicting their next move. Gartner
analysts believe on-device AI, as opposed to cloud-based AI, will mark a
paradigm shift in digital security, and will do so sooner than most people
think.
8) SplashData
reveals the worst passwords of 2017 and they're still astonishingly terrible
– After trawling through the more than five million passwords that have
leaked over the past year, mostly in North America and Western Europe, the
California-based company said any one of the passwords included in its list of
100 worst passwords of the year would put users at "grave risk" of
identity theft. For the fourth year in a row, "123456" took the
top spot as the worst password of the year followed by "password".
Naturally, variations of these two such as extra digits or replacing the
"o" with a "0" (zero) in "password" were also
included in the list.
9) The
Future of Seamless Hybrid Clouds – In a world that appears to be
dominated by clouds -- both public and private -- the underlying infrastructure
that provides connectivity becomes largely invisible to users. Indeed, one of
the major promises of cloud is that the pools of resources that power the cloud
can reside anywhere, are elastically available, and are dynamically adjusted to
accommodate the fluctuating needs of the applications they power. The cloud
is already a fractured marketplace, a situation that will only get worse.
As cloud becomes more mainstream for enterprises, they will each focus on the
things that make themselves attractive. If we assume for a moment that each of
them will have some success, the likelihood that enterprises end up putting all
of their resources into a single cloud seems low.
No comments:
Post a Comment