Sunday, January 03, 2016

Cybersecurity News and Education for the Week of January 3, 2016


CYBERSECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP

Cyber Privacy

Google slams AVG for exposing Chrome user data with “security” plugin: A free plugin installed by AVG AntiVirus bypassed the security of Google’s Chrome browser, potentially exposing the browsing histories and other personal data of customers to the Internet. The vulnerability, demonstrated in an exploit by a Google researcher earlier this year, has now been patched after initial stumbling attempts by AVG, according to a discussion of the bug in Google’s security research discussion list. ars technica, December 30, 2015
191 Million U.S. Voter Registration Records Exposed?: A security researcher claims he’s found an Internet-connected “leaky database” that apparently is storing voter registration records for 191 million Americans. But after one week of working with others in an attempt to identify the owner of the exposed and insecure database and lock it down, no one has come forward to claim responsibility. BankInfoSecurity, December 28, 2015
Juniper Backdoor Picture Getting Clearer: The NSA’s subversion of encryption standards may have come home to roost. ThreatPost, December 22, 2015

Identity Theft

2016 Reality: Lazy Authentication Still the Norm: My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves. KrebsOnSecurity, December 28, 2015

Cyber Warning

Vishing and smishing: The rise of social engineering fraud: Most of us like to think we’re too clever to be caught out by email and telephone scams, but in fact any of us can get caught out by fraudsters. BBC, January 1, 2016
ProxyBack Malware Turns Infected Computers into Internet Proxies: Researchers have discovered a new type of malware that infects home computers and turns them into Internet proxies. Palo Alto Networks, the security company that discovered this malware, thinks users’ PCs are being used by a Russian company inside their Web proxy service. Softpedia, December 28, 2015

Cyber Attack

Juniper Devices Are Under Attack: Devices sold by Juniper Networks are being actively targeted by attackers using a hardcoded password in the technology giant’s ScreenOS firmware that researchers publicly revealed on Dec. 20 (see Who Backdoored Juniper’s Code?). BankInfoSecurity, December 28, 2015

Financial Cyber Security

Fake Android Banking Apps Stealing Credentials Via Malware: FireEye IT security firm has discovered Android malware apps that can masquerade as the most popular financial applications including world’s biggest banks. HackRead, January 1, 2016

Cyber Security Management

2016 – The Year of the Cyber Exploit: 2015 has been another ‘year of the breach’ with almost weekly compromises becoming the norm. Cyber-criminals seemed often to be one step ahead of the security industry, using an evolving arsenal of cyber-attack techniques to successfully breach networks. InfoSecurity Magazine, December 31, 2015
Cybersecurity and the Twenty-First Century Board of Directors: It’s concerning that some board experts are balking about the newly proposed Cybersecurity Disclosure Act of 2015 that would require publicly traded companies to disclose, in their investor filings with the U.S. Securities and Exchange Commission (SEC), whether any member of their board of directors is a cybersecurity expert. Rather than object to this recommendation, one would imagine that on the eve of 2016, boards of directors that don’t already have cybersecurity experts would tremble, and that their investors would run for the hills. HuffingtonPost, December 31, 2015

Cyber Security Management – Cyber Defense

The Changing Face Of Encryption: What You Need To Know Now: Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it. DarkReading, December 30, 2015
5 Tips For Getting The Most Out Of Your Firewall: Despite concerns over the effectiveness of perimeter technologies, firewalls remain a staple in the enterprise security arsenal. DarkReading, December 29, 2015
Microsoft may have your encryption key; here’s how to take it back: As happens from time to time, somebody has spotted a feature in Windows 10 that isn’t actually new and has largely denounced it as a great privacy violation. ars technica, December 29, 2015
Facebook drops Flash, adding one more reason for users to stop using it altogether: Facebook recently announced it stopped using Adobe Flash for web videos that appear on its News Feed, Pages and the embedded Facebook video player, instead deploying a video player built around HTML5. Help Net Security, December 23, 2015
Google is testing password-free logins: Infosec pros are moving beyond traditional passwords, and companies are expected to follow in the same direction. Help Net Security, December 23, 2015

Cyber Security Management – Cyber Update

Flash Player Patch Fixes 0-Day, 18 Other Flaws: Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks. KrebsOnSecurity, December 28, 2015

Secure the Village

The Rise Of Community-Based Information Security: The more vendors, service providers, and companies’ band together to fight security threats, the more difficult it will become for attacks to succeed. DarkReading, December 28, 2015

Cyber Politics

Six cybersecurity lawmakers to watch in 2016: On the heels of passing its most significant cybersecurity legislation in years, Congress is poised to tackle a slate of fresh digital issues in 2016. The Hill, December 28, 2015

Critical Infrastructure

Trains vulnerable to hackers, researchers warn: Security researchers are warning of gaping cybersecurity holes in railway systems, opening trains up to hackers, according to tech news website Motherboard. TheHill, December 30, 2015

Internet of Things

The next wave of cybercrime will come through your smart TV: Smart TVs are opening a new window of attack for cybercriminals, as the security defenses of the devices often lag far behind those of smartphones and desktop computers. PCWorld, December 28, 2015
Internet-connected homes open the door to hackers: It’s nighttime in Saudi Arabia, so we can’t see much when Aamir Lakhani hacks into a video stream. But the fact that we can see the video stream at all is startling. Cnet, December 28, 2015

Cyber Misc

The Biggest Security Threats We’ll Face in 2016: HACKERS ARE NOTHING if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they’ll patiently invest weeks and months devising new methods to do so. Wired, January 1, 2016
Happy 6th Birthday, KrebsOnSecurity!: You know you’re getting old when you can’t remember your own birthday (a reader tipped me off). Today is the sixth anniversary of this site’s launch! KrebsOnSecurity turns 6! I’m pretty sure that’s like middle age in Internet years. KrebsOnSecurity, December 29, 2015



SecurityRecruiter.com's Security Recruiter Blog