Week in review: NSA taps Google and Yahoo, breaking game console security, phone calls more dangerous than malware
Here’s an overview of some of last week’s most interesting news and articles:
ISO 27001 standard benefits, implementation tips and security controls
Dejan Kosutic is an expert in information security management and business continuity management. In this interview he talks about the key changes in the ISO 27001: 2013 revision, the new security controls, mandatory documentation, implementation challenges, and much more.
Visual investigations of botnet command and control behavior
One of the classic debates in computer science concerns whether artificial intelligence or virtual reality is the more worthwhile pursuit. This debate has considerable relevance for the world of computer security. However, sophisticated attackers have proven that they can effectively outsmart our machines.
A primer on breaking game console security
Are you interested to learn about the delicate hacks and tricks that go on behind the curtains of the scene better known as the console hacking scene? In this podcast recorded at the Hack In The Box 2013 conference in Kuala Lumpur, independent security researcher Peter “blasty” Geissler talks about breaking the DRM systems of various video gaming machinery and offers practical tips for those interested in trying their hacking skills on their own consoles.
Researchers sinkhole several Cryptolocker C&Cs
According to Kaspersky Lab researchers, the malware’s encryption scheme has yet to be cracked and the question still is whether it can be.
Free eBook: Tokenization for Dummies
In today’s ever-evolving technological landscape, the data that defines and drives your business is increasingly susceptible to corruption and theft. Can your company survive a breach of your sensitive data? Read this free eBook and find out.
Characteristics of effective security leaders
A new IBM study of security leaders reveals that they are increasingly being called upon to address board-level security concerns and as a result are becoming a more strategic voice within their organizations.
Buffer hacked, customer accounts misused to send out spam
Buffer, the popular online service for managing one’s social media presence by scheduling posts on Twitter, Facebook and LinkedIn, has announced on Saturday that they have been hacked, which resulted in a barrage of spam posts being sent out on behalf of some users.
UK man indicted for hacking US govt networks, stealing confidential data
The New Jersey U.S. Attorney’s Office has charged an alleged hacker in the United Kingdom with breaching thousands of computer systems in the United States and elsewhere – including the computer networks of federal agencies – to steal massive quantities of confidential data.
Cloud-based service provides anonymous reporting
LockPath released the Anonymous Incident Portal (AIP), a cloud-based service that lets users securely and anonymously report incidents, complaints, violations and more. The offering lets users submit information to their company first before reporting it to the Security and Exchange Commission (SEC), allowing the company to manage incidents internally before they become public.
93% of firms increasing cyber-security investments
93% of companies globally are maintaining or increasing their investment in cyber-security to combat the ever increasing threat from cyber-attacks, according to a new survey released by EY (Ernst & Young).
The future? Big data and intelligence driven security
In his opening keynote at RSA Conference Europe this morning in Amsterdam, Art Coviello, Executive Chairman, RSA, The Security Division of EMC, talked about the present and offered us a view of the future based on the trends we’re seeing today.
Photoshop source code stolen, 38M users affected in Adobe hack
Remember the successful attack against Adobe’s networks made public earlier this month? Well, as it turns out, the damage is larger than initially thought.
Syrian hackers hijack Obama’s tweets
The Syrian Electronic Army has apparently managed to modify tweets from Barack Obama’s official Twitter account to include links to a pro-Assad video, as well as compromise the email accounts of eight staff members of the organization that maintains his official website, and Facebook and Twitter accounts.
Russia handed malware-laden devices to G20 delegates?
At the G20 summit held near St. Petersburg in September, attending delegates representing the 20 most powerful nations in the world have been handed gifts that included malware-laden USB drives and specially crafted mobile phone chargers able to steal information, it is claimed in a report published by Italian daily newspaper La Stampa.
Control system security: safety first
Every large utility, pipeline, refinery and chemical plant has a cyber security program, but most are IT-centric. While we have seen few large-scale cyber attacks in these industries, IT-style defenses invite such attacks. Cyber-sabotage is a real threat and it will take more than yesterday’s firewall-level protections to ensure the safety and reliability of today’s industrial sites.
When the phone call is more dangerous than malware
During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don’t bode well for businesses.
Obama orders NSA to stop spying on UN diplomats
here is nothing wrong with spying on foreign national leaders, even when they are allies, said NSA head General Keith Alexander and NI director James Clapper at a hearing before the US House Select Intelligence Committee on Tuesday.
Microsoft details risks of running unsupported software
Microsoft published their Security Intelligence Report (SIR) volume 15, which analyzes threat intelligence from more than 1 billion systems worldwide to provide in-depth perspectives on exploits, vulnerabilities and malware to help customers manage risk.
Counterfeit money detector easily hacked to accept fake money
A lot of simple electronic devices that we use every day can be easily hacked, because security has for a long time been at the very bottom of the list of things to care about when creating them. Ruben Santamarta, Principal Security Consultant at IOActive and obviously a hacker at heart, has recently decided to analyze the security of Secureuro, a counterfeit money detectors that is used widely in Spain in placed where cash is accepted.
The threat within: How SMEs can protect themselves from light-fingered staff
It hasn’t been an easy time for small businesses. Where once cybercriminals shunned SMEs in favour of larger corporates, the threat landscape has changed drastically in recent years.
NSA taps cables connecting Google and Yahoo data centers
The US NSA and its UK counterpart GCHQ have collaborated in tapping the overseas fiber-optic cables used by Google and Yahoo to exchange data stored in their many data centers in the US and abroad, and have been slurping all the information passing through them.
Lavabit and Silent Circle to create email impervious to snooping
The founders of recently shut down encrypted email service Lavabit and encrypted communications firm Silent Circle have announced the creation of the Dark Mail Alliance, a non-profit organization whose goal will be to develop a private end-to-end encrypted alternative to email as we know it.
Security misconceptions among small businesses
More than 1,000 SMBs participated in a joint McAfee and Office Depot survey last month, and the majority (66 percent) felt confident that their data and devices are secure and safe from hackers, with 77 percent responding that they haven’t been hacked. The results are at odds with industry research that has revealed these same businesses are prime targets of complex and evolving cyber threats.
US Senate committee backs law to continue phone-record collection
A few days after a bill seeking to end the government’s dragnet collection of phone records has been introduced by US Senator Patrick Leahy and Congressman Jim Sensenbrenner, the Senate Intelligence Committee has approved the FISA Improvements Act.