Week in review: 1.2B Web credentials stolen, Google Search prioritizes HTTPS websites, and how to foil SynoLocker
Posted on 11 August 2014.
Here's an overview of some of last week's most interesting news, articles and interviews:


How secure are today's critical networks?
In this interview, Dr. Lutz Jšnicke, CTO at Innominate Security Technologies, illustrates the security of critical networks, the regulatory mandates for organizations in the critical infrastructure sector, and showcases the building blocks of a robust security appliance aimed at critical networks.

Thousands of Mozilla developers' emails, passwords exposed
Email addresses and encrypted passwords of tens of thousands of Mozilla developers were accidentally exposed and might have been harvested by malicious individuals.

New game sharpens secure coding skills
Checkmarx launched Game of Hacks, a challenging game for software developers and security professionals to test their application hacking skills, improve their code security know-how and facilitate better security practices in hope of reducing the amount of vulnerabilities in their applications.

eBook: Advanced Malware Exposed
Advanced Malware Exposed is a must read for anyone who wants to understand and protect against advanced, persistent threats who are using this new generation of highly sophisticated advanced malware. This eBook provides a broad overview on the major aspects of advanced malware, its underpinnings, its impact on modern business practices, and briefly suggests possible solutions.

China bans Symantec, Kaspersky software from govt systems
Symantec and Kaspersky Lab have become the latest victims of Chinese government's procurement agency's axe as the two firms have been dropped from the approved list of security software suppliers.

iOS security myths and threats
In this interview, Zuk Avraham, CEO of Zimperium, talks about iOS security myths and threats, discusses the difficulties in exploring iOS security vs. "breaking" Android and offers advice to those managing a variety of iOS devices in a large organization.

How to foil SynoLocker and minimize the damage
Synology NAS users are being targeted with SynoLocker, a customized version of the Cryptolocker ransomware, which encrypts the files contained on the devices and asks 0.6 BitCoin ($350) for the decryption key. Read what you can do if your device has been infected and what to do to prevent the infection from happening in the first place.

DDoS attack volumes plummet as NTP servers got patched
In contrast, traditional multi-vector attacks against servers and websites have resurfaced as the most frequent, severe threat to enterprises and service providers.

Teen researcher publishes PayPal 2FA bypass exploit
Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal's two-factor authentication feature.

Cyber gang steals 1.2 billion Web credentials
A Russia-based cyber criminal group has managed to accumulate 1.2 billion unique online login credentials by compromising databases of over hundreds of thousands websites and FTP locations, claim researchers from Wisconsin-based Hold Security.

92% of brands fail email security test
The overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged.

US govt is after another secret document leaker
It is this leaker that provided secret and classified documents that formed the basis of The Intercept's latest story about the US governmentís Terrorist Screening Database.

Free service helps CryptoLocker victims get their files back
DecryptCryptoLocker is available globally and does not require users to register or provide contact information.

Photo gallery: Black Hat USA 2014 Business Hall
A peek at the "business" part of the Black Hat conference. Also here.

Symantec issues update fixing Endpoint Protection zero-day
Symantec has issued updates for its Endpoint Protection solution that fix the zero-day escalation of privilege vulnerability recently discovered by Offensive Security researchers.

US DHS contractor gets hacked
USIS, the largest commercial provider of background investigations to the US federal government, has announced that it has suffered a breach that might have resulted in the compromise of personal data of federal employees.

Google: Websites using HTTPS will get better search rankings
Websites that don't use HTTPS will be ranked lower in Google Search results, the web giant has announced on Wednesday.

Snowden allowed to stay in Russia for three more years
NSA whistleblower Edward Snowden has been permitted to stay in Russia for another three years, and is free to travel within the country and abroad.

CIAís venture firm CISO offers singular solutions for cyber problems
In a eclectic keynote delivered to the Black Hat conference audience, Dan Geer, CISO at In-Q-Tel, made known his thoughts on and ideas about a number of things: from Internet voting to vulnerability finding, from net neutrality to the right to be forgotten.

Critical bug in WordPress plugin allows site hijacking
A popular WordPress plugin that allows site owners to easily customize the contact form has a critical vulnerability that can be exploited to download and remotely modify the site's database, and gain access and control of the site - no account or authentication needed.

Yahoo will offer end-to-end mail encryption by 2015
At Black Hat in Las Vegas on Thursday, Yahoo CISO Alex Stamos has announced that the company will be implementing end-to-end encryption for Yahoo Mail, and will do so by using a modified version of the End-to-End browser plugin created by Google.

Five steps to take to protect your passwords
A report issued this week claimed that a Russian cybercrime group stole 1.2 billion usernames and passwords from 420,000 websites. While some security experts question the reportís findings, Symantec asserts the potential threats are important to take seriously, and recommends consumers take five steps now to protect their most sensitive password protected information.

Serious flaws in cell phone carrier control software found
Two Accuvant researchers have disclosed serious security flaws in the carrier control software used in over 2 billion cellular devices across platforms and carriers. The vulnerabilities discovered by the pair impact Android, Blackberry and a small number of iOS-based devices, with risk varying by carrier and device make and model.





Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //