Week in review: New cyber weapon Flame, gamers under attack, and the new issue of (IN)SECURE Magazine
Here’s an overview of some of last week’s most interesting news, podcasts, videos, interviews and articles:
Privacy trends affecting security
In this podcast recorded at the RSA Conference 2012, Gant Redmon, VP of Business Development and General Counsel at Co3 Systems, talks about future privacy laws and trends affecting security.
How to remove the backdoor from ZTE’s Score M smartphone
The existence of the recently discovered vulnerability in ZTE’s Score M smartphone which allows any attacker in possession of the hardcoded password to access and take over the phone has been confirmed by the Chinese handset maker.
Hack In The Box conferences
In this video, Dhillon Andrew Kannabhiran, Founder and CEO of Hack in The Box, talks about the Hack in The Box Security Conference (HITBSecConf) series. What started as a small gathering of Malaysian security specialists in 2002, has since expanded out of its home base in Kuala Lumpur to Dubai and in 2010, The Netherlands.
Trojan spyware promoted as Steam keygen
Scouring the Web for “legitimate” key generators, or keygens, is a risky business at the best of times. We make it a point that whoever the source is must have irrefutable proof that their keygen among other keygens like it is the real deal. And what better place to look for irrefutable proof than on YouTube, right? Wrong.
Monitoring employee behavior in digital environments is rising
Monitoring employee behavior in digital environments is on the rise, with 60 percent of corporations expected to implement formal programs for monitoring external social media for security breaches and incidents by 2015, according to Gartner.
What’s new in ISO 22301: How to make a transition from BS 25999-2
British Standards Institution has already decided to withdraw BS 25999-2, which had become the most popular business continuity standard, and replace it with ISO 22301. The transition period is 2 years, so all the companies that already implemented BS 25999-2 must comply with ISO 22301 by May 2014.
WikiLeaks founder Assange loses extradition appeal
While it seems that Assange, who has been confined to house arrest since having been released on bail, has no choice but to begin packing, his lawyers have been given 14 days to come up with a new tactic that could make the court reopen the case.
(IN)SECURE Magazine issue 34 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.
Dissecting modern privacy concerns
In this interview, Al Raymond, VP of Privacy & Records Management at ARAMARK Corporation, discusses the nature of identity in a digital society, the implications of over sharing on social networks, cybercrime innovation, and more.
17% of the world’s PCs are unprotected
Lack of consumer PC protection is a global problem. In a study that analyzed data from voluntary scans from an average of 27-28 million computers per month, McAfee researchers found 17% of the world is browsing the internet completely unprotected. Out of the 24 participating countries, the United States landed in the top 5 least protected.
Romanian hackers arrested for hitting government websites
Twelve individuals have been arrested across Romania for having allegedly compromised and defaced 29 websites of Romanian public institutions, and having stolen and leaked information exfiltrated from its databases.
When syncing sinks your browser
Google Chrome’s most recent version (v19) introduced a “tab sync” feature. When inspecting this feature from a security perspective we realized that a new type of threat can allow a hacker to comfortably “leap” from a compromised home computer to a work computer.
Securing the Cloud
“Securing the Cloud” is a book aimed at anyone who is considering using, building or securing a cloud implementation, but can also come in hand to executives looking to learn about the pitfalls of doing it poorly.
Tiny but deadly banking Trojan discovered
The discovery of a new banking Trojan by the researchers working for CSIS Security Group has proved that a piece of malware doesn’t have to be big and complex to get the job done.
Is Flame something that we should worry about?
Much has been said and written in the last few days since the initial discovery of the so-called Flame (SkyWiper) toolkit.
Programmer pleads guilty to US govt software source code theft
The 33-year-old Bo Zhang, legally employed by a US consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home.
Spying version of Iranian anti-censorship software found
A compromised variant of Simurgh – a stand-alone proxy software for Microsoft Windows that has been heavily used by Iranians to get around censorship since 2009, and is used now by Syrian dissidents – has been discovered by the researchers from Citizen Lab.
Gamers increasingly under attack
In this video, Christopher Boyd, Senior Threat Researcher at GFI Software, offers insight on what type of information can be extracted from a gaming console and talks about the recent Mass Effect 3 scams. The video also provides recommendations for protecting information and increasing privacy.
IE10 will have “Do Not Track” on by default
As Microsoft released the preview of the next version of its Internet Explorer browser, news that in Windows 8 the browser will be sending a “Do Not Track” signal to Web sites by default must have shook online advertising giants.
Privacy practices of the Internet’s biggest companies
The Electronic Frontier Foundation (EFF) released its “When the Government Comes Knocking, Who Has Your Back?” report, tracking some of the Internet’s biggest service providers on their public commitments to their users’ privacy and security.