Week in review: iPhone charger, PLC, femtocells hacks, and the future of phishing
Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:
To achieve good security, you need to focus on business
In September 2001, as the Nimda computer worm devastated networks worldwide, we in IT security thought that the management will finally wake up and see how important it was to secure out networks. They would begin to pay attention to the warnings from their network security, we thought, and we would finally have the budget we needed and recognition for what we do. But, we were wrong.
Online privacy: How did we get here?
In the push for national security, the government has collected vast amounts of information as well, often without our knowledge. With the NSA leak reigniting this important debate, we take a closer look at the state of privacy in the digital age.
The future of phishing: Credit card redirection
Cyber crooks will go at great lengths to get their hand on users’ credit and debit card information.
Pinterest joins Twitter in supporting Do No Track
Do Not Track lets sites know if the visitor doesn’t want them not to collect his or her personal information via the site’s and third-party cookies, and its usefulness is somewhat limited as each site decides whether it will to honor the setting or not, and the number of sites that currently do is limited.
Hijacking ships and planes with cheap GPS spoofers and laptops
After demonstrating a successful GPS spoofing attack against a drone (UAV – unmanned aerial vehicle) last June, Cockrell School of Engineering Assistant Professor Todd Humphreys and his student research team have now proved that a GPS flaw and a few relatively cheap tools can be used to hijacks both ships and planes.
Sharp increase in blended, automated attacks
FireHost announced its latest web application attack statistics, which track the prevalence of four distinct types of cyberattacks that pose the most serious threat to businesses.
Syrian hackers target White House staffers, Reuters
The Syrian Electronic Army has managed both to hijack the official Reuters Twitter account and to compromise personal email accounts of a number of White House staffers.
Study on private vs public sector software glitches
In the private sector, software errors are causing both financial and reputational damage. A new study identified private sector businesses in the banking, retail and mobile sectors, more likely to suffer software malfunctions than public sector organizations.
Cloud Computing: Theory and Practice
Once a buzzword, cloud computing is now a part of nearly every modern IT infrastructure. Despite a variety of privacy, security and compliance concerns, companies large and small are taking advantage of cloud computing for a variety of reasons. This book offers a detailed overview of the most important aspects of cloud computing and wants to help those that need to get a grip on their large amounts of data.
How to spot and avoid SMS scams
Not all people can afford a computer, but most can a old-school mobile phone or a smartphone. This shift has not passed unnoticed by scammers, some of which have specialized in targeting mobile device users and are constantly coming up with new ways to trick them.
Canonical reveals details of Ubuntu Forums hack
Canonical has published a postmortem on the recent Ubuntu Forums hack and has shared a blow-by-blow account on how the attack was carried out.
New leaks say NSA can see all your online activities
Many credible and respectable sources have eloquently explained to the public why even metadata collection is dangerous, but now the US intelligence establishment stands to lose the little amount of credibility it still has as new documents leaked by former government contractor Edward Snowden and published by The Guardian prove that no, it’s not just metadata that the NSA gets its hands on.
Malware attacks via malicious iPhone chargers
Do you ever think twice about using someone else’s charger for recharging your iPhone? Well, you will now, as three Georgia Tech researchers have managed to install a piece of malware on an iPhone via a specially crafted charger.
All Facebook users get secure browsing by default
The feature makes sure that the information sent by the users / browsers to the company servers is always sent via the Transport Layer Security (TLS) cryptographic protocol, making it more secure if intercepted.
Keep your laptop safe while using Wi-Fi hotspots
Surfers can lose sensitive information to hackers in a bewildering variety of ways – especially if they access the Wi-Fi networks available in public locations.
Snowden given asylum by Russia, leaves Moscow airport
This new development was confirmed both by Anatoly Kucherena, his legal representative in Russia, and by Wikileaks via their Twitter feed.
Researchers hack femtocells, record mobile phones’ calls, SMS traffic
Intercepting voice calls, SMS messages, and web traffic coming and going from a target’s mobile phone may be as simple as waiting for his phone to associate to a hackable femtocell and then use it to spy on him or even clone his device, iSEC researchers warned in a demonstration at the Black Hat conference.
Techniques malware authors use to evade detection
FireEye released a new report that reveals several techniques used by advanced malware to sidestep signature-based defenses during attacks.
Cybergangs alter infrastructure abuse techniques
Phishing attack frequency declined 20 percent from Q4 2012 to Q1 2013, due to a precipitous drop in virtual server phishing attacks.
Engineers demonstrate PLC hack on mock oil rig
Each new exploitable SCADA vulnerability is given due attention, especially when they are discovered by engineers from a prominent technology and software provider for the energy sector like Cimation, whose clients include giants like Shell and Chevron.
FBI uses malware to spy on suspects via their phones
Former US officials have revealed that the FBI has been using mobile malware to compromise suspects’ Android-based phones to record conversations happening in the presence of the device and to exfiltrate data from it that might offer more insight into the suspects’ potential criminal activities.
ZeroAcces rootkit dominates, adds new persistence techniques
The ZeroAcces (or Sirefef) rootkit ropes the infected computer into a huge peer-to-peer botnet that is currently being used for click fraud and Bitcoin mining. The rootkit is also capable of downloading additional malware.
FBI announces cyberattack-reporting portal for private sector companies
The US FBI has launched iGuardian, an online portal for private sector companies that allows them to easily and consistently report to the Bureau any cyber threat or attack they are targeted with.