Week in review: Target breach reaction fail, WordPress sites exploited in DDoS attack
Here’s an overview of some of last week’s most interesting news, podcasts, videos, interviews and articles:
Latvia establishes a Cyber Defence Unit
The newly established unit is part of the voluntary military organization National Guard of Latvia, and currently consists of 13 cyber security experts drawn from both the private and public sector.
Is your browser a user agent, or a double agent?
Mike Shema, Director of Engineering at Qualys, discusses how privacy shouldn’t be an afterthought in the browser.
Hackers dox Mt. Gox CEO, say they have proof of fraud
News about what actually happened in the days leading up to the Mt. Gox Bitcoin exchange filing for bankruptcy are few and far between, and some of its customers are losing their patience, especially when there is no record in the Bitcoin blockchain of the allegedly stolen 850,000 bitcoins moving.
Whitepaper: VoIP vulnerabilities
Are you thinking of switching to or investing in a VoIP system for your company? This whitepaper will honestly and succinctly assess the vulnerabilities associated with VoIP systems and then provide you with security guidelines for avoiding security threats during use.
Malware peddlers are trying out different exploit kits
Websense researchers have been following several recent email spam campaigns targeting users of popular services such as Skype and Evernote, and believe them to be initiated by the infamous ru:8080 gang.
Big Data security and privacy challenges
In this interview, Leighton Johnson, CTO, Senior Security Engineer for Information Security and Forensics Management Team (ISFMT), talks about how Big Data is transforming the way organizations deal with information security threats, offers tips for those interested in taking advantage of Big Data, and much more.
Understanding the top 20 Critical Security Controls
Wolfgang Kandek, CTO at Qualys, talks about the 20 Critical Security Controls, which outline a practical approach to implementing security technologies by providing proven guidelines for protecting IT environments.
Video: Edward Snowden on privacy and technology
Edward Snowden speaks about privacy and technology with the ACLU’s Ben Wizner and Christopher Soghoian at SXSW Interactive.
Protecting data against unwanted surveillance
In this podcast recorded at RSA Conference 2014, Jason Sabin, VP of Research & Development at DigiCert, discusses how SSL is the most important defense against unwanted surveillance, but it must be properly implemented.
Do organizations care about data protection?
Most consumers just don’t believe that the personal and financial data they submit to corporations is safe
Over 162,000 WordPress sites exploited in DDoS attack
Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a plea for help from a popular WordPress site. The site was downed first by a DDoS, and then, when it went on for a while, by their hosting firm.
Marcus Ranum on security innovation and Big Data
Marcus Ranum, CSO at Tenable Network Security, is an expert on security system design and implementation. In this interview he talks about the evolution of Big Data and true innovation in the computer security industry.
Account-hijacking Trojan spreads via Facebook messages
Private messages delivering what seems to be an image are spreading like wildfire on Facebook, as the file in question triggers the download of a Trojan that compromises the victims’ computer and Facebook account to spread the malware further.
Two-factor authentication with Duo Security
In this podcast recorded at RSA Conference 2014, Zach Lanier, Senior Security Researcher at Duo Security, talks about two-factor authentication with Duo Security.
How do the top 100 UK ecommerce sites deal with personal data?
Dashlane assessed the password security procedures on the Top 100 e-commerce sites by examining 26 different password security criteria and awarding/docking points depending upon whether sites follow good security practice or encourage risks.
Head of Senate Intelligence Committee accuses CIA of spying on Senate
The long awaited reprimand of the US intelligence community by Senator Dianne Feinstein, the head of the Senate Intelligence Committee, happened yesterday, but not for the reasons privacy advocates hoped for.
Whatsapp flaw could reveal all your past conversations
The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card.
Facebook security and privacy pitfalls
In this interview, Andrei Serbanoiu, Online Threats Researcher at Bitdefender, discusses Facebook security and privacy pitfalls, the dangers of sharing on the social network, and offers insight for CISOs.
How to protect against unauthorized spying
Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, discusses how Edward Snowden exposed intelligence operations that have performed unauthorized spying.
Rbrute Trojan hacks Wi-Fi routers to help spread Sality
Researchers have recently analyzed a Trojan that hacks Wi-Fi routers in order to facilitate the spreading of the infamous Sality malware family.
High-bandwidth NTP amplification DDoS attacks escalate
This attack method has surged in popularity this year, fueled by the availability of new DDoS toolkits that make it simple to generate high-bandwidth, high-volume DDoS attacks against online targets.
EC-Council discloses hack of customer email accounts
The International Council of Electronic Commerce Consultants (EC-Council), an organization that provides training and certifications for security professionals, has finally shared some more details about how their website was defaced in February.
The role of identity in responding to the threat environment
Information is being stolen at an industrial scale while the landscape in which organizations are operating is becoming increasingly complex with trends such as cloud computing, mobility, BYOD and Big Data. In this podcast recorded at RSA Conference 2014, Geoff Webb, Director of Solution Strategy at NetIQ, talks about the intricacies of securing such a complicated landscape and the key is understanding the role of identity.
Top 4 security controls: Do your PCs make the grade?
In this podcast recorded at RSA Conference 2014, Wolfgang Kandek, CTO at Qualys, talks about a new free service that help organizations implement the Top 4 Critical Security Controls to fend off attacks.
Moving to the SHA-2 hashing algorithm
Jay Schiavo, Director of Products and Markets at Entrust and a member of the CA Security Council, discusses why web server administrators will have to make plans to move from SSL and code signing certificates signed with the SHA-1 hashing algorithm to those signed with SHA-2.
Beware of well-executed Google Docs phishing scam
An extremely convincing phishing spam campaign is currently targeting Google Docs and Google Drive users.
Pwn2Own 2014 ends, $850k distributed to successful hackers
Day two of the Pwn2Own hacking contest at the CanSecWest Conference in Vancouver has ended with Safari, Internet Explorer, Firefox, Chrome and Flash going down.
Building management security
In this podcast recorded at RSA Conference 2014, Terry McCorkle, Product Manager, Vulnerability Management, Qualys, discusses flaws in building management security that most people are not aware of, and outlines some of the vulnerabilities you should be watching for in your environment.
Target failed to act on malware alerts and signs of breach
The massive Target data breach could have easily been prevented if only its IT team had the good sense to thoroughly check out the alerts it received from the $1.6 million malware detection tool by FireEye that was deployed less than a year before the breach.
As the World Wide Web turns 25, bots reign supreme
As the World Wide Web turns 25, we’ve just had another reminder of how far we’ve come.
“Malaysian Airlines flight MH370 found” video is a scam
Cyber scammers are misusing the public’s interest in the fate of the recently disappeared plane on Malaysia Airlines flight MH370 to lure users into filling in online surveys and downloading malware.