Week in review: Security experts discuss Apple Pay, Salesforce hit with targeted attack
Here’s an overview of some of last week’s most interesting news, podcasts, reviews and articles:
Mobile forensics in a connected world
In this interview, Andrew Hoog, CEO of viaForensics, talks about the forensic examination of mobile devices, the challenges involved with testifying at trials, and offers advice to those interested in working in the mobile security forensics field.
Review: Bulletproof SSL and TLS
Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice – all in one place.
Salesforce users hit with malware-based targeted attack
Global cloud-based CRM provider Salesforce has sent out a warning to its account administrators about its customers being targeted by the Dyreza malware.
Typical home to contain 500 smart devices by 2022
Gartner said that the smart home will be an area of dramatic evolution over the next decade and will offer many innovative digital business opportunities to those organizations who can adapt their products and services to exploit it.
Surge in cyberattacks targeting financial services firms
The survey also found that 82% of businesses would consider leaving a financial institution that suffered a data breach and that 74% of companies choose a financial organization according to their security reputation.
Review your Facebook privacy settings with Privacy Checkup
Facebook’s Privacy Checkup tool – informally dubbed “Privacy Dinosaur” – has been made available for use to all users of the popular social network.
Why open source and collaboration are the future of security
In this podcast recorded at Black Hat USA 2014, Greg Martin, CTO at ThreatStream, talks about why open source and collaboration are the key drivers of information security innovation. He raises an important question – what will happen if we don’t start actively sharing information?
Whitepaper: 5 steps to improve your network’s health
No network can be 100% secure. But diligently adhering to a simple plan can dramatically improve network security and enhance protection against new malware. This whitepaper introduces five recommended steps for building a methodical network auditing and patching process.
Blackphone security issues and vulnerabilities unveiled
Blackphone, the carrier- and vendor-independent smartphone that was created with the goal of placing privacy and control directly in the hands of its users, is not without its flaws, the Bluebox Security team discovered while reviewing it.
FBI’s account of locating Silk Road’s server disputed by researchers
Nik Cubrilovic says the explanation doesn’t ring true. For one, the Silk Road image CAPTCHA was hosted on the same server and at the same hidden URL as the Silk Road website, he claims, and this particular fact created problems for Silk Road in the past.
Home Depot breach confirmed, stolen info used to change PINs, collect money
The breach could impact any customer that has, from April forward, used the their payment card at the company’s US and Canadian stores. Customers who shopped online at HomeDepot.com and those who shopped in the company’s Mexican stores will likely not be affected.
Whitepaper: A non-geek’s Big Data playbook
This paper examines how a non-geek yet technically savvy business professional can understand how to use Hadoop – and how it will impact enterprise data environments for years to come. The paper serves as a playbook that demonstrates six common “plays” that illustrate how Apache Hadoop can support and extend the Enterprise Data Warehouse (EDW) ecosystem.
Researchers unlock TorrentLocker encryption
A team of Finnish researchers has discovered that the files encrypted by the recently unearthed TorrentLocker ransomware can be decrypted without paying the ransom – if the user has at least one of the encrypted files backed up somewhere, and that file is over 2MB in size.
5 key things to consider when developing an enterprise mobility management strategy
Imagine this situation: Bob, the VP of Sales, loses his smartphone on the train. There are two major issues. The device is lost and sensitive company information may be exposed. Additionally, the user has to notify the IT Department to track and wipe the device. How can the exposure of sensitive company data and the negative impact on productivity be minimized?
How a large ISP fights DDoS attacks with a custom solution
We often hear about attacks against websites, most of which are mitigated by one of the many DDoS mitigation services available on the market. What I always wondered was how the big guys tackle these attacks. What weapons can an ISP bring to the battleground?
Microsoft refuses to hand over emails stored in Ireland, held in contempt by judge
Microsoft has urged US District Judge Loretta Preska, the judge presiding over the case that sees the company refusing to hand some emails stored in its Dublin facility over to the US government, to find them in contempt. The request, made both by the company and the government, was granted and allows Microsoft to immediately appeal Judge Praska’s last year’s ruling.
Apple built multi-factor authenticated payment in the right order
In the UK we’re moving back towards single-factor payments: contactless payments that use only the card itself. Apple has solved the two factors problem, and part of their solution revolves around the order they rolled it out.
Researchers find malicious extensions in Chrome Web Store
Earlier this year, Google has made it so that extension that are not hosted on the Chrome Web Store can’t be installed and used by users of its popular browser. This move was meant to protect users, and its efficiency is based on the premise that no overtly or potentially malicious extensions will manage to get accepted and find their way to Google’s store. Alas, the method is not foolproof.
What security experts think about Apple Pay
Apple announced Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.
Massive Gmail credential leak is not result of a breach
They urged users to use a strong, unique password for their Google account, and to consider 2-step verification to increase its security.
Using thermal imaging for security
Do you work in counter surveillance or physical penetration testing? The physical security field in general? If yes, have you considered using a thermal imaging camera to help you in your work?
Are free file storage solutions a safe bet for businesses?
While there is no inherent flaw with free file storage services such as Dropbox, these services cannot be trusted to actually secure files. As such, any firm looking to make use of such solutions should first carefully consider the associated risk of storing sensitive data in an insecure environment and the detrimental effect that this could have on the organization in the long term.
Yahoo’s fight against US govt secret surveillance revealed
Unsealed documents from Yahoo’s challenge to the expansion of US surveillance laws in 2007 and 2008 have shown how the company was ultimately made to comply to the US government’s demand for user information.
Home Depot and Target attackers likely not the same
More details about the malware used in the Home Depot breach have surfaced, and it seems that, after all, it wasn’t the one used in the Target breach (BlackPOS).
Securing virtual machines: Considerations for the hybrid cloud
Many people don’t realize that a majority of today’s data security solutions were designed for physical ecosystems rather than virtual environments. New technologies are needed to address concerns for hybrid cloud security, providing assurances that cloud-hosted workloads are protected from other tenants, outside threats, and cloud administrators. In this article, we’ll look at several important considerations for assessing a security solution for your hybrid cloud environment.