Week in review: Hacking air-gapped computers using heat, car hacking, malware threat to virtual currencies
Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews:
New PoS malware family comes with keylogger component
Dubbed “PoSeidon,” the malware sends the collected data to a series of servers hosted mostly on Russian (.ru) domains.
Finalists announced for Innovation Sandbox at RSA Conference 2015
RSA Conference announced the 10 finalists for its annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry.
Review: Build A Security Culture
Security culture can be changed, with small steps, iterated over time. The important thing is that you know exactly what you want to achieve, and that you find a way to do it. This book will help you.
Trumping cybercriminals during tax season: Tips on how to stay safe
Each year, the IRS compiles a list of the “Dirty Dozen” tax scams, which always includes email phishing and identity theft. In 2015, other scams include phone scams, return preparer fraud, inflated refund claims and fake charities.
Scammers use Whatsapp calling feature as a lure
Survey scammers and adware peddlers continue to advantage of the interest Whatsapp users have in the quietly rolled out Free Voice Calling feature.
Cisco Small Business IP phones vulnerable to eavesdropping
Cisco has confirmed the existence of a flaw affecting its Small Business SPA 300 and 500 series IP phones that can be exploited by attackers to listen to the audio stream of the phones.
Protecting the critical infrastructure: Strategies, challenges and regulation
In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.
Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected
NanoCore, a lesser-known remote access Trojan (RAT), has recently been spotted being delivered to employees of energy companies in Asia and the Middle East via spear-phishing emails impersonating a legitimate oil company in South Korea.
Hack air-gapped computers using heat
Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called “BitWhisper” which enables two-way communications between adjacent, unconnected PC computers using heat.
Twitch forces users to reset password in wake of breach
Twitch, the popular Amazon-owned game streaming service, has apparently suffered a breach that might have resulted in the compromise of users’ personal information and password.
The average DDoS attack tripled in volume
The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014.
Old Adobe Flex SDK bug still threatens users of many high-profile sites
An old vulnerability affecting old releases of the Adobe Flex SDK compiler can be exploited to compromise user data of visitors to many popular sites, including three of most visited ones in the world according to Alexa, two researchers claim.
Four advantages of an identity behavior-based approach to cybersecurity
We can no longer continue to develop outdated and ineffective security technology. Isn’t it time to reexamine the types of products we are producing and purchasing, and rebuild the processes around them?
Multifunctional Vawtrak malware now updated via favicons
The Vawtrak (aka Snifula) multifunctional malware has been around since mid-2013. Its information-stealing, backdoor and spying capabilities deservedly earned it the description as the “Swiss army knife” of malware.
Researchers identify malware threat to virtual currencies
INTERPOL and Kaspersky Lab have identified a threat to the blockchain in virtual transactions that could result in them being embedded with malware or other illegal data.
Implementing an effective risk management framework
In today’s marketplace, almost every employee is now a content contributor. Although beneficial to the collective of information available, this influx brings about new risk.
One in three top Alexa websites is risky
Based on an analysis of the Alexa top one million sites, Menlo Security found that more than one in three of the top domains are either already compromised or running vulnerable software.
Half of all Android devices vulnerable to installer hijacking attacks
A critical Android vulnerability that has been discovered over a year ago and responsibly disclosed to Google and other Android manufacturers can be exploited by attackers to trick users into downloading malicious apps from third-party stores.
Data lurking: How to protect your company against overlooked insider threats
How can a company protect itself from an insider threat? Here are the worst internal offenders and solutions to make sure an employee doesn’t become an enemy.
Researcher finds backdoor opened by Dell’s helper app
A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by attackers to make the computer download and execute potentially malicious files.
Banks and IT security: The elements of success
In this interview, Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank, discusses how data breaches re-shaped their data protection strategies, and more.
Huge spam operation on Twitter uncovered
What does it take to execute a successful spam operation peddling diet pills of questionable effectiveness? For one spammer, it took some 750,000 fake Twitter accounts.
Behavioral biometrics: The password you can’t forget
There can be no doubt that biometrics is creeping into the consumer conscience, but are biometrics ready for the enterprise?
Car hacking made cheaper and easier
Fiddling with your car’s innards will soon become easier and cheaper than ever before, as Eric Evenchick has created and made available hardware and software design files for CANtact, an open source CAN bus tool that can be manufactured for less than $100.
Crowdsourcing your bug bounty program
In this interview, David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way.
Critical flaw in WiFi routers puts hotels and millions of guests at risk
A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered by Cylance researchers. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).