Week in review: Security tips for DevOps, and how security pros deal with cybercrime extortion
Here’s an overview of some of last week’s most interesting news, reviews and articles:
10 practical security tips for DevOps
More organizations are embracing DevOps and automation to realize compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
Review: Tresorit for Business
Tresorit for Business is a solution that, among other things, helps organizations with managing, protecting and preventing leaks of their corporate data.
Puush servers compromised to deliver malware disguised as app update
Users of screenshot-grabbing-and-easy-sharing app Puush are in danger of having their passwords stolen by malware that masquerades as the (then) latest update for the app.
Slack hacked, user database compromised
Apparently, attackers have managed to access a Slack database storing user profile information: user names, email addresses, hashed and salted passwords, and additional optional information that users have added to their profiles (for example phone number and Skype ID).
Most enterprise network teams now deal with security investigations
85 percent of enterprise network teams today are now involved with security investigations, indicating a major shift in the role of those teams within enterprises, according to Network Instruments.
Human error lead to leak of world leaders’ personal information
Personal information, passport numbers and visa details of world leaders who attended the G20 summit in Brisbane, Australia, in November 2014, have been inadvertently leaked by an employee of the Australian Department of Immigration and Border Protection.
Look where you’re going before backing up
Driving backup awareness is a good thing. Yet, simply backing up without considering the merits of the different approaches and options available is risky, and could in fact be dangerous to device performance and the availability of treasured data itself.
French, Italian users targeted with judicial-themed spam leading to malware
Trend Micro researchers are warning about a clever and very well executed email spam campaign that has been targeting and continues to target French users with the goal of infecting their machine with backdoor malware, banking malware, and ransomware.
Half of companies under DDoS attack have critical data stolen
40 percent of companies estimate hourly losses of over £100,000 at peak times during a DDoS outage, a 470 percent rise since the last Neustar survey almost a year ago.
Two feds charged for stealing Bitcoin during Silk Road investigation
Two former US federal agents have been charged with wire fraud, money laundering and related offenses for stealing digital currency during their investigation of Silk Road.
Fake “Urgent billing update” email leads to Virgin Media, Paypal phishing page
Customers of UK-based telecom and ISP Virgin Media are being targeted with a clever spam campaign that is after their account information, but also PayPal account login details and payment card information.
Users care about privacy when they know what info is collected about them
A recent study conducted by Carnegie Mellon and Notre Dame University researchers is calling attention to several interesting things. For one, mobile apps collect too much data – especially location data – too often. Secondly, users get better at protecting their privacy if they are offered adequate tools to do so and are “nudged” every so often to review their privacy choices.
How security pros deal with cybercrime extortion
1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files, according to ThreatTrack Security.
I don’t need friends, I have followers
Technology is changing the way in which we interact, and understanding these changes and the subconscious thought process behind unsafe actions is imperative in preventing the “Human OS” from being hacked.
WordPress sites compromised to redirect to Pirate Bay clone, exploit kit
Malwarebytes researchers have spotted another malware delivery campaign that uses compromised WordPress sites to redirect users to a page hosting an exploit kit.
Crypto ransomware sightings and trends for Q1 2015
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware.
Cyber threat intelligence: Perception and use
Most companies believe threat intelligence is essential for a well-rounded cybersecurity defense and has proven effective in stopping security incidents.
Feds subpoena Reddit for info on DarknetMarkets subreddit users
A US Immigrations and Customs Agency (ICE) special agent has recently issued a subpoena to popular social news site Reddit, asking them to share the information they might have on five users that have been active in the site’s DarknetMarkets subreddit.
How vulnerable is our critical national infrastructure?
Information technology has evolved significantly in just the past decade, yet most critical infrastructure technology is based on embedded hardware and proprietary protocols that predate the Internet.
US to enact sanctions against foreign cyber attackers
This new executive order will allow the Secretary of the Treasury (in consultation with the Attorney General and the Secretary of State) to effectively freeze any assets these individuals or groups might have in the US, and make it harder for them to do business with US-based companies, including US-based financial institutions.
Google decides to stop trusting CNNIC certificates
In the wake of last week’s incident caused by the issuance of unauthorized digital certificates for a number of Google domains by the hands of MCS Holdings, an intermediate CA operating under the China Internet Network Information Center (CNNIC), Google has decided to make its Chrome browser no longer recognise the digital certificate issued by CNNIC as valid. Mozilla has followed suit.
Digital privacy and Internet security to intersect at Digital Rights Europe
Digital Rights Ireland, Ireland’s leading digital rights advocacy group, has gathered an expert group of Irish and international speakers for the inaugural Digital Rights Europe conference this April 15th in Dublin.
Google boots unwanted ad injector extensions from Chrome Web Store
Google is done with tolerating sneaky ad injectors and, following the results of a study they recently conducted, they removed from the Chrome Web Store 192 deceptive Chrome extensions that affected 14 million users.
Boards must up their game before the hackers claim checkmate
Why hackers are winning the arms race?