Week in review: TLS security, malicious Tor exit nodes, how to find a free, secure proxy service
Here’s an overview of some of last week’s most interesting news, podcasts, reviews and articles:
Penetration Testing With Raspberry Pi
Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how.
How to evaluate the efficiency of a Data Loss Prevention solution
How do you measure the Return of Investment on Data Loss Prevention (DLP) technologies? How do you know that your DLP solution is efficient? In this podcast recorded at Infosecurity Europe 2015, Angela Lepadatu, Marketing Coordinator at CoSoSys, gives you some ideas on how to determine if your chosen Data Loss Prevention solution is useful.
eBook: Cybersecurity for Dummies
APTs have changed the world of enterprise security and how networks and organizations are attacked. Controlling these threats requires multiple security disciplines working together in context. While no single solution will solve the problem of advanced threats on its own, next-generation security provides the unique visibility and control of, and the true integration of, threat-prevention disciplines needed to find and stop these threats — both known and unknown.
Six key facts about malicious macros and the cybercrime economy
Proofpoint combined technical analysis of malware samples from top malicious macro developers with investigation of underground cybercriminal forums, and found that the high success rates and cost-effectiveness of malicious macros have rapidly and significantly altered the landscape of email-borne threats.
Researcher tests Tor exit nodes, finds not all operators can be trusted
While the Tor anonymity network conceals (relatively successfully) a user’s location and Internet activity from anyone who might want to know about it, users should be aware of the fact that it does not offer end-to-end encryption, and any traffic that is not encrypted before it enters Tor can be seen and perused by those operating exit nodes.
Linux container security and certification concerns remain
A survey of more than 383 global IT decision makers and professionals shows strong enterprise plans for container deployments.
Many popular Android apps fail to encrypt login credentials
Using encryption to protect mobile traffic and especially the exchange of credentials between the user and company servers should be a must in this day and age. Unfortunately, there are companies that have yet to implement HTTPS encryption during logins for their mobile apps, and others that have made mistakes in implementing it, thus exposing their users to Man-in-the-Middle attacks.
New password recovery scam hitting Gmail, Outlook and Yahoo Mail users
A simple yet ingenious scam is being used by scammers to compromise accounts of Gmail, Outlook and Yahoo Mail users, Symantec researcher Slawomir Grzonkowski warns.
How to find a free, secure proxy service?
There are several reasons one might want to use web proxy services, and depending on that reason, it might not be a very good idea to choose a free one randomly.
The state of cyber security in Thailand
The general consensus seems to be that Thailand is less of a cyber target than many other countries, and the example used was that most phishing e-mails were English, a language most locals are not accustomed using when communicating.
OPM hack shines light on abysmal state of US federal systems’s security
With each passing day, newly revealed details about the US Office of Personnel Management (OPM) hack show an ugly picture of the security situation in the OPM, and other US government departments and agencies.
HP releases exploit code for IE zero-day that Microsoft won’t patch
Despite having paid $125,000 for information about an Address Space Layout Randomisation (ASLR) vulnerability affecting Internet Explorer, Microsoft has decided against patching it because they feel it does not affect the default configuration of IE.
US, UK spies reverse-engineered security software in search for flaws
The UK GCHQ has been actively trying to reverse-engineer popular security software in order find vulnerabilities that can be used to neutralize the protection the software offers to the agency’s potential targets.
Flash Player 0-day exploited in the wild, patch immediately!
Adobe has released an emergency patch for its notoriously buggy Flash Player software because attackers are actively exploiting a critical vulnerability that can lead to total system compromise.
Connected cars: Are tomorrow’s drivers at risk?
Imagine this scenario: you’re driving along a busy highway when without warning, your car’s brakes or steering wheel locks up. Or, you slow down as you approach a traffic light and your vehicle starts accelerating. Is this possible? If so, would this affect the car industry with determining culpability? Furthermore, what does this mean for public safety?
Why a Dyre infection leads to more than just stolen banking credentials
The Dyre/Dyreza information-stealer has without a doubt filled the vacuum generated by the 2014 and 2015 law enforcement takedowns of botnet infrastructure of several prominent financial Trojan groups: Gameover Zeus, Shylock, and Ramnit.
TLS security: What really matters and how to get there
In this podcast recorded at Infosecurity Europe 2015, Ivan Ristic, Director of Engineering at Qualys and lead at SSL Labs, introduces the TLS Maturity Model – conceptual deployment model that describes a journey toward robust TLS security.
Why a low-level threat can open the door for serious infections
A Damballa study cited an example of how a compromised device, originally exploited for the seemingly innocuous purpose of click fraud – a scam to defraud ‘pay-per-click’ advertisers – became part of a chain of infections, which led within two hours to the introduction of the toxic ransomware CryptoWall.
Instapaper for Android vulnerable to man-in-the-middle attacks
Users that sign in to a Wi-Fi network that is being monitored could have usernames and passwords intercepted using a fake certificate and a traffic-intercepting tool.
WikiLeaks publishes reports showing NSA spied on French presidents
WikiLeaks has published “Espionnage Élysée”, a set of intelligence reports and documents that show that the US NSA has, between 2006 and 2012, intercepted the communications of three French presidents, French cabinet members, and the French Ambassador to the US.
Deadly Windows, Reader font bugs can lead to full system compromise
“Even in 2015 – the era of high-quality mitigations and security mechanisms – one good bug still suffices for a complete system compromise,” Mateusz Jurczyk, an infosec engineer with Google Project Zero, noted in a recent talk at the REcon security conference in Montreal.
Three simple ways to prevent a data breach
Netwrix recommends three steps that will allow companies to achieve deep and pervasive visibility across all IT infrastructure levels and address security issues.
Hackers are spending a huge amount of resources targeting financial services
Websense revealed a high degree of specialization among criminals attacking financial services, a huge investment in the lure attack phase and the specific and anomalous attacks pointed at global targets dealing in finance.
Samsung disables Windows Update, undermines the security of your devices
Another example of how vendors sometimes choose to improve usability to the detriment of user security has been recently discovered by security researcher and Microsoft MVP Patrick Barker.
Nigerian scammers are stealing millions from businesses
When someone mentions advanced fee or romance scams most people immediately associate them with Nigerian scammers. But there is another type of scam that these fraudsters actively engage in: the so-called “change of supplier” scam.
The cloud, FedRAMP and FISMA compliance
The push for FedRAMP is a concerted effort by the government to deploy a ‘do once, use many’ strategy to better secure all regulated data. But relinquishing jurisdiction over platforms, storage, and applications makes government security officers nervous—and rightfully so.
How companies can regain consumer trust after a data breach
While the majority of respondents agree on breach notification, they are divided on what steps should be taken to protect themselves and placing trust in retailers.
Cisco finds, removes more default SSH keys on its software
There are no workarounds for these vulnerabilities, so the only thing left for customers to do is to implement the updates.
Vegan and BeEF clash shows how cyber arms race never stops
An example of this never-ending arms race has been demonstrated perfectly by researcher and developer Brian Wallace and the developers of Browser Exploit Framework (BeEF), an open-source attack and penetration testing tool.