Week in review: EU-US Privacy Shield, using AI to build an army of virtual analysts
Here’s an overview of some of last week’s most interesting news and articles:
Fake Amazon survey-for-money offer leads to account compromise
“As a valued customer we would like to present you with an opportunity to make a quick buck,” says the email, decked out with the Amazon logo and using a similar color scheme.
Harnessing artificial intelligence to build an army of virtual analysts
PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.
Severe and unpatched eBay vulnerability allows attackers to distribute malware
This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely, to execute malicious Javascript code on targeted eBay users. If this flaw is left unpatched, eBay users will continue to be exposed to potential phishing attacks and data theft.
Your board and cyber risk: Reimagining security protocols from the top down
As scrutiny of well-known financial services firms’ security practices continues to make news, the SEC has chosen to turn its attention to risks facing a certain subset of the industry — registered broker-dealers and investment advisers — who according to public reports, continue to face cybersecurity breaches related to weaknesses in basic controls.
Mac users beware! Scareware hides behind fake Flash Player update
The attack starts on Facebook, where potential targets are tricked into clicking a link via a click-baiting item.
Defending the smart grid: What security measures to implement
Smart grids provide real-time information on the grid, perform actions when required without any noticeable lag, and support gathering customer consumption information. On the downside, smart grids however, provide an increased attack surface for criminals.
Google declares war against deceptive download buttons
There’s likely no Internet user that hasn’t, at some point, been tricked into clicking on a deceptive “download,” “install,” or “update” button.
UK activists dumps 2.5 GB of data stolen from US police union
UK-based researcher and activist Thomas White has made available for download 2.5 GB of data stolen in a recent hack of the computer systems of the Fraternal Order of Police (FOP), the biggest police union in the United States.
Exposing the economics behind cyber attacks
A new survey by the Ponemon Institute provides insight into topics like the average earnings of a cyberattacker, the amount of time attacks typically take, and how to prevent successful data breaches by increasing the cost of conducting them.
Modern IRM: Securing the future of work
The future of work that pundits have been talking about for years is here: it’s open, dynamic, demands rapid sharing of information, and the statistics prove it.
Is your HP enterprise printer hosting malware for hackers?
“If you’re concerned about security, put your printers are behind a firewall and, if it’s a Hewlett-Packard, make sure port 9100 isn’t open,” says security researcher Chris Vickery. Why?
Eagles vs drones: A low-tech solution for a high-tech problem?
The Dutch National Police is aware that the use of drones – and the number of drones incidents – is only going to increase as time goes by. So, they are trying to find ways to take them down without endangering people.
Banning encryption is useless when IoT devices can spy on users
For a while now the US intelligence and law enforcement community has been complaining about the rise of end-to-end encryption, and how it will prevent them from tracking terrorists and other criminals. They call this inability of following the suspects movements and discovering their plans by surveilling their phone and online communications “going dark”, but a newly released study published by the Berklett Cybersecurity Project of the Berkman Center for Internet and Society at Harvard University explains that the expression is not fitting.
Security and privacy issues plague wearable fitness tracking devices
A new report is describing major security and privacy issues in several leading wearable fitness tracking devices and accompanying mobile applications. The research examined offerings by Apple, Basis, Fitbit, Garmin, Jawbone, Mio, Withings, and Xiaomi.
Someone hijacked the Dridex botnet to deliver Avira AV’s installer
After last September’s arrest of an alleged member of the gang that has been developing and spreading the Dridex banking malware, and last October’s temporary disruption of the Dridex botnet at the hands of UK and US law enforcement, the criminal group is experiencing problems again.
Hackers claim to have hacked NASA, hijacked one of its drones
AnonSec hackers claim that they have breached a number of NASA’s systems, and they have published a data trove containing video recordings made by the agency’s aircrafts and drones, the drone’s flight logs, and the names, email addresses and telephone numbers of some 2,400 agency employees.
EU-US Privacy Shield: New framework for transatlantic data flows
This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses. Here are some reactions by the infosec community to the new framework.
Comodo Internet Security installs insecure Chrome-based browser
Google researcher Tavis Ormandy has found more vulnerabilities in yet another security solution.