Week in review: Smart TV ransomware, DNC hack, and DAO under attack
Here’s an overview of some of last week’s most interesting news and articles:
Ransomware targets Android smart TVs
If you own a Sharp and Philips smart TV running the Android TV OS, you should know that it could be hit by FLocker, a device-locking ransomware that targets both Android-powered mobile devices and smart TVs.
50% of ads on free livestreaming websites are malicious
Many users of free livestreaming websites may be aware that the video content on these websites is typically streamed without the content owner’s consent. What they often underestimate, however, is the security risk that comes with watching these videos.
Pestudio: Initial malware assessment made simple
Pestudio is a free tool that allows you to perform an initial assessment of a malware without even infecting a system or studying its code.
The DAO is under attack, a third of its ether reserves stolen
The DAO, a digital Decentralised Autonomous Organisation that has been set up to support projects related to Ethereum, a public blockchain platform that allows programmable transactions, has been hit by unknown attackers that drained a third of its ether (cryptocurrency) reserves.
Review: DevOpsSec
As more and more companies consider implementing the DevOps software development and delivery model, this book comes just at the right time. It gives an overview of how DevOps can be implemented and how security and compliance can be enforced through it.
Security startup confessions: Let’s talk about channel management
By partnering with service providers around the world, you can effectively reach markets you would not be able to reach on your own, but orking with partners involves certain risks.
Hacker Guccifer 2.0 claims DNC hack, leaks documents to prove it
An individual that goes by the handle “Guccifer 2.0” has claimed responsibility for the US Democratic National Committee (DNC) hack, and has released documents that apparently prove his (or her) involvement.
Top 10 technologies for information security and their implications
Gartner highlighted the top 10 technologies for information security and their implications for security organizations in 2016.
GitHub accounts compromised in wake of reused password attack
GitHub has not been hacked or compromised.
Fix for actively exploited Flash Player 0day is out, patch ASAP!
Adobe has issued a patch for the Plash Player zero-day vulnerability (CVE-2016-4171) that is actively exploited by the ScarCruft APT group.
Harnessing integrated security analytics
Integrated security analytics are becoming the hallmark of mature, battle-ready cybersecurity management that aims to protect the castle as a whole.
Can SourceForge win developers’ trust back?
SourceForge is under new ownership and management (again!), and their plan is to return the service to its former glory.
How attackers can hijack your Facebook account
Positive Technologies researchers have demonstrated that knowing a user’s phone number and how to exploit a vulnerability in the SS7 network is enough to hijack that user’s Facebook account.
Microsoft creates Checked C extension to prevent common coding errors
Fixing vulnerabilities in completed software and systems is all good and well, but with Checked C, an extension for the C programming language, Microsoft researchers want to prevent common programming errors that can lead to several types of frequently occurring vulnerabilities.
How programmers can be tricked into running bad code
Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The answer to both these questions is yes.
Cisco’s small business Wi-Fi routers open to attack, no patch available
Security researcher Samuel Huntley has discovered four vulnerabilities in Cisco’s RV range of small business Wi-Fi routers, the worst of which could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system.
How to consolidate your sensitive data footprint
Data is the driving force behind every organization, whether an organization is primarily a retailer, a manufacturer, healthcare provider or a bank.
Security implications of online voting
With essentially everything moving online, it would seem to be the natural progression that voting online or on your mobile device would be the next thing to happen. Not only would it be more convenient for the voter, but it would greatly reduce the travel costs. The question is, are we technologically mature enough and can we count on today’s security infrastructure to protect our vote?
Can you see and control IoT devices on your network?
While the majority of IT pros acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them.
Tactical exploitation with Warberry Pi
WarBerry Pi was built for red team engagements where it’s essential to obtain as much information as possible in a short period of time, while going undetected. All you need to do is find a network port and plug it in.
70,000 hacked servers for sale on xDedic underground market
Kaspersky Lab researchers have investigated a global forum where cybercriminals can buy and sell access to compromised servers for as little as $6 each.
How do you win the web security game when the rules keep changing?
Successfully protecting against web-based attacks is like trying to win a game that keeps changing its rules, only nobody tells you what the new rules are.
Netgear removes crypto keys hard-coded in routers
Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them.
The dynamics of mobile app collusion and malicious activities
Mobile app collusion happens when cybercriminals manipulate two or more apps to orchestrate attacks on smartphone owners. McAfee Labs has observed such behavior across more than 5,000 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planning.
27% of cloud apps are high risk
As more and more organizations adopt cloud platforms, new shadow IT risk vectors are coming into play in the form of connected third-party apps.
Developing Hashcat, a tool for advanced password recovery
Hashcat is an advanced password recovery utility for Windows, OS X, and GNU/Linux, and supports seven unique modes of attack for over 100 optimized hashing algorithms.
How IT teams are preparing for the rise of intelligent machines
A new survey carried out by analyst firm Freeform Dynamics examines the attitudes and readiness of IT decision makers with regard to intelligent machines and business systems (machines with decision making and learning capabilities).