Week in review: Yahoo breach, Tesla remote hijack, new issue of (IN)SECURE
Here’s an overview of some of last week’s most interesting news, reviews and articles:
Repercussions of the massive Yahoo breach
Yahoo has announced on Thursday that they have suffered a breach and that account information of at least half a billion users has been exfiltrated from the company’s network in late 2014.
Review: Boxcryptor
Storing your data in the cloud comes with both positive and negative aspects. Boxcryptor is a solution that helps with this by encrypting your data on your device before it gets synchronized to the cloud storage provider of your choice.
(IN)SECURE Magazine issue 51 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.
How ransomware is impacting companies in six major industries
BitSight analyzed the security ratings of nearly 20,000 companies to identify common forms of ransomware and to determine which industries (amongst Finance, Healthcare, Education, Energy/Utilities, Retail, and Government) are most likely to experience attacks.
Why DNS shouldn’t be used for data transport
Malicious DNS tunnelling is a big problem in cybersecurity.
Basic file deletion increases exposure to security risks
The use of improper data removal methods and the poor enforcement of data retention policies have created the perfect storm for confidential, oftentimes sensitive data to be lost or stolen.
US elections and the hacking of e-voting machines
As the day when US citizens cast a vote for their preferred presidential nominee quickly approaches, the issue of whether the actual voting process can be tampered with is a topic that interests many.
Malicious torrents management tool uncovered
Researchers have uncovered Raum, a tool that is used by Eastern European organized crime group “Black Team” to deliver malware to users through malicious torrents.
Xiaomi smartphones come equipped with backdoor
If you’re a computer science student with an interest in cybersecurity like Thijs Broenink, you can reverse-engineer pre-loaded apps and discover for yourself what they do.
Chinese researchers hijack Tesla cars from afar
Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components.
We have to start thinking about cybersecurity in space
With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds – but it shouldn’t be.
HDDCryptor ransomware uses open source tools to thoroughly own systems
HDDCryptor (aka Mamba) is a particularly destructive piece of ransomware that encrypts files in mounted drives and network shares, locks the computers’ hard disk, and overwrites their boot disk MBR.
Biometric skimmers: Future threats to ATMs
Kaspersky Lab experts investigated how cybercriminals could exploit new biometric ATM authentication technologies planned by banks.
US gets federal guidelines for safe deployment of self-driving cars
The public is welcome to comment on the new policy, and the Department of Transportation intends to update it annually.
880,000 users exposed in MoDaCo data breach
Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised.
UK: Financial fraud soars
More than 1 million incidents of financial fraud – payment card, remote banking and cheque fraud – occurred in the first six months of 2016, according to official figures released by Financial Fraud Action UK. To compare, in the first six months of 2015 there were a little over 660,000 cases.
Should you trust your security software?
Recently, Google’s Project Zero security research team uncovered a bunch of critical vulnerabilities in two dozen enterprise and consumer antivirus security products from Symantec and its Norton brand.
BENIGNCERTAIN-like flaw affects various Cisco networking devices
The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one.
Connected devices riddled with badly-coded APIs, poor encryption
Ignoring cybersecurity at the design level provides a wide open door for malicious threat actors to exploit smart home products.