Week in review: Hijacking connected cars, Android backup flaw, help desk security threats
Here’s an overview of some of last week’s most interesting news and articles:
UEFI secure boot: Next generation booting or a controversial debate
One of the first initiatives for secure booting has been the Unified Extensible Firmware Interface (UEFI) Initiative. UEFI is a superior replacement of the Basic Input Output System (BIOS) and a secure interface between the operating system and the hardware firmware.
INTERPOL and Trend Micro to collaborate against cybercrime
Trend Micro is set to deliver training programmes to INTERPOL, government and police agencies in various participating countries to address emerging digital crime at the national and international level. Including expertise and best practices, training will encompass e-learning modules, classroom-based training sessions, workshops and professional certifications.
Mobile operating system wars: Android vs. iOS
When Bitdefender introduced Clueful for Android, they thought mobile users should know what the applications on their devices were doing. One year and a couple hundred thousand analyzed applications later, Clueful intelligence has picked up an interesting trend: applications are equally invasive and curious on iOS as on Android, even though one may argue that one of the operating systems is safer.
Tips for network administrators as mobile device usage increases
The increase in mobile device has resulted in network challenges for businesses of all types and sizes. Tablets have exceeded traditional desktops in driving web traffic and conversion rates, suggesting that users rely more heavily on mobile devices to make purchases and complete transactions through web applications and mobile sites.
Trust me with your secrets
For little over a month, revelations about NSA wiretapping schemes have been hitting the news and and rattling the world. The fact that the NSA has access to so much data about you is scary and bad. The fact that they denied collecting said data is even worse. Still, we should not be surprised.
Email security: Perception vs. reality
When it comes to email security in the workplace, 98 percent of employees believe they demonstrate either equally secure or more secure behaviors than their colleagues.
US retains spamming crown
Sophos has published the latest ‘Dirty Dozen’ of spam relaying countries, covering the second quarter of 2013. As the US retains the top spot among spam-relaying countries, Belarus makes a significant jump into second place.
Metrics: Valuable security indicator or noise?
Many organizations believe that IT, and by association IT security, is a wasted expense. They recognize that the financial investment needs to be made but few truly understand what they’re rubber-stamping, and even less believe they’ll see a return on this outlay. But it doesn’t have to be this way. How can security support revenue growth and profitability? The secret is metrics.
Vendors patch security vulnerabilities within 3 weeks
High-Tech Bridge Security Research Lab released its statistics on web application security for the first half of 2013. The statistics is based on HTB Security Advisories that are released on a weekly basis and cover 73 vulnerabilities in open source web applications which names are quoted at least 50’000 times in Google.
Social engineering tops list of help desk security threats
Often the performance of help desk employees is measured by how quickly they can serve callers and resolve the issue. Unfortunately, in many cases, security does not play a major role in the process and as a result, help desks have become an unintended entry point for hackers and malicious insiders attempting to gain access to sensitive enterprise resources.
Researchers find, Google fixes Glass hijack flaw
Google Glass is scheduled to be made widely available to regular consumers by the end of this year, so the Internet giant has still time to fix the most obvious security flaws before handing the device to undiscerning users.
Android backup sends unencrypted Wi-Fi passwords to Google
Micah Lee, staff technologist for EFF and CTO of the Freedom of the Press Foundation, has discovered that Android’s “Back up my data” feature is as potentially dangerous as it is convenient, as it sends a lot of private information (including passwords) in plaintext to Google.
Apps exploiting Android “Master Key” bug offered on Google Play
Researchers from security firm Bitdefender have unearthed two relatively popular apps on Google Play that leverage the infamous Android “Master Key” bug, but luckily for users who downloaded them, the app developers have no malicious intent.
File infector EXPIRO hits US, steals FTP credentials
An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors.
The future of electronic payment: Smartphone authentication and facial recognition
Withdrawing cash from an ATMs by using a debit or credit card or paying with it at a point-of-sale may soon become a thing of the past, as several manufacturers have presented technologies that will let users perform the same actions by simply using their smartphone or even their face.
Huawei’s Chinese connection continues to be source of suspicion
A day after it was announced that the UK government will investigate the employees at the Huawei’s Cyber Security Evaluation Center located in Banbury, Oxfordshire, retired US general and former NSA and CIA director Michael Hayden has said the US intelligence agencies have proof that the company has been aiding cyber espionage efforts of the Chinese government.
Hijacking connected cars with a $25 tool
A presentation by two Spanish researchers scheduled to take place later this month at the Black Hat conference in Las Vegas will apparently prove that hijacking modern cars via electronic means is not only easy, but cheap to execute as well.