Week in review: NSA privacy violations, key cloud computing trends, and building security culture
Posted on 19 August 2013.
Here's an overview of some of last week's most interesting news, videos, interviews, reviews and articles:


Can biometrics revolutionize mobile payment security?
With the explosion in smartphones usage, the number of payments done via mobile devices has significantly increased over recent years. As eCommerce becomes mCommerce, the industry has to focus on payment security.

The Pirate Bay releases censorship-thwarting browser
The operators of The Pirate Bay, one of the most (in)famous piracy sites on the Internet, have decided to celebrate the site's 10th anniversary by releasing a web browser that allows users to access TPB or other sites censored in their country.

Key cloud computing trends and enterprise security
Dan C. Marinescu is the author of Cloud Computing: Theory and Practice. He was a Professor of Computer Science at Purdue University in West Lafayette, Indiana from 1984 till 2001 when he joined the Computer Science Department at the University of Central Florida. In this interview, Marinescu outlines a variety of interesting facts about cloud security, illustrates how the cloud has shaped enterprise security, and provides insight into key future trends.

Malicious ads lead to outdated adware-laden Firefox "update"
A series of Internet campaigns pushing bogus Firefox updates onto unwary users have been spotted by researchers, and among them is one that lures them in through “Green Card Lottery” ads.

Mega plans to offer encrypted email service
With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service.

Obama's "independent" intelligence review group selected by DNI Clapper
After his speech about transparency and greater oversight over US surveillance programs, as well as the announcement about forming an "independent", "high-level group of outside experts to review our entire intelligence and communications technologies […] particularly our surveillance technologies," US president Barack Obama has issued a memorandum on Monday, ordering for a Review Group on Intelligence and Communications Technologies to be formed immediately.

Windows XP's approaching retirement will be boon for blackhats
Event though its market share has been slowly dropping since late 2007, it is still used by some 37 percent of all Windows users - a considerable number, we can all agree.

Multi-service authentication via palm vein images
Fujitsu has been creating and releasing palm vein biometric authentication and identification systems for over a decade, but have now presented a new one that definitely deserves some special attention.

Exploring critical infrastructure security and government cyber security
Chris Folk is the Director of National Protection Portfolio, The MITRE Corporation. Folk oversees work program development and delivery to: the DHS National Protection and Programs Directorate (NPPD), including Cybersecurity & Communication (CS&C), Office of Infrastructure Protection (OIP), and Federal Protective Services (FPS), and US VISIT. In this interview he discusses the challenges involved in working with several U.S. government agencies, approaching the insider threat, the resilience of the government cyber ecosystem, future threats, and more.

Hacking a smart lightbulb system
Nitesh Dhanjani conducted research on the Philips hue lighting system. The hue personal wireless system is available for purchase from the Apple Store and other outlets. Out of the box, the system comprises of wireless LED light bulbs and a wireless bridge. The light bulbs can be configured to any of 16 million colors. He released a paper that discusses top threats associated with the product in addition to a detailed analysis of how the system works.

Cyber crooks misuse Google service to control Android Trojans
Cybercriminals have been spotted using a novel method of controlling Android mobile malware: a legitimate service called Google Cloud Messaging.

Dear CSO, do you know how to build security culture?
What do you really know about security culture? You may know a lot about security, but you are likely not to know a lot about people, how they function, and how groups form and interact.

Sweeping mobile phishing attack requests bank customers' ID scans
A very thorough phishing campaign is targeting customers of JPMorgan Chase Bank who use their mobile phones to do their online banking, warn Trend Micro researchers.

Hacker hijacks baby monitor camera, terrorizes family
A Houston, Texas couple got a great shock this weekend when they heard a male voice coming from a room where their two year old was sleeping.

Joomla exploit doing rounds, users advised to update
In a recently released report, the Versafe researchers have noted the existence and the current active use of an exploit that allows attackers to easily gain control of the targeted system.

Practical Anonymity: Hiding in Plain Sight Online
With the recent surveillance scandals tied to the NSA, you can no longer be deemed paranoid or believe yourself to be overreacting if you want to find a way of keeping your online presence anonymous. This book will tell you many things you wanted to know about Tor, the most popular anonymity network out there, and will teach you how to use it.

Where RFI attacks fall in the security threat landscape
Remote File Inclusion (RFI) attacks abuse user-input and file-validation vulnerabilities to upload a malicious payload from a remote location.

Google delivers patch for Android SecureRandom implementation
An Android security engineer has again confirmed the existence of the vulnerability that made the most popular Bitcoin wallet apps for the platform open to attack, and offered help for developers.

Is the hybrid cloud the future for enterprises?
While the public cloud remains important to IT decision-makers at UK and US enterprises, the limitations of using this type of platform as a one-size-fits-all solution are becoming more apparent.

NSA internal audit reveals thousands of privacy violations
An internal NSA audit document and several other seen by The Washington Post journalists prove that there have been over a 1,000 violations of FISA and presidential executive orders each year since the agency was granted broader surveillance powers in 2008.

Firm found using browser plugins to inject unauthorized ads on YouTube
Sambreel, a California-based firm that nearly two years ago has been found using browser plugins to deliver ads by injecting them into Facebook and Google pages, is up to its old tricks.

Securing the modern web: Open sourcing the future of IAM
Traditional IAM solutions were designed exclusively for the on-premises enterprise; they were not equipped to handle or adapt to the immediate demands of the modern Web.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //