Week in review: Google discloses Windows flaw, French sites under attack, Android users in danger

Here’s an overview of some of last week’s most interesting news and articles:

LizardSquad’s DDoS service is powered by hacked home routers
The preponderance of routers represented in the botnet probably has to do with the way that the botnet spreads and scans for new potential hosts. But there is no reason the malware couldn’t spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.

Do we need regular IT security fire drills?
Organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs.

Corel DLL hijacking vulnerability could allow arbitrary command execution
Users can determine if they are potentially vulnerable only by checking if they have installed the affected software.

WhiteHat Aviator browser is not secure, says Google developer
Late last week WhiteHat Security open sourced Aviator, its Chromium-based browser that has been marketed as “the most secure browser online.” Once Aviator’s source code was made public, Google researchers took a peek under its hood, and found plenty to worry about.

The ubiquitous social media “buy’ button and the journey of authentication
With the “buy’ button still very much in its infancy on social sites, will there be enough consumers willing to give up their card details for it to take off? And more interestingly, will it really make our lives easier?

Ransomware-wielding crooks made over $217,000 in a single month
The targets of the latest widespread ransomware delivery campaign are almost exclusively Australian users, and it seems that over 1,200 of them have paid up to have their computers unlocked and their files restored.

Rex Mundi hackers try, fail to blackmail Swiss bank
The Banque Cantonale de Geneve has refused to pay the ransom demanded by a group of hackers that goes under the name of Rex Mundi, and they have made good on their word and have published the whole batch of customer emails they managed to steal from the bank’s website.

Over 930M Android users in danger as Google stops delivering critical patches
Nearly a billion of Android users – over half of the total number of worldwide users – are in danger of being targeted by cyber attackers exploiting vulnerabilities in WebView, as Google has decided not to provide security patches for the core component used in pre-KitKat (v4.4) versions of the mobile OS.

US President spells out his cybersecurity legislative agenda
In the lead-up to the annual State of the Union address scheduled for Tuesday, US president Barack Obama is doing rounds and giving a glimpse into his legislative plan for the year.

Unfazed by Microsoft’s criticism, Google discloses another Windows 8.1 flaw
Google apparently has no mercy for Microsoft’s developers, and is determined to stick to its 90-day deadline for fixing software flaws, as it publicly released details of an elevation of privilege vulnerability affecting Windows 8.1. Microsoft scolded Google for lack of flexibility in vulnerability disclosure.

Identity management trends in 2015
A new year is always an excellent time to look ahead. So, there’s not much of a better time than now to look at some of the identity management trends expected for the year in front of us.

Don’t look back in anger
While keeping an eye on the future is always a prudent thing to do, Brian Honan worries that instead of focusing on what we should be doing today to secure our systems, we are instead fantasizing about dealing with threats and risks that may not immediately impact our businesses.

Skeleton Key malware makes all passwords valid
Researchers from the Dell Secureworks CTU team have unearthed a new type of malware whose goal is to allow attackers to bypass authentication on Active Directory (AD) systems by enabling them to use any random password. They dubbed the malware “Skeleton Key.”

Beware of malware masquerading as Oracle security patches
“It has come to our attention that there are non-Oracle sites offering Oracle ‘fixes’ for genuine Oracle error messages,” the company shared on several of its Proactive Support blogs.

Cyber attacks demonstrated on autonomous ground vehicles
Mission Secure, a cyber defense technology and solutions provider, and Perrone Robotics, a provider of robotic and autonomous ground vehicle solutions, announced a pilot project to demonstrate cyber attacks and protections targeted at ground vehicles. The University of Virginia Department of Systems and Information Engineering is sponsoring the pilot project.

January’s Patch Tuesday marks the start of a new era
It seems that Microsoft’s trend towards openness in security has reversed and the company that was formerly doing so much right, is taking a less open stance with patch information. It is extremely hard to see how this benefits anyone, other than, maybe who is responsible for support revenue targets for Microsoft. What this means is that the world at large is getting their first look at understandable information about this round of patches 30 minutes after the automatic updates to fix those patches were triggered by Microsoft.

Cost of breach vs. cost of deployment
Today’s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company assets.

Unlock your digital world with True Key
Intel Security recently previewed True Key, a new way to unlock your digital world. It combines both password management with simple and secure multi-factor authentication, paving the way for eventual password elimination.

Encrypted messaging and file storage app Peerio goes open beta
Canada-base Peerio has released the beta version of an app of the same name which combines secure messaging, file sharing and storage, and adds encryption to it. Peerio is developed by a team of people that includes Nadim Kobeissi, the 24-year-old creator of the (in)famous Cryptocat app and well-known proponent of easy-to-use encryption.

Open source tool trawls Github repositories for sensitive data
Michael Henriksen, a member of the SoundCloud security team, has been recently tasked with creating a system that will constantly check the company’s GitHub organizations (i.e. repositories) for unintentionally leaked sensitive information.

Pirate activist shows politicians what digital surveillance looks like
Gustav Nipe, the 26-year old president of the Swedish Pirate Party’s youth wing, set up an open Wi-Fi network at the Society and Defence National Conference held in S?¤len, Sweden, last week and collected and analyzed the metadata of conference attendees who connected to it.

What is the value of professional certification?
Recognition for and therefore the value of professional certification is rising within the information security domain.

New version of Cryptowall ransomware spotted doing rounds
Unfortunately for users, Cryptowall 3.0 is as destructive as previous variants: it encrypts files found on the infected machines, and asks the victims to pay up in order to get the decryption key.

How to prepare if you’re selected for an OCR audit
What should organizations do to prepare for the possibility of an audit? How can you demonstrate compliance efficiently and effectively?

Home routers in Spain and Argentina sport critical vulnerabilities
Spanish security researcher Eduardo Novella has discovered two critical vulnerabilities affecting a specific ADB Pirelli home wireless router deployed by Spanish broadband provider Movistar and Argentinian ISP Arnet.

One-click mobile fraud variant throws browser for a loop
It was spotted in Japan, where one-click fraud is usually geared towards tricking users into subscribing to – and paying for – adult video services.

19,000 French websites hit by DDoS, defaced in wake of terror attack
According to Admiral Arnaud Coustilliere, the French military’s head of cyberdefense, most of these attacks were carried out by three Islamic hacker groups: Middle East Cyber Army, Fallaga team and Cyber Caliphate.

Typosquatting abuse of 500 most popular websites analyzed
Typosquatting is not a new phenomenon, but this scammy method wherein attackers intentionally register a domain name that is a mistype of a popular domain name is still practiced to this day.

Man arrested for Playstation and Xbox attacks
An 18-year-old man was arrested on Friday in Southport, UK.

UK PM Cameron demonizes encryption, US report says it’s vital
When British Prime Minister David Cameron announced on Tuesday his plan to introduce new surveillance powers in the UK by forcing businesses to plant backdoors in their communication products, and ban applications that use end-to-end encryption, security experts we asked for an opinion have unanimously declared that weakening users’ security posture is not the right answer to the problem of fighting criminals and terrorists.

GFI adds multi server tools to mail security in MailEssentials 2015
GFI Software released GFI MailEssentials 2015, an evolution of the email security platform that adds major enhancements including scalability and load balancing capabilities to support organizations managing multiple mail servers.

More about

Don't miss