Week in review: The price of the Internet of Things, YiSpecter hits non-jailbroken iOS devices, and the most secure Android smartphones

Here’s an overview of some of last week’s most interesting news and articles:


The price of the Internet of Things will be a vague dread of a malicious world
Volkswagen didn’t make a faulty car: they programmed it to cheat intelligently. The difference isn’t semantics, it’s game-theoretical (and it borders on applied demonology).

Do attribution and motives matter?
Whenever people think of APTs and targeted attacks, people ask: who did it? What did they want? While those questions may well be of some interest, we think it is much more important to ask: what information about the attacker can help organizations protect themselves better?

Advertising malware affects non-jailbroken iOS devices
YiSpecter is infecting iOS devices belonging to Chinese and Taiwanese users, and is the first piece of malware that successfully targets both jailbroken and non-jailbroken devices. And now there’s a free tool to remove the malware.

Prevention is the best cure for identity theft
Checking credit reports, shredding documents with personal information and changing passwords on financial accounts are the top actions taken.

Car hacking via compromised car diagnostic tools
Among the researchers that delved into the matter is security consultant Craig Smith, who presented this week at the Derbycon conference the results of his latest efforts: a cheap-to-make testing tool that is made to simulate a car’s system, and to bombard a car dealership’s diagnostic tools with random data in order to discover vulnerabilities that can be exploited to compromise the device.

Nuclear facilities are wide open to cyber attacks
You would think that, given the potential disastrous consequences of a successful hack, the computer systems and networks of nuclear facilities would be better secured agains cyber intrusions. Unfortunately, you would be wrong.

Applying machine learning techniques on contextual data for threat detection
The question is on every CIO’s and security officer’s mind: What are the most efficient techniques to detect threats to cloud services?

Attackers prefer lower-bandwidth DDoS attacks
Analyzing customer data, Corero found that attackers are continuing to leverage sub-saturating DDoS attacks with increasing frequency, using shorter attack durations to evade legacy cloud DDoS scrubbing solutions to cause network disruptions and, in some cases, distract victims while other malware infiltrates networks and steals customer information and corporate data.

T-Mobile customer data stolen from Experian already for sale
Irish fraud prevention company Trustev, which keeps an eye on data sale listings popping up on underground online markets, says that listings that offer “fullz” that contain the name, Social Security number, date of birth, driving licence number, email address, phone number, and physical address of US-based individuals, have been popping up a day after the breach and data theft was made public.

Attackers take over org’s OWA server, harvest domain credentials with malicious DLL
Researchers from cyber attack detection and response outfit Cybereason have discovered a novel APT technique that was used by attackers to gain persistence in an (unnamed) organization’ environment and to harvest employees’ authentication credentials.

Top 5 Android Marshmallow enterprise security benefits
Google’s new Android Marshmallow operating system offers important new security and ease-of-use features that improve its functionality for both enterprise and individual consumers.

Previously unknown Moker RAT is the latest APT threat
Researchers over at cybersecurity company enSilo have discovered a novel, powerful and persistent type of malware plaguing the network of one of their customers.

IP camera manufacturers force researcher to pull conference talk
Gianni Gnesa, the founder and CEO of Swiss security assessment and pentesting services firm Ptrace Security, was scheduled to share his findings and demonstrate attacks agains IP cameras from several manufacturers at the Hack in the Box GSEC conference in Singapore this week.

Wealth of personal data found on used electronics purchased online
Varying amounts and types of residual data have been found on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com.

The impact of digital business on information security
Changes in computing fabric, devices and services formed by digital business continue to shape risk and security landscapes.

Photo: A walk through Cyber Security Europe 2015
The Cyber Security Europe 2015 featured seminars and solutions on all facets of cyber security and risk mitigation, from perimeter firewalls to the latest threat intelligence solutions.

Pen-testing drone searches for unsecured devices
The approach has been thought out by a group of researchers from from iTrust, a Center for Research in Cyber Security at the Singapore University of Technology and Design, who equipped a flying drone with an Android smartphone, and the latter with a special app dubbed “Cybersecurity Patrol”.

Hackers breach firm whose tech is used in Samsung Pay
It was revealed on Wednesday by the New York Times that LoopPay, a US-based Samsung subsidiary whose technology is central to the Samsung Pay mobile payment system, has suffered a breach earlier this year.

Former journalist faces 25 years in prison for article defacement
Keys was indicted in March 2013 for conspiring with members of the hacker group Anonymous to hack into and alter the website of the Tribune Company-owned KTXL FOX 40 television station in Sacramento, California, for which he worked as a web producer until late October 2010, when he was terminated.

Top strategic IT predictions for 2016 and beyond
Gartner’s top predictions for 2016 look at the digital future, at an algorithmic and smart machine-driven world where people and machines must define harmonious relationships.

Attackers compromise Cisco Web VPNs to steal login credentials, backdoor target networks
The attackers are either leveraging a vulnerability in the product or manage to gain administrator access in other ways, but the end goal is the same: to implant JavaScript code on the login pages to the VPN in order to harvest employee credentials.

Which Android smartphones are most secure?
87% of Android devices are vulnerable to attack by malicious apps and messages.

Apple boots some ad blockers from App Store to protect users’ privacy
Among the temporarily banned apps is also Been Choice, an app that was capable of blocking apps within Apple’s own News app.

More about

Don't miss