ITsecurity
twitter facebook rss

ITsecurity Daily News: 08/28/2014

Posted by on August 28, 2014.

The ITsecurity daily security briefing: Thursday, August 28, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.

(News only today)

News Papers/Reports WebThings Events M&A Alerts

line

News

Facebook class action
fb actionMax Schrems (Europe-V-Facebook) has commenced a class action against Facebook in Austria. “So far more than 25.000 Facebook users from outside of the US and Canada have assigned their claims to join the class action, in what has become the largest privacy class action in Europe overnight. An additional 35.000 users have registered on www.fbclaim.com to assign their claims.” The FBclaim site explains: “For this lawsuit we have chosen basic or obvious violations of the law: The privacy policy, participation in the PRISM program, Facebook’s graph search, apps on Facebook, tracking on other web pages (e.g. via the “like buttons”), “big data” systems that spy on users or the non-compliance with access requests.” If Facebook does not respond within four weeks (eight if it gets an extension) the court will pass judgment in absence.
Facebook Class Action:
https://www.fbclaim.com/ui/page/faqs#klage

Cybercriminals using Windows 9 as social engineering bait
Trend Micro has discovered several schemes using the promise of a beta version of Windows 9 as the lure into the covert installation of various adware malwares. “This influx of threats taking advantage of Windows 9′s rumored developer preview release date further proves what we’ve been saying all along: that cybercriminals will always use what is currently popular to bait their potential victims.”
Trend Micro:
http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-leverage-rumored-windows-9-developer-preview-release-with-social-engineering/

Let’s not forget facilities: 3D printing ‘bump’ keys
“Weyers and Holler’s trick is to 3-D print a “bump” key, which resembles a normal key but can open millions of locks with a carefully practiced rap on its head with a hammer. Using software they created called Photobump, the two engineers say it’s now possible to easily bump open a wide range of locks using keys based on photographs of the locks’ keyholes. And even without a high-quality 3-D printer, those specialized bump keys can be mail-ordered from 3-D printing services like Shapeways or i.Materialise that have no restrictions on printing keys.”
Wired:
http://www.wired.com/2014/08/3d-printed-bump-keys/

Germany Issues Revised Draft Cybersecurity Law
“The revised Draft Law will amend a number of laws and provisions relating to IT security. All companies subject to the Draft Law will be responsible for specifically protecting their IT systems against cyber attacks and cyber crime. According to the Draft Law, the German Federal Office for Information Security’s (“BSI’s”) Federal Act will be amended to extend its scope to include so-called ‘critical infrastructures’.” (information technology and telecommunication, transportation and traffic, health, water, food, and finance and insurance)
Privacy and Information Security Law Blog
https://www.huntonprivacyblog.com/2014/08/articles/germany-issues-revised-draft-cybersecurity-law/

JPMorgan and Other Banks Struck by Cyberattack
“A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people familiar with a continuing investigation into the crimes.”
NYT: http://www.nytimes.com/2014/08/28/technology/hackers-target-banks-including-jpmorgan.html
“Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.”
Bloomberg: http://www.bloomberg.com/news/2014-08-27/fbi-said-to-be-probing-whether-russia-tied-to-jpmorgan-hacking.html

Insightful survey from TippingPoint
“Firms that spend $500K or more annually on network security are also significantly more likely to have breach detection and compliance as a corporate initiative.” Really? There’s nothing else to increase your understanding of the security landscape either.
via SC Magazine:
http://media.scmagazine.com/documents/90/hp_state_of_network_security_22434.pdf

Microsoft responds to complaints about its app store
“Every app store finds its own balance between app quality and choice, which in turn opens the door to people trying to game the system with misleading titles or descriptions. Our approach has long been to create and enforce strong but transparent policies to govern our certification and store experience. Earlier this year we heard loud and clear that people were finding it more difficult to find the apps they were searching for; often having to sort through lists of apps with confusing or misleading titles. We took the feedback seriously and modified the Windows Store app certification requirements as a first step toward better ensuring that apps are named and described in a way that doesn’t misrepresent their purpose.”
Microsoft:
http://blogs.windows.com/buildingapps/2014/08/27/how-were-addressing-misleading-apps-in-windows-store/

Microsoft CEO Nadella to visit China amid antitrust probe
“Microsoft Corp Chief Executive Officer Satya Nadella is set to visit China in late September, a source familiar with the matter said on Thursday, as the Chinese government conducts an antitrust investigation into the world’s largest software company.”
Reuters:
http://www.reuters.com/article/2014/08/28/us-china-antitrust-microsoft-exclusive-idUSKBN0GS01020140828

Patent reveals how Twitter could protect users from malware on the mobile Web
Twitter is (possibly) working on a system to allow it to warn users of potentially dangerous links, similar to the process used by Google/Chrome. A patent has been issued, but the system is not yet in place.
VentureBeat:
http://venturebeat.com/2014/08/25/patent-reveals-how-twitter-could-protect-users-from-malware-on-the-mobile-web/

300 oil companies hacked in Norway
Around 300 oil and energy in Norway companies has been affected by one of the biggest computer hacking attacks ever to happen in the country, a government source said on Wednesday. National Security Authority Norway (Nasjonal Sikkerhetsmyndighet – NSM) revealed 50 companies in the oil sector were hacked and 250 more are now being warned by the government agency. NSM is Norway’s prevention unit for serious hack attacks.
The Local (Norway)
http://www.thelocal.no/20140827/norwegian-oil-companies-hacked

Microsoft fixes broken security patch
“Microsoft today re-released security bulletin MS14-045, which was pulled shortly after the August Patch Tuesday updates because a number of users reported crashes and blue screens. The patch was removed from Windows Update on Aug. 15, three days after it was released as part of Microsoft’s monthly patch cycle.”
ThreatPost:
http://threatpost.com/microsoft-fixes-broken-security-patch-ms14-045/107953

line

Whitepapers and Reports

line

Webcasts and Webinars

line

Events

line

Mergers and Acquisitions

line

Alerts


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News | Tags: , , , , , , , , , , , ,