Posted by Kevin on August 28, 2014.
The ITsecurity daily security briefing: Thursday, August 28, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
(News only today)
Facebook class action
Facebook Class Action:
Cybercriminals using Windows 9 as social engineering bait
Trend Micro has discovered several schemes using the promise of a beta version of Windows 9 as the lure into the covert installation of various adware malwares. “This influx of threats taking advantage of Windows 9′s rumored developer preview release date further proves what we’ve been saying all along: that cybercriminals will always use what is currently popular to bait their potential victims.”
Let’s not forget facilities: 3D printing ‘bump’ keys
“Weyers and Holler’s trick is to 3-D print a “bump” key, which resembles a normal key but can open millions of locks with a carefully practiced rap on its head with a hammer. Using software they created called Photobump, the two engineers say it’s now possible to easily bump open a wide range of locks using keys based on photographs of the locks’ keyholes. And even without a high-quality 3-D printer, those specialized bump keys can be mail-ordered from 3-D printing services like Shapeways or i.Materialise that have no restrictions on printing keys.”
Germany Issues Revised Draft Cybersecurity Law
“The revised Draft Law will amend a number of laws and provisions relating to IT security. All companies subject to the Draft Law will be responsible for specifically protecting their IT systems against cyber attacks and cyber crime. According to the Draft Law, the German Federal Office for Information Security’s (“BSI’s”) Federal Act will be amended to extend its scope to include so-called ‘critical infrastructures’.” (information technology and telecommunication, transportation and traffic, health, water, food, and finance and insurance)
Privacy and Information Security Law Blog
JPMorgan and Other Banks Struck by Cyberattack
“A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people familiar with a continuing investigation into the crimes.”
“Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.”
Insightful survey from TippingPoint
“Firms that spend $500K or more annually on network security are also significantly more likely to have breach detection and compliance as a corporate initiative.” Really? There’s nothing else to increase your understanding of the security landscape either.
via SC Magazine:
Microsoft responds to complaints about its app store
“Every app store finds its own balance between app quality and choice, which in turn opens the door to people trying to game the system with misleading titles or descriptions. Our approach has long been to create and enforce strong but transparent policies to govern our certification and store experience. Earlier this year we heard loud and clear that people were finding it more difficult to find the apps they were searching for; often having to sort through lists of apps with confusing or misleading titles. We took the feedback seriously and modified the Windows Store app certification requirements as a first step toward better ensuring that apps are named and described in a way that doesn’t misrepresent their purpose.”
Microsoft CEO Nadella to visit China amid antitrust probe
“Microsoft Corp Chief Executive Officer Satya Nadella is set to visit China in late September, a source familiar with the matter said on Thursday, as the Chinese government conducts an antitrust investigation into the world’s largest software company.”
Patent reveals how Twitter could protect users from malware on the mobile Web
Twitter is (possibly) working on a system to allow it to warn users of potentially dangerous links, similar to the process used by Google/Chrome. A patent has been issued, but the system is not yet in place.
300 oil companies hacked in Norway
Around 300 oil and energy in Norway companies has been affected by one of the biggest computer hacking attacks ever to happen in the country, a government source said on Wednesday. National Security Authority Norway (Nasjonal Sikkerhetsmyndighet – NSM) revealed 50 companies in the oil sector were hacked and 250 more are now being warned by the government agency. NSM is Norway’s prevention unit for serious hack attacks.
The Local (Norway)
Microsoft fixes broken security patch
“Microsoft today re-released security bulletin MS14-045, which was pulled shortly after the August Patch Tuesday updates because a number of users reported crashes and blue screens. The patch was removed from Windows Update on Aug. 15, three days after it was released as part of Microsoft’s monthly patch cycle.”
Submitted in: News |