Week in review: MySQL databases held for ransom, CloudPets as surveillance devices

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

Google releases details, PoC exploit code for IE, Edge flaw
As we’re impatiently waiting for Microsoft to patch vulnerabilities that were scheduled to be fixed in February, Google has released details about a serious vulnerability in the Internet Explorer and Edge browsers.

The failure of EU’s regulation on cyber-surveillance tech exports
A report by a network of European media outlets showed how the regulation has failed to prevent authoritarian regimes from getting their hands on this type of technology.

Victims of Filecoder ransomware for macOS can now decrypt their files
The process to get the information required for the decryption to work is quite long, and requires a little technical know-how, but can be executed by anyone who knows how to follow instructions and isn’t afraid of making a mistake.

Yahoo cookie-forging incident affected 32 million accounts
We finally know how many user accounts were affected by last year’s Yahoo cookie-forging incident: 32 million.

CloudPets connected toys can be turned into remote surveillance devices
The CloudPets data breach saga continues, as Spiral Toys finally reported the breach to the California Attorney General’s Office.

The agile IT stack grows and becomes more complex
BigPanda’s annual survey evaluated the current IT monitoring landscape, including a review of the most popular tools for monitoring, deployment, and ticketing/collaboration; the biggest challenges facing IT pros in the upcoming year; and insights into monitoring strategy satisfaction and performance.

ESET antivirus opens Macs to remote code execution
Like any other software, security software is sure to have some vulnerabilities that can be exploited by attackers. The latest in a long list of examples that prove this fact is the recently revealed remote code execution flaw affecting all but the latest version of ESET Endpoint Antivirus 6 for macOS.

Addressing pain points in governance, risk and compliance
Between data privacy laws, regulations on the financial industry, calls for a healthcare focused cybersecurity framework, and regular updates to the PCI DSS, the ever-growing need for a well-established information security program is apparent.

Capsule8: Container-aware real-time threat protection
In this podcast recorded at RSA Conference 2017, Dino Dai Zovi, CTO at Capsule8, illustrates how they’re pioneering the industry’s first container-aware real-time threat protection platform designed to proactively protect legacy and next-generation Linux infrastructure from both known and unknown attacks.

Cyber extortionists hold MySQL databases for ransom
Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they’ve set MySQL databases in their sights.

132 compromised apps removed from Google Play
Google has recently removed 132 Android apps from Google Play due to them containing in their local HTML pages hidden iFrames linking to malicious domains.

Multiple security flaws found in mainstream robotic technologies
IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today.

Attackers thrive in a fluid market, while bureaucracy constrains defenders
A new global report from Intel Security and the Center for Strategic and International Studies (CSIS) reveals three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles.

How can we build a secure IoT world?
For one, countries will have to develop national IoT strategies and include in them guiding principles for IoT security and privacy.

With 1.2 million phishing attacks, 2016 was a success for cybercriminals
2016 ended as the worst year for phishing in history.

Businesses still confused about GDPR
Almost 78% of IT decision makers at more than 700 European companies either lacked understanding about the impact of the regulation on their organizations or were completely unaware of it.

Germans, Czechs served with banking malware through SMS
The message claims that the user has missed the delivery of a package by the DHL delivery service (or by the Czech Post, or by Czech-based online shop Alza), and should download a mobile app to arrange a new delivery attempt.

Friction matters: Data security lessons from Snapchat and Google
In this podcast recorded at RSA Conference 2017, Grant Shirk and Veliz Perez, Head of Product Marketing and Product Marketing Manager at Vera respectively, talk about how the need to protect confidential data extends past the borders of your business.

New infosec products of the week​: March 3, 2017
A rundown of infosec products released last week.

Source: Help Net Security – News @ March 5, 2017 at 05:15AM

0
Share