« DNS zone data access in the “new TLD” era, Part II: Managing and Downloading zone data | Main | Is it Spam? This week in Amazon Credit Card Rewards Scams »

Friday, 14 March 2014

Top 5 #InfoSec Reads March 10 - March 14

by Matt Piscitello

An incoming call from Edward Snowden, cyberattacks against Ukraine, iOS 7.1 patches for Webkit and malicious apps, selling student personal data, and a WhatsApp mishap are among this weeks top #infosec reads. 

Edward Snowden calls for encryption, surveillance reforms after NSA leaks

Edward Snowden, exiled former CIA contractor, showed up at the South by South West conference Monday via Google hangouts. In front of a crowd of 3,500, he stressed that he acted in the interest of national security, and advocated the importance of encryption in light of the new evidence of the NSA's cyber-surveillance.

Russia Suspected of Ukraine Cyberattack

As a follow-up to the takeover of Crimea by unidentified troops in unmarked uniforms, Ukraine is now reporting a variety of cyberattacks on their government's computer networks. SC Magazine UK quotes Dr Thomas Rid, Reader in War Studies, Kings College London as saying “Russia is the suspect for both the physical and cyber-attacks, but there is no concrete evidence to support the suspicions.”

Apple's iOS 7.1 fixes 41 bugs, including Webkit flaws

Apple's iOS 7.1 release fixes at least 41 bugs, including 19 in Webkit. Some of the vulnerabilities resolved mitigate attacks from malicious apps, as well as a MITM that tricked users into downloading malicious apps via Enterprise App Download.

UCAS makes £millions from student data

The Guardian alleges that the UK Universities and Colleges Admission Service sold personal data of one million students and parents to mobile phone operators O2 and Vodafone, Microsoft and Red Bull. A “commercial arm” of UCAS earned £millions from sharing emails and addresses. UCAS claims its data collection and “opt out” opportunity comply with the laws. privacy lobby group Big Brother Watch concedes but claims their methods are underhanded.

Major privacy flaw found on WhatsApp

WhatsApp, recently acquired by Facebook, is reported to save on the users' SD card in their phone. Any Android application can read the SD card if the user allows access to it. Because of this, private messages on the SD card can be accessed by developers of any Android app, not just WhatsApp, so long as they have the user's permission to access the SD card. 

Posted at 01:45 PM in Top Infosec Reads |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook

Spotlight Posts

  • The World's Phishiest Neighborhoods
    In this Interisle Insights article, we take a closer look at our data to better understand what’s hosted at three autonomous systems which have appeared at or near the top in recent quarters. We’ll also review who’s being targeted by these attacks and what corresponding name and address resources are most frequently exploited. Autonomous systems are blocks of Internet addresses, which you can compare to "neighborhoods" in a city. And like any city, some neighborhoods are safe and some are not. The full article, The World's Phishiest Neighborhoods, is hosted here.
  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories