« DNS zone data access in the “new TLD” era, Part II: Managing and Downloading zone data | Main | Is it Spam? This week in Amazon Credit Card Rewards Scams »

Friday, 14 March 2014

Top 5 #InfoSec Reads March 10 - March 14

by Matt Piscitello

An incoming call from Edward Snowden, cyberattacks against Ukraine, iOS 7.1 patches for Webkit and malicious apps, selling student personal data, and a WhatsApp mishap are among this weeks top #infosec reads. 

Edward Snowden calls for encryption, surveillance reforms after NSA leaks

Edward Snowden, exiled former CIA contractor, showed up at the South by South West conference Monday via Google hangouts. In front of a crowd of 3,500, he stressed that he acted in the interest of national security, and advocated the importance of encryption in light of the new evidence of the NSA's cyber-surveillance.

Russia Suspected of Ukraine Cyberattack

As a follow-up to the takeover of Crimea by unidentified troops in unmarked uniforms, Ukraine is now reporting a variety of cyberattacks on their government's computer networks. SC Magazine UK quotes Dr Thomas Rid, Reader in War Studies, Kings College London as saying “Russia is the suspect for both the physical and cyber-attacks, but there is no concrete evidence to support the suspicions.”

Apple's iOS 7.1 fixes 41 bugs, including Webkit flaws

Apple's iOS 7.1 release fixes at least 41 bugs, including 19 in Webkit. Some of the vulnerabilities resolved mitigate attacks from malicious apps, as well as a MITM that tricked users into downloading malicious apps via Enterprise App Download.

UCAS makes £millions from student data

The Guardian alleges that the UK Universities and Colleges Admission Service sold personal data of one million students and parents to mobile phone operators O2 and Vodafone, Microsoft and Red Bull. A “commercial arm” of UCAS earned £millions from sharing emails and addresses. UCAS claims its data collection and “opt out” opportunity comply with the laws. privacy lobby group Big Brother Watch concedes but claims their methods are underhanded.

Major privacy flaw found on WhatsApp

WhatsApp, recently acquired by Facebook, is reported to save on the users' SD card in their phone. Any Android application can read the SD card if the user allows access to it. Because of this, private messages on the SD card can be accessed by developers of any Android app, not just WhatsApp, so long as they have the user's permission to access the SD card. 

Posted at 01:45 PM in Top Infosec Reads |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories