cyber_security_privacy

Get the most from all the cyber-security news of the past week in just 120 secs.

Ready, set, go!

 

 

 

Malwares

WordPress-based sites compromised with ”visitorTraffic_isMob” malicious code leads to Nuclear Exploit landing page. 

 https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html

Why is this signficant?

  1.  This is not an issue of user training or education. Users surfing to known and trusted sites still get hit with crime ware.
  2.  Nuclear Exploit Kit is one of the more common and nefarious exploit kits. Starting out in 2009, it has evolved since then and it doesn’t seem like it will die off soon.

 

Fake Certificates

In a snafu, D-Link published their private signing key. The signing key is used to create the certificate that shows that the software is verified and legitimate, allowing it to run on the Windows OS. Although the key has already expired, it is unknown yet to be revoked meaning that any software signed before the expiration date will continue to appear legitimate.

http://arstechnica.com/security/2015/09/in-blunder-threatening-windows-users-d-link-publishes-code-signing-key/

Why is this signficant?

  1. Certificates/ the underlying private key are in high demand by threat actors. With these keys, they can get the malware to run on the OS as a legitimate program.
  2. Typically, threat actors steal or hack in order to get these certificates. In this case, there was potentially no need for the initial groundwork as the threat actors can simply grab the private key from the D-Link’s source code sharing site.
  3. While users rely on the measures provided by the OS, this shows how threat actors easily bypass these measures.

AVG & Privacy Policy

AVG is a free anti-virus software, boasting to protect more than 200M users worldwide.  Now, AVG has announce that it will be collecting what the company terms as “non-personal data” and potentially selling it to third parties (advertisers).

http://www.engadget.com/2015/09/19/avg-privacy-policy-update/

Why is this signficant?

It’s precisely the clashing of propositions – security and privacy – that has customer bubbling in anger. As part of its protector role, users have enabled AVG access to their most secret and confidential thoughts (in the forms of browsing history, cookies, etc.). And, it’s this protector that is taking all this data it was granted with and selling it onwards to an unknown 3rdparty. Read a more detailed significance on the enSilo blog http://blog.ensilo.com/avg-the-clash-of-security-vs-privacy

  

Accountants & Cyber-Security

ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants, and Pace University surveyed accounting firms and determined that there is a weak communication between high ranking managers about cyber threats and attacks.  This weak communication poses a huge risk with the data safety of confidential financial information and proves that extra precautions should be implemented so personal information and financial data is not exfiltrated.

http://www.accountingtoday.com/news/firm-profession/cybersecurity-poses-challenge-to-accountants-75819-1.html

Why is this signficant?

  1. Corporate financial information is in the hand of accountants. As such accountants must be aware of the cyber threats posed to the organization and in particular, to the data they are handling. Unfortunately, security awareness is lacking. For example, the survey showed that just over half said they were aware that their IT systems were protected against cyber threats.

  2. Addressing cyber threats takes a risk-based approach, where professionals need to ask questions such as: what is the most sensitive info, what is the threat, what systems need to be placed in order to minimize that risk?

  3. A panelist in a forum discussing this survey recommended “ensuring that all computer systems be updated with the latest software patches for known security vulnerabilities since hackers typically exploit those first.” We have to disagree. Being compromised is many times not even a problem of an un-patched system. For example, the security industry has already witnessed incidents where threats appeared “out-of-the-box”, such as those introduced in an early stage at the supply chain. Second, we’ve also seen vulnerabilities that were considered a design feature (Sandworm anybody?), or there are vulnerabilities that simply haven’t been patched yet. Last, even if a patch does exist, updating systems across a large enterprise may take months. As such, we recommend taking a different approach to addressing cyber-threats: recognize that compromise is inevitable. Now work towards preventing the damage caused by the threat.