CyberSecurity Pulse 2016-07-14
|“Never be afraid to put extreme effort in. If you don’t do your absolute best, then you can’t expect to achieve anything different from what anybody else has done.”|
The Pokémon Go Fever Is Also a Nice Bait
In 20 years, technology has changed a lot and Nintendo has also adapted its philosophy to the modern times. While the Japanese corporation used to design some of their games and characters for titles that only appeared on their consoles (Ash, Link, Mario, Kirby and Metroid are good examples), the democratization of the smartphone as a daily usage tool has forced the franchise to a radical change that has moved its products to iOS and Android devices. Pokémon Go is just the latest example.
However, its arrival has not been immediate as it has not been official yet in some countries like Spain. The fever caused in other countries has lead to detail the process of installing the application using .apk files downloaded from non-official markets without warning of the possible consequences this practice for end users. In fact, many of these markets have already been used in the past to distribute malware and other illegitimate applications using as bait the image and brands of banks, fashion companies and media. Yes, we also want to try it, but we prefer to wait for the official app to be officially available in Google Play and Apple Store to capture our first Pikachu. Gotta catch'em all… But safely, please.
UN Extends Human Rights to Online World
The United Nations (UN) has expanded the domain of human rights to cyberspace. This is considered as a reference point in the organization's effort for the “promotion, protection and enjoyment of human rights on the Internet” and, thus, the UN has endorsed a resolution to use the internet without fear of surveillance. In this sense, the resolution also points out that "privacy online is important for the realisation of the right to freedom of expression and to hold opinions without interference and the right to freedom of peaceful assembly and association". This builds on a 2012 resolution which stated that "the same rights that people have offline must also be protected online".
The European Union Opts for Cybersecurity Standards
The European Union is evolving in favour of improving the cybersecurity standards to be required to firms supplying essential services such as energy, transport, banking and health amongs others. Andreas Schwab, Parliament's rapporteur, said that dhe Network and Information Security (NIS) directive "it establishes harmonised requirements for platforms and ensures that they can expect similar rules wherever they operate in the EU". The standards to be met will help firms to protect themselves and prevent attacks on European infraestructures taking into account the transnational element that many cyberincidents share and that can contribute to the viralization of a threat.
Rest of the Week´s News
European Energy Companies, the Target of a Potential State-Sponsored Scada Malware
Researchers have identified a new campaign that targets energy companies in Western Europe with a sophisticated malware. The campaign has been labelled as a state-sponsored attack according to the complexity of the malware files analysed. They include a bunch of tools rarely seen in common malware samples to avoid detection while it is focused on esploiting some features linked to biometric control systems.
Google Tests New Crypto in Chrome to Fend Off Quantum Attacks
In the upcoming months, Google servers will add a new experimental cryptographic algorithm to help encrypt HTTPS communications. The algorithm, which goes by the name Ring Learning With Errors, is a method of exchanging cryptographic keys that is currently considered one of the great new hopes in the age of quantum computing.
Several Critical Remotely Exploitable Flaws Found in Drupal Modules
The Drupal Security Team has announced critical patches to address several security issues in Drupal contributed modules, including several highly critical Remote Code Execution (RCE) vulnerabilities. According to an advisor, the critical arbitrary remote PHP code execution vulnerability affects up to 10,000 Drupal websites. However, it seems that the Drupal core has not been affected by these vulnerabilities.