CyberSecurity Pulse 2016-07-14

CyberSecurity Pulse 2016-07-14

“Never be afraid to put extreme effort in. If you don’t do your absolute best, then you can’t expect to achieve anything different from what anybody else has done.”
Sarina Bratton

Analyst Insight

The Pokémon Go Fever Is Also a Nice Bait

The origins of the Pokémon franchise strike back to 1996 when the versions Red and Green started to populate the Japanese Stores for the first time. The rise of the phenomenon in our handheld came with a cooperative component that was one of the greatest accelerators success of the franchise: the need to exchange the Pokémon captured with other players using the Game Boy Link Adapter to collect them all.

CyberSecurity Pulse 2016-07-14 Pokemos GoIn 20 years, technology has changed a lot and Nintendo has also adapted its philosophy to the modern times. While the Japanese corporation used to design some of their games and characters for titles that only appeared on their consoles (Ash, Link, Mario, Kirby and Metroid are good examples), the democratization of the smartphone as a daily usage tool has forced the franchise to a radical change that has moved its products to iOS and Android devices. Pokémon Go is just the latest example.

However, its arrival has not been immediate as it has not been official yet in some countries like Spain. The fever caused in other countries has lead to detail the process of installing the application using .apk files downloaded from non-official markets without warning of the possible consequences this practice for end users. In fact, many of these markets have already been used in the past to distribute malware and other illegitimate applications using as bait the image and brands of banks, fashion companies and media. Yes, we also want to try it, but we prefer to wait for the official app to be officially available in Google Play and Apple Store to capture our first Pikachu. Gotta catch'em all… But safely, please.

Top Stories

UN Extends Human Rights to Online World

CyberSecurity Pulse 2016-07-14The United Nations (UN) has expanded the domain of human rights to cyberspace. This is considered as a reference point in the organization's effort for the “promotion, protection and enjoyment of human rights on the Internet” and, thus, the UN has endorsed a resolution to use the internet without fear of surveillance. In this sense, the resolution also points out that "privacy online is important for the realisation of the right to freedom of expression and to hold opinions without interference and the right to freedom of peaceful assembly and association". This builds on a 2012 resolution which stated that "the same rights that people have offline must also be protected online".

» More information at United Nations

The European Union Opts for Cybersecurity Standards

CyberSecurity Pulse 2016-07-14The European Union is evolving in favour of improving the cybersecurity standards to be required to firms supplying essential services such as energy, transport, banking and health amongs others. Andreas Schwab, Parliament's rapporteur,  said that dhe Network and Information Security (NIS) directive "it establishes harmonised requirements for platforms and ensures that they can expect similar rules wherever they operate in the EU". The standards to be met will help firms to protect themselves and prevent attacks on European infraestructures taking into account the transnational element that many cyberincidents share and that can contribute to the viralization of a threat.

» More information at the European Parliament Pressroom

Rest of the Week´s News

European Energy Companies, the Target of a Potential State-Sponsored Scada Malware

Researchers have identified a new campaign that targets energy companies in Western Europe with a sophisticated malware. The campaign has been labelled as a state-sponsored attack according to the complexity of the malware files analysed. They include a bunch of tools rarely seen in common malware samples to avoid detection while it is focused on esploiting some features linked to biometric control systems.

» More information at Malwarebytes

Google Tests New Crypto in Chrome to Fend Off Quantum Attacks

In the upcoming months, Google servers will add a new experimental cryptographic algorithm to help encrypt HTTPS communications. The algorithm, which goes by the name Ring Learning With Errors, is a method of exchanging cryptographic keys that is currently considered one of the great new hopes in the age of quantum computing.

» More information at Ars Technica UK

Several Critical Remotely Exploitable Flaws Found in Drupal Modules

The Drupal Security Team has announced critical patches to address several security issues in Drupal contributed modules, including several highly critical Remote Code Execution (RCE) vulnerabilities. According to an advisor, the critical arbitrary remote PHP code execution vulnerability affects up to 10,000 Drupal websites. However, it seems that the Drupal core has not been affected by these vulnerabilities.

» More information at The Hacker News

Further Reading

Food Chain Wendy's Hit By Massive Hack

» More information at BBC News

Bots Account for 49% of All Internet Traffic

» More information at SC Magazine UK

Meet Riffle, the Next Generation of Anonymity Network

» More information at The Register