CyberSecurity Pulse 2016-08-11
|“Your time is limited, so don’t waste it living someone else’s life.”|
China Is Not Always Responsible for Our Bad Security Policies
Yes, it is true that state-sponsored backdoors pose a serious threat to be considered. However, considering that we are safer by only considering the software production or the hardware is not enough to guarantee one’s security. Both, insiders and outsiders can evolve into serious threats that can harm an organization making the implementation of strict and concrete security policies the issue to discuss in-depth rather than taking measures more focused on starring the news without addressing the real risk factor.
Insurance Firm Is Offering Discounts on Use of IoT Alarms
Insurance firm Zurich is offering a discount on IoT alarms, further pushing the idea of a smart home, but security experts have concerns over the security implemented in these devices. A Symantec whitepaper analyses 50 different types of smart home devices and the company identified that there are still many of them which do not use encrypted communications or a proper authentication system. It is crucial that smart home devices and any other connected system of this type use authentication and encryption using up-to-date standards.
DHS Considers Adding Election System as Critical Infrastructure
The Homeland Security Department of the United States is actively considering whether it should add the nation’s election system as an entity that needs DHS protection from cybersecurity attacks. “We should carefully consider whether our election system is critical infrastructure, like the financial sector, like the power grid”, DHS Secretary Jeh Johnson said. Johnson added that the department is “actively thinking” about the cybersecurity of the elections now, as the cyberthreat landscape has evolved since Congress last passed major changes to the nation’s voting process in 2002.
Rest of the Week´s News
Major Qualcomm Chip Security Flaws Expose 900M Android Users
Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks. According to Checkpoint, the flaws found in the firmware which governs the chips could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device”.
Researchers Detect Unusually Advanced Malware that Hid For 5 Years
Security experts have discovered a malware platform that’s so advanced in its design and execution that it could probably have been developed only with the active support of a nation-state. The malware has been active since at least 2011 and has been discovered on 30 or so targets, mainly located in Russia, Iran and Rwanda according Kaspersky Lab.
Automated Systems Crawl the DarkWeb to Find 0-Days
Security researchers at Arizona State University (ASU) can finding 0-day vulnerabilities crawling the Darkweb. According to the research, various data mining and machine learning techniques can be used to analyze discussions in forums where malicious code is being sold for bitcoins.