CyberSecurity Pulse 2016-08-11

CyberSecurity Pulse 2016-08-11

“Your time is limited, so don’t waste it living someone else’s life.”
Steve Jobs

Analyst Insight

China Is Not Always Responsible for Our Bad Security Policies

At the end of last year, Cameron signed an agreement of billions of pounds between the UK and Chinese government where China Company General Nuclear Power Corporation (CGN) would have a fundamental role in the construction and operation of a nuclear plant at Hinkley Point in Somerset (England). At that time contrary voices to the agreement appeared, such as Steve Hilton, a former policy adviser to David Cameron, who warned that China will become within 10 years Britain’s second biggest trading partner.CyberSecurity Pulse 2016-08-11Currently, there are grave concerns within the intelligence agencies and the prime minister’s own staff about the wisdom of allowing the Chinese to supply IT hardware and software for a key piece of the UK’s critical national infrastructure (CNI). These concerns were picked up by Nick Timothy who is now joint chief of staff to prime minister Theresa May. Timothy said state-owned companies involved at Hinkley and other planned nuclear plants could “build weaknesses into computer systems which will allow them to shut down Britain’s energy production at will”.

Yes, it is true that state-sponsored backdoors pose a serious threat to be considered. However, considering that we are safer by only considering the software production or the hardware is not enough to guarantee one’s security. Both, insiders and outsiders can evolve into serious threats that can harm an organization making the implementation of strict and concrete security policies the issue to discuss in-depth rather than taking measures more focused on starring the news without addressing the real risk factor.

» More information at SC Magazine UK

Top Stories

Insurance Firm Is Offering Discounts on Use of IoT Alarms

CyberSecurity Pulse 2016-08-11Insurance firm Zurich is offering a discount on IoT alarms, further pushing the idea of a smart home, but security experts have concerns over the security implemented in these devices. A Symantec whitepaper analyses 50 different types of smart home devices and the company identified that there are still many of them which do not use encrypted communications or a proper authentication system. It is crucial that smart home devices and any other connected system of this type use authentication and encryption using up-to-date standards.

» More information at SC Magazine UK

DHS Considers Adding Election System as Critical Infrastructure

CyberSecurity Pulse 2016-08-11The Homeland Security Department of the United States is actively considering whether it should add the nation’s election system as an entity that needs DHS protection from cybersecurity attacks. “We should carefully consider whether our election system is critical infrastructure, like the financial sector, like the power grid”, DHS Secretary Jeh Johnson said. Johnson added that the department is “actively thinking” about the cybersecurity of the elections now, as the cyberthreat landscape has evolved since Congress last passed major changes to the nation’s voting process in 2002.

» More information at

Rest of the Week´s News

Major Qualcomm Chip Security Flaws Expose 900M Android Users

Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks. According to Checkpoint, the flaws found in the firmware which governs the chips could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device”.

» More information at Ars Technica

Researchers Detect Unusually Advanced Malware that Hid For 5 Years

Security experts have discovered a malware platform that’s so advanced in its design and execution that it could probably have been developed only with the active support of a nation-state. The malware has been active since at least 2011 and has been discovered on 30 or so targets, mainly located in Russia, Iran and Rwanda according Kaspersky Lab.

» More information at Securelist

Automated Systems Crawl the DarkWeb to Find 0-Days

Security researchers at Arizona State University (ASU) can finding 0-day vulnerabilities crawling the Darkweb. According to the research, various data mining and machine learning techniques can be used to analyze discussions in forums where malicious code is being sold for bitcoins.

» More information at Security Affairs

Further Reading

Data Breach Using Oracle’s MICROS Point-of-Sale

» More information at Krebs on Security

Apple Will Pay Up to £150,000 for iOS and iCloud Bugs

» More information at Ars Technica UK

Ransomware for Smart Thermostat

» More information at The Hacker News