CyberSecurity Pulse 2016-09-29
|“No man is good enough to govern another man without the other’s consent.”|
Brian Krebs, expert in trouble
As a reference to estimate the size of the attacks conducted, the organization of the Rio de Janeiro 2016 Olympic Games would have received systematic attacks in the order of dozens of gigabits per second with some peeks that exceeded the hundreads of gigabits per second. The existence of dedicated platforms focused on offering Distributed Denial of Service attacks which usually are being paid using cryptocurrencies such as Bitcoin or, more recently, Monero, is the materialization of a not neccessarily modern trend towards the concept of Crime as a Service or CaaS. In this case, Brian Krebs, is a new victim of the profesionalization of a phenomenom which, presumably, will increase its presence in the near future.
About 500 Million Yahoo Emails May Have Been Exposed
Yahoo’s Chief Information Security Officer, Bob Lord, announced on Thursday that the information of nearly half a billion registries may have been exposed recently. The alllegedly accessed information would include names, email addresses, telephone numbers, birth dates, hashed passwords and security questions and answers. The security breach, that would have taken place in 2014, would be one of the biggest one registered by a single website, a significantly bigger figure than the 360 million accounts leaked in Myspace incident or the nearly 160 million leaked in both, Linkedin and Adobe breaches.
Facebook Can No Longer Share Data of German Users on WhatsApp
Facebook has been banned from collecting and storing the data of German users on its messaging app, WhatsApp. According to the Hamburg commissioner for data protection and freedom of information, Facebook has not obtained effective approval from WhatsApp’s 35 million German users. Thus, Facebook said in a statement: “We will work with the Hamburg DPA in an effort to address their questions and resolve any concerns”. EU and US regulators say that the update needed to be investigated. The UK’s information commissioner is investigating the changes.
Rest of the Week´s News
Microsoft Launches Fuzzing-as-a-service To Help Developers Find Security Bugs
Microsoft announced the availability of a new cloud-based service for developers that will allow them to test application binaries so as to find security flaws before they are deployed. Called Project Springfield, the service uses “whitebox fuzzing” (also known as “smart fuzzing”) to test for common software bugs used by attackers to exploit systems.
Google Is Looking to Reshape Web Defences with Strict Content Security Policies
Cross-site scripting has been one of the top web security vulnerabilities for over a decade. To help developers craft policies which meaningfully protect their applications, today we’re releasing the CSP Evaluator, a tool to visualize the effect of setting a policy and detect subtle misconfigurations.
Facebook Releases Osquery Security Tool for Windows
OSquery, an open source framework created by Facebook has been released to permit organizations to look for potential malware or malicious activity being spread in their networks. This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014.