CyberSecurity Pulse 2016-11-24
|“When you do what you fear most, then you can do anything.”|
90% of the Most Critical Cyberattacks in Spain Come From Other Governments
Undoubtedly, the increase of the exposure area due to the growth of IoT will cause an increase in attacks and the appearance of new cybercriminal attacks as long as manufacturers do not internalize the concepts of security by design and security by default. However, what it is not so clear, is to what extent we are capable of stablishing a real attribution of certain criminal acts taking into account the amount of techniques that can be carried out on the network to perpetrate false flag attacks and disguise the authorship. Can we really be that sure of who is our enemy?
DOJ Defends New Warrant Rule for Computer Searches
The Department of Justice is defending controversial changes to the rule of evidence that would allow officials to look for computers that are masking their real location. Assistant Attorney General Leslie R. Caldwell argues that updates to Rule 41 of the federal rules of criminal procedure are necessary to keep pace with changing technology. “While most changes were for the better, some technologies enable new forms of crime and victimization that would have been difficult to imagine not that long ago”, she said. Updates to Rule 41 were approved by the Supreme Court and, without congressional action, will take effect in December.
Akamai’s Study Backs IoT/DDoS Concerns
A new report relseased by Akamai supports concerns that the massive distributed denial-of-service attack on internet services provider Dyn and other famous websites held in September and October has defined a significantly dangerous milestone for cybersecurity. “Every couple of years the industry faces what could be considered harbinger attacks, where the size and scope of a security event are radically different than what has come before,” said Martin McKeay, senior security advocate at Akamai and senior editor of the report, in a statement. “I believe the industry faced its latest harbinger with the Mirai botnet”. The vulnerability of internet-of-things devices and the attack on Dyn has forced the National Institute of Standards and Technology to accelerate the release of its updated guidance on how to develop secure systems so as to encourage device and systems makers to incorporate security since the very beginning of the product design phase.
Rest of the Week´s News
WordPress Plugins Could Expose Online Shoppers on Black Friday and Cyber Monday
The Black Friday and the Cyber Monday are upon us and security experts from Checkmarx are questioning the security of some of the top WordPress e‑commerce plugins that are currently used in more than 100,000 commercial websites. Checkmarx analyzed the top 12 WordPress e‑commerce plugins discovering that four of them are affected by severe vulnerabilities, including reflected cross-site scripting, SQL injection, and file manipulation flaws.
Vulnerable ATM Machines Are Spitting Out Cash on Demand
Cybersecurity firm Group IB has released a report on a hacker group named Cobalt are ransacking ATMs throughout Europe. The report details how, using malicious software which is unique to the group and triggered using mobile phones, the group is able to force ATMs to essentially spit out cash. Cobalt has carried out this attack in 14 different countries including Russia, the UK, the Netherlands and Malaysia.
An Android Phone Hardened for Privacy Designed by The Tor Project
The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone. The device is an Android phone designed with privacy and security in mind. To protect the user’s privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. The prototype only works on Google Nexus and Pixel hardware.