CyberSecurity Pulse 2017-02-20
|“If you don’t make mistakes, you aren’t really trying.”|
Automated Car Driving: the Next Challenge
It seems that not many efforts have succeded in a very manufacturer-chained industry, even when there exist some free software projects that will give us the chance of monitoring different metrics of our own vehicles. We have to assume that our lives will be flooded by self-controlled devices acting outside controlled environments which will need lots of lines of software to behave properly and communicate with others in a few years time.
Nevertheless, acting in the real world has some serious implications regarding the legal responsibilities to face if things go wrong for one reason or another. Currently, if some kind of Google's car has the undesired effect of provoking an accident, the company, as the hardware and software maker of the product would have to assume some (if not all) part of the blame. As a starting point, United States is already regulating the level of cybersecurity implemented in these cars, but, are we really ready to be blamed of an accident if a bug in the library we used to control whether the lights should be automatically powered on even if a simple brightness sensor fails and causes an accident?
New Wave of Cyberattacks Against Global Banks Linked to Lazarus Cybercrime Group
» More than a hundred banks and financial institutions across the world have been infected with a dangerous sophisticated, memory-based malware that's almost undetectable. Newly published report by the Russian security firm Kaspersky Lab indicates that cybercriminals are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Last investigations link this aggressive campaign of malware attacks to the notorious cybercriminal group known as Lazarus. Active since 2009, they has been involved in a number of aggressive cyberattacks against financial institutions, including the theft of $81 millions from the Bangladesh Bank.
EPA Officials May Be Using Signal To "Spread Their Goals Covertly"
Two Republican members of Congress sent a formal letter Tuesday to the Environmental Protection Agency’s Office of the Inspector General, expressing concern that "approximately a dozen career EPA officials" are using the encrypted messaging app Signal to covertly plan strategy and may be running afoul of the Freedom of Information Act. The congressmen note that the EPA has previously examined employee use of text messages to conduct government business and found that only a minuscule fraction of those messages was retained under FOIA. "Not only does this demonstrate the vast issues presented with using text messages to conduct official business, but raises additional concerns about using messaging applications to conduct official business, which make it virtually impossible for the EPA to preserve and retain the records created in this manner to abide by federal record-keeping requirements", they concluded.
Rest of the Week´s News
Yahoo Warns Users of Account Breaches Related to Recent Attacks
Yahoo has begun to warn individual users of their services about how their accounts may have been compromised in one of the massive data breaches it reported late last year. The warning, delivered in email messages sent from Yahoo's CISO Bob Lord, tells them how a forged cookie may have been used to access their accounts in previous years.
Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them. The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the Address Space Layout Randomization (ASLR) protection.
Researchers Discover Security Problems Under Car Apps
Researchers from Kaspersky Labs revealed more bad news for the Internet of drivable things-connected cars. This tem af researchers has examined seven Android apps for connected vehicles and have found that they were vulnerable to being maliciously exploited by third parties. In fact, up to six of the applications had unencrypted user credentials and even all of them had developed any way of protection themselves against reverse-engineering or the insertion of malicious code into the apps.