Cyber SecurityInternet

Week in review: How GDPR affects WHOIS, and what CISOs can learn from Tyrion

Here’s an overview of some of last week’s most interesting news and articles:

CIOs are forced to compromise between faster innovation and perfectly working software
An independent global survey of 800 CIOs revealed that 73% of organizations say the need for speed in digital innovation is putting customer experience at risk.

BackSwap Trojan exploits standard browser features to empty bank accounts
Creating effective and stealthy banking malware is becoming increasingly difficult, forcing malware authors to come up with innovative methods. The latest creative burst in this malware segment comes from a group that initially came up with malware stealing cryptocurrency by replacing wallet addresses in the clipboard.

The emergence and impact of the Data Protection Officer
This new role is responsible for many critical areas relating to the anonymization and the preservation of personal information collected by a company.

What CISOs can learn from Tyrion on Game of Thrones
What can CISOs learn from Tyrion to fight off white walkers – er, hackers — and how can they turn colleagues into allies in the fight, as Tyrion did with Daenerys and Jon Snow? Here are some hard-won lessons CISOs can learn from “the little lion.”

Attacking hard disk drives using ultrasonic sounds
Another group of researchers has demonstrated that hard disk drives (HDDs) can be interfered with through sound waves, but they’ve also shown that ultrasonic signals (i.e., sounds inaudible to the human ear) can be used to damage their integrity and availability.

Will GDPR be the death of WHOIS?
Until May 25, 2018, anyone could submit a query to the WHOIS service and security researchers and law enforcement agencies did so in bulk when investigating possible crimes or mitigating malware attacks. But since the advent of GDPR, it is against the law for registrars to provide registrants’ information without their explicit consent and that makes the WHOIS service ineffective.

DHS, FBI warn about malware tied to North Korean threat actor
US-CERT has released a new technical alert on malware used by Hidden Cobra, a threat actor whose activities they believe to be directed by the North Korean government.

Make certificate visibility and security a part of your overall security program
In this podcast recorded at RSA Conference 2018, Asif Karel, Director of Product Management at Qualys, illustrates why certificate visibility and security should not just be bolted on but part of the solution, and he showcases how Qualys CertView can help with that.

Facebook now supports 2FA via authenticator apps
Facebook has good news for users who wish to secure their accounts with two-factor authentication but aren’t comfortable sharing their phone number with the social network: there’s now an option to use authenticator apps to receive the second authentication factor.

Quantifying cyber exposure: Attackers are racing ahead
According to a new Tenable report, it takes a median six days for a cybercriminal to weaponize vulnerabilities once a new public exploit first becomes available. However, security teams can take a median 13 days before launching their initial assessment for a new vulnerability.

Cryptomining apps are on the rise, malicious apps in app stores decline
RiskIQ analyzed 120 mobile app stores and more than two billion daily scanned resources.

Smart cities: New threats and opportunities
As smart cities integrate connected technologies to operate more efficiently and improve the quality of city services, new vulnerabilities arise that require diligent governance of municipal technology.

Samsung doesn’t have to offer updates for phones older than two years
Dutch consumer protection organization Consumentenbond took Samsung Netherlands to court, arguing that the company should provide updates and upgrades for their telephones “within one month after these become available, for a period of four years after the introduction to the market and/or two years after the time of the sale.”

New infosec products of the week​: June 1, 2018
A rundown of infosec products released last week.

Leave a Reply

Your email address will not be published. Required fields are marked *