Sunday, November 9, 2014

Top 5 infosec links of the week (LI)

Personalized attacks. Invisible and persistent, targeting very specific people, usually well protected within a company or organization. Delicate operations of industrial espionage and cyber war, asking the attacker to display all the handicraft of hacking. Attacks that arrived with the new millennium and are here to stay, one of the most striking aspects of information (in)security, also to our readers this week.

Overwhelmingly, the most read top news this week has been an excellent chronicle by Roberto Amado, showing that it is possible to make an Advanced Persistent Threat (APT) attack against a person or organization, using robots from sites like Facebook and Google. These sites act as a bridge of communications between the attacker and the attacked, pretending to the eyes of the attacked and who protects him that the attacker inputs and outputs are innocent visits to and from social networks.

It sounds like science fiction but it is not, as top other news of the week corroborate: the Italian company Hacking Team, dedicated to government surveillance, has released several manuals of their products, which explain how you can spy all digital life of a person without noticing it any antivirus. Although not always the victims are governments, another appealing victims are banks: 16 of them have come together to create a communications system that exchanges real-time information on attacks, called Soltra Edge.

Anyway, sometimes ourselves make life easier for attackers: according to a study from Rapid7 Labs, a whopping 1.2 million Internet routers have NAT-PMP protocol incorrectly configured. That protocol is responsible for opening and closing ports and, if it’s not properly configured, it would allow the traffic to be intercepted and even interact with the router.

Scaring! Security holes are where you least expect them. For example, Apple users usually believe they are immune to virus: WireLurker is the new and dangerous malware family discovered by Palo Alto Networks that is taking advantage of this false sense of security and it’s attacking iOS and OS X devices.

Let’s be careful out there! We close the week with these five top interesting topics.


Post a Comment