Sunday, January 3, 2016

A year in Security: Top Ten Posts of 2015 - Episode I

We welcome the new year but did not want to leave behind so vibrant twelve months that 2015 has given us. So we have chosen the most excitng 10 posts from CIGTR on the basis of the clicks made on those links. It was an intense year. We will tell you which was the main item and which other matters we draw attention those 10 days. This is our special Information Security Top 10 in 2015.

In this first part we will see positions 6-10, and within seven days you may read our true top 5: the 5 most read posts in 2015. In this chapter we combine the most "FREAKs" with "little things" that know what you can not imagine, so hackable phones that maybe you should need to change them completely, and there are even big fails, that kind of fails to celebrate: the mistakes that would blush the most conceited cybercriminal. Fasten your seat belts.

10. Computer security freaks 

March 04th
The word "Freak" has a new meaning, it is how a new vulnerability in the encryption protocol used in secure communications by Safari and Android's default browser has been named. FREAK (Factoring attack on RSA-EXPORT Keys) allows a cybercriminal to force the use of 512-bits encryption keys instead of the 2048-bits ones established by the rules. It is a way to simplify the access to the encrypted content.

Also this day...
The Colombian gym leads to a fake PayPal
System of air traffic control is vulnerable to attacks
Freak... as a prelude of APTs

9. This little thing knows your credit card number

November 25th
Samy Kamkar warned to American Express about his amazing discovering but the entity didn’t pay attention because, although the device predict the number of our future credit card, it can’t do the same with the 4 control digits, removing the possibility of shopping in stores where this is asked as a security measure. Not idle, Kamkar decided to show them the danger is real, building a device to emulate credit cards allowing to shop in stores or restaurants, without entering the PIN. Now American Express pays attention and they assures they will solve the issue soon.

Also this day...

8. You'll have to change your smartphone if you get this virus

November 5th 
Researchers from the company Lookout have discovered this adware in more than 20.000 fake apps which simulate to be popular apps like Twitter, Facebook or even the double factor authentication service, Okta. The trojan is installed like a system application, acquiring this way administrator privileges to install whatever it wants. According to the researchers, it’s impossible to erase a system application, so the only solution for anyone infected is changing the phone.

Also this day...

7. They can hack your phone if you have Siri or Google Now

October 15th
The ANSSI researchers have discovered how to use radio waves to hack Siri in iPhone and Google Now in Android, provided that there are earphones connected to the smartphone. It’s a good moment to remind that Siri is activated by default in the iPhone. From here on, the attackers can do whatever they want with the smartphone: calls, send messages, browse, write on Twitter… The researchers have filmed a really creepy demonstration video.

Also this day...

6. Critical failure allows to decrypt Linux ransomware 

November 10th
Desde ayer se han descubierto ya bastantes sitios infectados por el ransomware Linux.Encoder1, que aprovecha un agujero en la plataforma de comercio electrónico Magento para entrar en servidores Linux, cifrar su contenido, backups incluídos, y pedir un rescate de 1 Bitcoin. Por suerte, la firma Bitdefender ha descubierto un grave error en el cifrado que permite inferir la clave de descifrado. Han creado una herramienta que lo hace de forma automática y que ofrecen gratuitamente.

Also this day...

Don't miss Episode II of this compilation, with the 5 most read posts of CIGTR in 2015, next Sunday, January 10th.


Post a Comment