Sunday, January 10, 2016

A year in Security: Top Ten Posts of 2015 - Episode II

We welcome the new year but did not want to leave behind so vibrant twelve months that 2015 has given us. So we have chosen the most excitng 10 posts from CIGTR on the basis of the clicks made on those links. It was an intense year. We will tell you which was the main item and which other matters we draw attention those 10 days. This is our special Information Security Top 10 in 2015.
We saw positions 6 to 10 past Sunday. So let's go now with our Top 5: the 5 most read posts of CIGTR in 2015. This is a Top 5 with continuous attacks on privacy, to everyday apps, to Android OS... with some guys showing off their good life. And attention: FOUR posts from this Top 5 were published in September, three of them in a row. Yep, THREE! Clearly, there are months and months :)

5. Face recognition in the mall http://kcy.me/27dg3 

September 15th
ComputerWeekly exclusively presents a study from CSC, which assures that 30% of stores in the United States use easy recognition technology to monitor its customers. Stores share this information with others relating to behavior, such as how long the person was on the establishment. The owners assure that they do not know yet what to do with the data, but they keep it “hoping that they will find it useful in the future”. Let’s hope that the Big Brother has mercy on us.

Also this day...
Day vulnerability is called SYNful Knock 
Big industry names engaged in Let's Encrypt
Bruce Schneier: did NSA get into Hacking Team much more before?


4. Give me your money if you want to see my 0days http://kcy.me/274dz

September 8th
The 0days hunters name is Kritian Erik Hermansen, who announced last Monday having discover an unknown leak in the security platform of the well-known enterprise, FireEye. He also added, in a tinkling way, that he had 3 0days more, which went out for sale at that moment. FireEye answered thanking him the advice and asking his to cooperate in order to solve the issue, as it is normally done when a hacker advises of a vulnerability, but Hermansen replied that if FireEye needed help they should pay for it. We will see where all of this ends, but, in any case, it is an interesting fight between philosophies, which result might be unforgettable.

Also this day...
Paypal living its own viacrucis
Seagate releases new patched versión of firmware
Blue Coat case study to find the most dangerous domains of the Internet


3. Careful with vCards from Whatsapp http://kcy.me/275p2

September 9th


Kasif Dekel, Check Point investigator, advised Whatsapp of their vulnerability the 21st of August, and the Enterprise has acted in a very assiduous way, offering a solution today for all their web clients. Anyway, this solution depends on an update of our mobile devices and, considering the chaos with the software update of mobile devices issue, we think that it may not arrive. Tens of millions WhatsApp users are in danger of receiving harmful vCards, so be really careful.

Also this day...
2015 will leave 2M new virus for Android
US Secret Service warns on crime activity on NFC payments


2. Android user? Be careful, wolves have been set free http://kcy.me/276xy

September 10th
Joshua Drake, from Zimperium Security, discovered one of the most dangerous holes in Android, baptized StageFright, to which Google reacted with an unusual unskillfulness: they took long in launching a patch, and that patch was wrong and later it was discovered that the patch didn’t cover some ways of attack. The last straw, are that updates for Android mobile phones are a chaos that do not confirm to all users that they have received the patch. Drake has revealed the exploit, possibly so that enterprises catch up on terms of protecting themselves, but leaving a door open to criminals addapting it to their needs. Android means today every man for himself.

Also this day...
Hackers from outer space signed by Kaspersky
Attacks of DDoS for Bitcoin growing up
Iowa Police searching for WiFi and MAC address


1. The good life of cybercriminals http://kcy.me/28zbe

November 30th
The report “Beaches, carnival and cybercrime: a look to the Brazilian underground” by Kaspersky Lab makes a conscientious analysis about one of the older, more creative and more colorful cybercriminal communities of the world, specialized in bank Trojans and phishing campaigns. During many years, Brazilian laws didn’t contemplate the cybercrime, which has made grown up this community with a high sentiment of impunity. So, they boast about the money stolen, their luxury life and the prostitutes who hire in the pics the show on social networks.

0 comments:

Post a Comment