MENTIS

Week of November 4, 2016

MENTIS
news

Week of November 4, 2016

Your Favorite Messaging Apps, Ranked by Privacy - Best to Worst*:

  • If you’re using Blackberry Messenger to relay private messages, you might want to switch apps.
  • Amnesty International assessed 11 companies behind some of the most popular messaging apps in the world on how well they use encryption to guard your privacy.
  • Facebook is the clear winner with 73 out of a possible 100 points.
  • Apple’s FaceTime and iMessage apps, with end-to-end encryption enabled by default, put the company in second place.
  • One of the reasons Apple fell short is because in instances where the information isn’t fully encrypted like when you text a non-iPhone number the company does not do a good job of telling that to you.
  • BlackBerry Messenger offers end-to-end encryption, but only as a paid subscription service, and it came in next to last.
  • Shenzhen-based Tencent has surpassed Alibaba as China’s most valuable tech company, but came in dead last in the list.
  • The former, which originally mimicked WhatsApp’s messaging functionality, now incorporates Facebook-esque pages and a newsfeed, and works as a mobile payment app.
  • For the full list with scores, reference the link below.

*Source: Quartz, October 25, 2016

 


Will a Major Cyber-Attack Strike the Internet on US Election Day?*:

  • As the US presidential election approaches, and in the wake of numerous leaks and hacks this year, many people are openly talking about the likelihood of the process being disrupted by a major cyber-attack that could influence the results.
  • Adam D’Angelo, former chief technology officer at Facebook, voiced concerns about a major internet attach on November 8th on Twitter.
  • Referencing the massive US internet outages caused by the internet of things (IoT) enhanced Mirai botnet that recently took down a slew of websites via a DNS cyber-attack, D’Angelo added “Last Friday’s attack should be enough evidence.”
  • The Department of Homeland Security and the Office of the Director of National Intelligence said in a recent joint statement that it would be extremely difficult for any hacker to alter ballot counts or the actual results.
  • Nevertheless, it was recently revealed that hackers had been targeting voter registration systems in at least 20 states across America to test for security vulnerabilities.
  • “In recent months, malicious cyber actors have been scanning a large number of state systems, which could be a preamble to attempted intrusions,” according to the Homeland Security Secretary, adding there was no evidence of “manipulation” taking place.

*IB Times, November 1, 2016

 


Chinese Webcam Maker Recalls Devices after Cyber-Attack Link*:

  • Chinese electronics firm Xiongmai is initiating a product recall after the enormous hacking attack that took down much of the internet on the east coast of the US and also affected Europe.
  • The root of the attack, which took the form of a distributed denial of service attack (DDoS), was a network of hacked “Internet of Things” devices, such as webcams and digital recorders, many of which were made by Xiongmai.
  • Researchers have accused the firm of shipping its products with basic security errors, such as the inability to set a password on some forms of connection.
  • The electronics components firm, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products.

*Source: The Guardian, October 24, 2016

 


100,000 Credit Cards Hacked*:

  • Danish payment Processor Company Nets has advised local banks to block up to 100,000 credit cards on suspicion their security might have been compromised by hackers.
  • Nets said the breach was probably linked to transactions with a single internet retailer based abroad.
  • None of the cards had been tampered with yet but might be in the near future, adding that credit card companies including Visa and MasterCard had opened an investigation.
  • By replacing possibly compromised cards pre-emptively, banks and shops can save an amount in the triple digit million (Danish crowns) range, which they could suffer in losses from trades made with stolen credit card information.
  • Danish lender Jyske Bank said it was blocking and replacing 7,000 cards.

*Source: Reuters, October 26, 2016

 


Linux Exploit Gives Any User Full Access in Five Seconds*:

  • A serious exploit that attacks a nine-year-old Linux kernel flaw is now in the wild.
  • The researcher who found it, Phil Oester, told V3 that the attack is "trivial to execute, never fails and has probably been around for years."
  • The problem is that the Linux kernel's memory system can break during certain memory operations, and an unprivileged local user could use the flaw to gain write access and increase their privileges on the system.
  • In other words, it can be used to get root server access, which is a terrible thing for the internet.
  • Keepers of the Linux kernel have patched the bug and distributors like Red Hat are working on updates.
  • All Linux users need to take this bug very seriously, and patch their systems ASAP, says Oester.

*Source: Engadget, October 24, 2016

 


US Bank Authority Warns of Data Breach that Took 10,000 Records*:

  • Government data breaches aren't always the work of foreign intruders or even disgruntled employees; sometimes it’s a staffer who isn’t security-conscious.
  • The US' Office of the Comptroller of the Currency has revealed that a worker took over 10,000 activity and staff records with him sometime, shortly before he retired.
  • The unnamed worker copied a "large number" of files to two thumb drives and, when asked about the data, couldn't find the drives to give them back.
  • The data was encrypted precisely to prevent damage from a loss like this, and there's no indication that any controlled or private info has fallen into the wrong hands.
  • More than anything, the issue is that the OCC let this data leave in the first place.
  • The agency implemented a policy in August 2016 that bars employees from transferring data to removable storage without a supervisor's approval, but it came too late to catch the thumb drive episode.
  • It's too soon to know if this was a one-off event or a sign of additional problems.

*Source: The Guardian, October 31, 2016

 


Why Light Bulbs May be the Next Hacker Target*:

  • Proponents of the Internet of Things (IoT) argue it offers many benefits: energy efficiency, convenient technology, even reduced congestion on the roads.
  • The bad news about the IoT: putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers.
  • Researchers report they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats and many of the components of the much-ballyhooed “smart home” of the future.
  • The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs.
  • That may not sound like a big deal, but imagine thousands or even hundreds of thousands of internet-connected devices in close proximity.
  • Malware created by hackers could be spread like a pathogen among the devices by compromising just one of them, and they wouldn’t have to have direct access to the devices to infect them.
  • In a denial of service attack two weeks ago, experts believe hackers found the horsepower necessary for their attack by taking control of a range of internet-connected devices.
  • Though it was not the first time hackers used the Internet of Things to power an attack, the scale of the effort against Dyn was a revelation to people who didn’t realize that having internet-connected things knitted into daily life would come with new risks.
  • So what could hackers do with compromised devices? They could create programs that help in attacks like the one that hit Dyn two weeks ago or they could set an LED light into a strobe pattern that could trigger seizures.
  • It may sound far-fetched, but the possibility has already been proved by researchers.

*Source: NewYork Times, November 03, 2016

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top