Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Anything under the umbrella of IT Security, Computer Security, IT Controls
It’s no secret, or at least not anymore: people generally do not use any sort of anti-virus or malware protection on their mobile device. Recent IDC research has indicated that only 5 percent of all smartphones and tablets have some sort of security tools installed on them, raising the question of whether or not that kind of software is even necessary.
Read this interesting article at Network World
The Metropolitan Police Central e-Crime Unit (PCeU) arrested eight men, aged between 24 and 27, on Thursday, in connection to a robbery from the Swiss Cottage branch of Barclays Bank in April. According to police statements, the theft resulted in the loss of 1.3 million pounds ($2 million), but the bank managed to recover most of the stolen funds.
In an unusual twist, one rarely mentioned or seen when it comes to financially motivated cybercrime, the men allegedly mixed physical penetration and social engineering with system compromise in order to carry out their crimes.
Read the full article at Network World
ENISA presented its list of top cyber threats, as a first taste of its interim Threat Landscape 2013 report.
The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over cloud services.
Read the full article at Help Net Security
Apple’s new smart phone release is the iPhone 5s set to debut in the US on 20th September. According to Apple, the ‘s’ stands for security.
Continue reading “Touch ID – Fingerprint scanner in new iPhone 5s”
WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.
AVG Security expert reported a critical vulnerability in Android’s WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
Read the full article at The Hacker News
Mobile Work Exchange, a public-private partnership focused on demonstrating the value of mobility and telework, launched the Secure Mobility Hot Zone, which includes a self-assessment tool and mobile security resource center, in coordination with Cisco.
Read more at Mobile Work Exchange
Nerval’s Lobster writes “Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular ‘chntwp’ password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. ‘The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,’ he writes. ‘Now let’s be clear: I’m not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.’ It’s a security concern, and one that’s particularly insidious to patch.”
Original article at Slashdot
An analysis of data collected during the Internet Census 2012, or Carna botnet, reveals that millions of embedded devices are vulnerable by default from the manufacturer.
Read more at Threat Post
Cisco said it would add a security arm to its existing services division with an eye toward pushing its support of its security products as well as offering a range of managed security services.
Read full article at Information Week
Promisec announced a free, downloadable and automated security inspection for up to 100 endpoints. The free inspection process produces results in about five minutes, with all data stored locally on the administrator’s machine to assure privacy and confidentiality.
Try it out at Promisec