Friday, 31. July 2015

This Week in Security News

7.30.15Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!


The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

Our researchers have now disclosed additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users. The “Stagefright” vulnerability is actually a marketing label for a cluster seven individual vulnerabilities.

Today’s Russian Underground has Automized Infrastructure and Sophisticated Tools

Our research paper offers a look into a mature ecosystem with an increasingly professional underground infrastructure for the sale and trade of malicious goods and services. It also discusses the growing competition, process automation, the introduction of new attack avenues, and its community’s underground activities.

Compromised TV and Government-Related Sites Lead to PoisonIvy

A recent campaign compromised Taiwan and Hong Kong sites to deliver Flash exploits related to Hacking Team and eventually download PoisonIvy and other payloads in user systems. This campaign started on July 9, a few days after the Hacking Team announced it was hacked.

We Discovered a Vulnerability That Renders Android Devices Silent

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop).

Windows 10’s New Browser Microsoft Edge is Improved, but also Brings New Risks

Last week we discussed how Microsoft Edge, the new browser in Windows 10, represented a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

The Government is Headed Back to the Drawing Board over Controversial Cybersecurity Export Rules

The cybersecurity industry and the government have been struggling over proposed export rules that researchers say could end up making the Internet less safe. And now the government says it will try again and give the public another chance to weigh in.

Know the 4 Takeaways from Ponemon’s 2015 Healthcare Security Report

A shockingly high 91% of respondents reported falling victim to at least one data breach in the last 2 years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.

The FBI is Facing Challenges with its Cybersecurity Program

A government watchdog has discovered several roadblocks preventing the FBI from fully implementing a cybersecurity initiative aimed at thwarting threats to the United States. 

Cybersecurity Worries Among Executives Have Risen Sharply, According to New Survey

Of the executives surveyed from U.S. companies, law enforcement, government agencies, other organizations and other security experts, 75% said they were more concerned about cybersecurity threats this year than in the past 12 months.

Cybersecurity Research Institute Receives $1.73B in DOD Funding

The Defense Department announced Monday that it has renewed its contract with the Software Engineering Institute at Carnegie Mellon University, a federally funded research and development center chartered to study cybersecurity and software engineering.

Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.