John Leyden reports: A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as “diplomacy.pl”. Read more on The Register.
Category: Commentaries and Analyses
The Bad News For Infosec In The Target Settlement: OpEd
Giora Engel of LightCyber writes: The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate. Central to the recent Target data breach lawsuit settlement was the idea that cyber attacks are mechanistic and follow a prescribed course or chain of events. The judge hearing the case…
HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users
Lucian Constantin reports: Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections. The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web…
Uber’s PR woes just continue
Uber’s problems just keep multiplying, it seems. Not only did they have a “God View” privacy PR disaster that had a member of Congress inquiring, but then they had a data breach exposing customers’ lost-and-found items. Since then, they have had problems with Canada, France, Germany, and the Netherlands, their drivers’ information was hacked (for which…
White House seeks Silicon Valley help on strong yet breakable encryption
Joseph Menn reports: The Obama administration hopes Silicon Valley technologists can think of a system with strong encryption that could be pierced legally by one party without opening the door to others, a White House official said on Tuesday. White House cybersecurity policy coordinator Michael Daniel said at the annual RSA Conference on security that…
OS X Yosemite still open to Rootpipe backdoor, warns ex-NSA bod
Shaun Nichols reports: Apple’s attempt to fix a serious security weakness in OS X has fallen short, leaving users still vulnerable to malware hijacking their Macs, it is claimed. Patrick Wardle, director of research at Synack, reckons Cupertino has not been able to kill off the so-called “Rootpipe” backdoor that was supposed to be eradicated…