ICYMI: TeamViewer control; Intel defence; Card cloner; Skype a vector; Cloud apps not GDPR ready
The latest In Case You Missed It (ICYMI) looks at TeamViewer hijack; Intel's processor defence; 15 per sec cards cloned; Malware via Skype; Cloud apps not GDPR ready
TalkTalk blames supplier for breach affecting 4M customers
Several TalkTalk customers report having experienced a remote-control ‘PC seizure' attack channelled through the TeamViewer desktop sharing platform.
The current malicious social engineering attack arises when some TalkTalk customers who are also TeamViewer users attempt to use the sharing services provided by the platform while on the TalkTalk Internet Service Provider (ISP) pipes. So-called ‘opportunists' are said to be taking control of users' PCs. More
Intel is looking at introducing security features at the chip level to prevent hackers from using return-oriented programming to take advantage of memory vulnerabilities.
The chip firm has worked with Microsoft on Control-flow Enforcement Technology (CET) which should stymie attempts by criminals to use techniques such as return-oriented programming (ROP) and jump-oriented programming (JOP). ROP attacks can exploit memory flaws to install malware, despite mitigations such as data-execution prevention (DEP), and address-space layout randomisation (ASLR). More
A new device has surfaced online which has the ability to clone 15 contactless bank cards a second reports The Daily Star newspaper
According to the publication, the scanner skims details from contactless cards of people standing nearby and is able to capture encrypted data onto blank cards using specialised software. The device, named the Contactless Infusion X5, can read any bank card from 8 cm away and will read 1024 bytes per second, equivalent to 15 bank cards per second, The Daily Star alleges. More
Researchers at F-Secure found cyber-criminals attempting to steal the personal information of Swiss nationals, among other travellers, who were looking for help on how to file for visas to visit the United States.
To pull off the scam the bad guys are using malware called QRAT, or Qarallax RAT. In an interesting twist, the malware is being distributed through Skype by criminals posing as US officials offering the needed help, wrote F-Secure's Frederic Vila in a blog. Skype has been used as an attack vector in the past, but for adware. More
Three quarters of cloud apps are not GDPR-ready as they lack key capabilities to ensure compliance. 11 percent of enterprises have sanctioned apps laced with malware, indicating that cloud apps are a growing and vulnerable threat vector for businesses.
New research by Netskope analysed more than 22,000 cloud apps during Q1 2016 and discovered that many have a significant amount of catching up to do before the GDPR is fully implemented in less than two years. Failure to comply with the GDPR data privacy mandate will result in severe penalties on enterprises: £15.3 million or up to four percent of annual worldwide revenue, whichever is greater. More