ICYMI: UK regs; AI weaponised?; Malwaretech; Mandiant; WiFi weak

News by SC Staff

In Case You Missed It: UK data protection; Is AI weaponised; Is Malwaretech; innocent?; Mandiant leak; WiFi vulnerabilities

UK also wants to be forgotten: new data protection regulation proposed

Separate from any European legislation, the UK government is introducing its own ‘Right to be forgotten'  to increase people's control over their digital data under a new Data Protection Bill announced today by digital minister Matt Hancock, expected to be introduced in September in preparation for Brexit.

Social media platforms will be required to delete information on children and adults when asked – in a bid to correct a situation where the government's research shows 80 percent of people feel that they do not have complete control over their data online. More...

Weaponised AI. Davey Winder asks the industry - is that a thing yet?

According to research announced during the recent Black Hat conference in Vegas, some 62 per cent of infosec pros reckon weaponised AI will be in use by threat actors within 12 months. 

That artificial intelligence was on the agenda at Black Hat should come as no surprise. The promise of AI, from machine learning through to automation, in cyber security has become a major marketing tool amongst vendors.

The good guys are clearly investing heavily in AI-defence research, but what about the bad guys?  More....

Blog: Malwaretech, a black and white case or somewhere in between?

Is Malwaretech, aka Marcus Hutchins, innocent?  The FBI says Hutchins wrote the code for the Kronos banking Trojan, which harvests banking credentials by intercepting passwords in transit, and that's why they arrested him last week at Las Vegas airport.  Without seeing all the evidence from both sides, it's impossible to know.

According to prosecutor Dan Cowhig. Hutchins admitted to creating the software in a police interview.  As you would expect, Hutchins' lawyer Adrian Lobo said his client was innocent – and so does his mum, his friends and many in the industry who've set up a crowdfunding site for his defence. He is expected to deny all six charges against him. If convicted, he could face up to 40 years in a US jail. More...

Hackers leak info stolen from Mandiant analyst, threaten similar attacks

After leaking data stolen from an analyst working for Mandiant, a hacking group or individual going by the name "31337" is threatening to victimise other cyber-security experts in similar fashion.  "This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future," 31337's Pastebin message reportedly warned.

According to multiple accounts, shortly after midnight on Monday, an adversary set up a Pastebin page and doxxed information obtained by reportedly breaching the personal laptop of a senior threat intelligence analyst at Mandiant. The attacker also compromised several of the researcher's online accounts, including Hotmail, OneDrive, Outlook and LinkedIn, the latter of which resulted in webpage defacement. More...

Most corporate information systems are just two steps away from failure

The level of security of Wi-Fi networks and user awareness regarding information security has fallen significantly in 2016 compared to the previous year according to the findings of a Positive Technologies security audit which highlighted the main culprit as common vulnerabilities not needing much skill to implement.

During audits, Positive Technologies reports critical vulnerabilities detected in 47 percent of investigated corporate systems, frequently related to configuration errors (40 percent of systems), errors in web application code (27 percent of systems), and failure to install security updates (20 percent of systems). Among out-of-date systems, the average age of the oldest uninstalled updates is a surprising (to this writer) nine years. More ...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews