Issue 16

Building a Digital Security Exchange

An interesting initiative called the 'Digital Security Exchange' has launched. It seeks to bring together civil communities who want to improve security but don't know where to start, and security trainers who don't know how to find communities in need.

medium.com

 

Google releases invisible reCAPTCHA

The new reCAPTCHA doesn't present you with a click-here box anymore, or picture-puzzles to solve. It just sort of works, based on all kinds of identifying information.

sophos.com

 

WhatsApp and Telegram vulnerabilities opened users to account takeover

Interesting read on two similar vulnerabilities that were found in the web versions of WhatsApp and Telegram, which have since been patched.

threatpost.com

 

Sensitive US Air Force data found exposed online

Researchers at MacKeeper found an unsecured online drive that contained very sensitive documents belonging to the US Air Force. From the article: "The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations."

helpnetsecurity.com

 

Malware found preinstalled on 38 Android phones used by 2 companies

CheckPoint is investigating malware that came pre-installed on a wide range of Android devices, recently purchased by two separate companies. They won't say which companies, and they don't know yet where in the supply chain the malware originated.

arstechnica.com

 

U.S. charges Russian FSB officers for hacking Yahoo, millions email accounts

A jury has indicted four defendants, including two officers of the Russian Federal Security Service (FSB). This article gives an interesting view of what they had access to and what they used it for.

helpnetsecurity.com

 

SAP patches critical HANA vulnerability that allowed full access

If your company uses SAP you might want to check into necessary patches. A serious vulnerability was found in the HANA component, and might be present in other components as well, according to the researchers.

threatpost.com

 

Top five most wanted malware families worldwide

A short overview of the top malware kinds, both desktop and mobile.

helpnetsecurity.com

 

Tools for privacy and security

A small list of tools, made by Product Hunt, that might help with online privacy and security. Some obvious ones like Tor and 1Password, but also a few I didn't know about yet.

medium.com