Issue 2

IBM's Watson being used to help in security defence

IBM started a beta program with 40 companies where Watson will be assisting in cyber security. It will match incoming attacks with known current malware campaigns to provide useful background information, and monitor security events like incorrect login attempts.

wired.com

 

‘Avalanche’ Global Fraud Ring Dismantled

After a four-year cooperation between Europol, the FBI and other parties, the Avalanche botnet was taken down. It controlled over 500.000 machines, used over 800.000 unique domains and at its peak hosted and distributed 17 different malware packages.

krebsonsecurity.com

 

Google announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software

Google is announcing OSS-Fuzz, a continuous fuzzing engine which will be used to harden select open source projects against errors like buffer overflows. It currently churns out about 4 trillion test cases per week and has already found 150 bugs in various projects. To be eligible for the beta the open source project needs to have a large user base and/or be critical to the global IT infrastructure.

googleblog.com

 

Fry all the things - USB Killer zaps tons of computing devices

The "USB Killer" is a USB stick with the ability to collect power from USB power lines, and use it to zap the USB port with 220 volts, usually killing the device it's connected to. Here you see it killing a Lenovo laptop, XBox One S, PS4 and the dashboard of a car.

grahamcluley.com

 

Adobe introduces Voco, Photoshop for voices

With 20 minutes of sample data, they can make 'you' say anything in your own voice. I wonder what the impact on court cases will be. Fortunately, they do also say that they are working hard on making the use of it detectable by watermarking.
When combined with facial reenactment technology I imagine the possibilities will be, well, scary.

youtube.com

 

A beginner’s guide to beefing up your privacy and security online

This article is a great resource to send to your coworkers, or at least use it as a checklist on what to harass them with in order to get their security on par. You might want to check if you do all of the mentioned security steps, too.

arstechnica.com

 

Companies struggle to enforce DKIM email authentication

According to research by Valimail, of all the companies trying to implement DKIM only about 25% are successfully enforcing it. Some obvious reasons are the complex nature of DKIM/SPF/DMARC, and the high impact in case you get something wrong.

valimail.com

 

Firefox and Tor users update now: 0-day exploit in the wild

There is an exploit that will trigger your browser to send its IP address to an external server, which isn't great if you're using Tor and want to stay anonymous.

sophos.com

 

AirDroid app opens millions of Android users to device compromise

If you use AirDroid, a remote management tool for Android, you might want to uninstall or disable it for now. Although it does require the attacker to be on the same unsecured network as you are.

helpnetsecurity.com

 

CyberChef, a swiss army knife for cyber operations

This might be worth bookmarking. It's a handy tool to perform all kinds of "cyber" operations, like base64 encoding/decoding, various hashing and encrypting algorithms, and more. Fun to play around with.

github.io