Not quite sure what were the most interesting and intriguing information security stories of the past week? Not to worry – the security review has you covered.
From Operation Buhtrap malware distribution via ammyy.com to the ways in which a parental control tool can make digital life so much more safer for children, you’ll find it covered in our weekly information security round-up.
Operation Buhtrap malware distribution via ammyy.com analyzed
“Operation Buhtrap is still ongoing and we regularly see new updates coming from the malware’s authors.”
Jean-Ian Boutin, a malware researcher at ESET, discussed the discovery of a type of malware that was first picked up by security experts at the end of October. It was observed that individuals visiting Ammyy’s website to download the free version of its remote administrator tool were getting more than they had bargained for. In addition to the software, he explained, there was an NSIS installer in the bundle, the ultimate intention of which was to install tools used by the gang behind Operation Buhtrap.
The importance of continuous vulnerability assessments discussed
When it comes to the discovery of a new vulnerability, time is of the utmost essence explained Miguel Ángel Mendoza, a security researcher at ESET, in a piece advocating the importance of continuous vulnerability assessments. While this approach is by no means an easy affair, he said that it is nevertheless crucial “given the current trends in security”. Mr Mendoza added: “While continuous vulnerability assessments might be a complex and tedious task, it is one of the main practices recommended by various security control frameworks.”
5 ways in which a parental control tool can keep kids safe highlighted
Camilo Gutiérrez Amaya, a senior security researcher at ESET, listed the five ways in which a parental control tool can help ease the concerns parents might have about the world wide web. This includes controlling and monitoring internet access by setting up a role for each user on a device and setting time limits for apps. However, he was keen to point out that there needs to be balance between online safety and respecting your children’s privacy.
The online factors that make up child safety in the 21st century elaborated
We Live Security delivered an engaging animation that underscored how technology has transformed the nature of child safety. The fundamental message emanating out of the video was that the boundary between the real world and the online world is fading fast – they are one and the same. As such, the risks that can manifest on the web need to be understood, so that parents can implement safety precautions that are suitable for different age groups.
Google reveals that emails are a lot more secure than they used to be
Google revealed the results of a multi-year study it carried out with the University of Michigan and the University of Illinois, which found that email security is more secure today than it was two years ago. There were three key findings: one, inbound encryption is on the rise; two, more receiving domains support encryption; and three, authentication is moving towards ubiquity. The report also acknowledged that new threats are always on the horizon but that it is responding through innovation: “To notify our users of potential dangers, we are developing in-product warnings for Gmail users that will display when they receive a message through a non-encrypted connection. These warnings will begin to rollout in the coming months.”
Expert says that cyber hygiene is something that needs greater investment
“The term ‘cyber hygiene’ … refers to controlling a device’s operation … to prevent cybersecurity breaches in the first place.”
Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the US Food and Drug Administration, told delegates at the mHealth Cybersecurity Summit that “cyber hygiene” is extremely important in keeping hospitals safe from attackers, in what is an increasingly topical issue in cybersecurity. She told Motherboard that this “means safe and proper configuration of available features, the least possible access to functionality and routine cybersecurity servicing”.