Highlights from the past seven days in information security include the state of security in companies in the EMEA region and advice on support scams.
Welcome to this week’s security review, which includes a detailed report from ESET on the state of information security in companies in the EMEA region, helpful advice on support scams and the rise of Android ransomware.
The state of information security in companies in the EMEA region
For this extensive report, ESET spoke to 1,700 experts and managers about the state of information security in companies that operate in the EMEA region. The paper found that malware infection is reported as the most frequent security incident (59% of respondents), followed by social engineering, scams fraud and phishing. Interestingly, it was found that most (98%) have invested in at least one cybersecurity solution.
Support scams: What do I do now?
ESET’s David Harley returned to the question of what to do once a scammer has gained a foothold in your system. “There is no single clear-cut answer to that question,” he remarked. “[This is] because there is no single ‘support scam’ …” In terms of what you can do, the expert offered some solutions, highlighting the fact that it’s a “question best answered on a case-by-case basis”.
The rise of Android ransomware
Ransomware attacks aimed specifically at Android platforms are on the rise, a collaborative effort by ESET’s Robert Lipovsky, Lukas Stefanko and Gabriel Branisa revealed in a white paper. They explained that it is part of a wider trend, whereby cybercriminals are focusing their efforts on mobile devices. With more data being stored on these devices, they are a lot more lucrative, the authors highlighted.
How is cryptography incorporated into PoS terminals?
ESET’s Lucas Paus discussed the different types of cryptographic solutions available to PoS (Point of Sale) terminals. “In payment terminals, largely speaking, there are three groups of cryptographic algorithms that are used in a variety of technologies, where they are combined with each other and with various types of architecture inside PoS devices,” he said. These are symmetric-key algorithms, asymmetric-key algorithms and one-way hash algorithms.
VTech warns users that sensitive information ‘may not be secure’
VTech, which suffered a major data breach towards the end of 2015, announced that its online service Learning Lodge – which was specifically attacked – is now back online. However, what most media outlets picked up on was the interesting update to its terms and conditions. The company’s Limitation of Liability section now states that customers agree that “any information [they] send or receive during [their] use of the site may not be secure and may be intercepted or later acquired by unauthorized parties”.
How to bypass this LG smartphone’s fingerprint security in just 30 seconds
The independent security analyst Graham Cluley drew attention to a “troubling vulnerability” on LG’s V10, which makes it possible for someone to gain access the smartphone easily. “Normally, to add a fingerprint to the phone, you would have to enter a security PIN to prove that you are authorised to do so,” he explained. “However [through the] Nova Launcher app [you can]gain access to the fingerprint screen without any need [for authentication]”.
Major vulnerability found in GNU C Library
Researchers at Google announced that they had comes across a major vulnerability in GNU C Library (glibc), which has been present since 2008. The bug puts hundreds of thousands of devices and apps at risk, the tech company stated. The full implications of this flaw are yet to be understood, but the fact that it was found in the so-called building blocks of the internet is nevertheless troubling. A patch has since been released.