Another all-time huge cyber security update this week, there’s just too much going on in the cyber world to ignore! Now that Politics is involved, we discover that Hillary and The Don have both finally recognized there’s a cyber threat! Whew! But we got malware updates, dangerous ads, and a lot more to be concerned with. Stay vigilant!
- Hillary Clinton and Donald Trump’s Cybersecurity Platforms, Compared
- Prominent Cybersecurity Leader Favors Clinton, Despite Email Debacle
- New York Times, BBC and others inadvertently serve up dangerous ads
- The four cybersecurity terms everyone is talking about at Black Hat
- Commentary: The world’s best cyber army doesn’t belong to Russia
- 4 ways to reduce your chances of getting caught by malvertising
- What exactly is Malvertising? Why do we want to avoid it?
- South China Sea dispute escalates into all-out cyber war
- Truth in malvertising: How to beat bad ads
- There Is No Finish Line for Cybersecurity
- “Zero Days” and the Need for Cyber Policy
- Towards a Cyber-Security Treaty
ALERT Be very careful what you click! Many of the sites listed below employ stalker links! LOOK FOR the Firefox ‘READER’ icon in the address window to read the articles without the risks! (More here)
4 ways to reduce your chances of getting caught by malvertising
Lately, when digital bad guys reach into their bag of tricks, more often than not they’re looking for tools related to something called malvertising—a portmanteau of malicious advertising.
Install an ad blocker: Ad blockers are a point of contention, as sites like NYTimes.com rely on advertising for revenue. However, ad blockers will prevent dynamic scripts from installing malicious content.
Michael Kassner – TechRepublic
New York Times, BBC and others inadvertently serve up dangerous ads
The New York Times regularly reports on how dangerous the world is. Over the weekend, the Gray Lady became a dangerous place.
The cyberattackers inserted ads that contained malicious software into legitimate online ad networks, the researchers said. The ad networks then distributed the compromised advertising, known as malvertising, to websites, which served them to visitors.The software then locked visitors out of computer files and demanded a ransom for access.
Carrie Mihalcik — www.cnet.com
Truth in malvertising: How to beat bad ads
Here’s a scary number: 1.3 billion. That’s the monthly traffic of msn.com, which was hit by a malvertising campaign earlier this year.
Here’s an even scarier number: 70 percent. That’s the estimated amount of malvertising campaigns that deliver ransomware as a payload. What’s 70 percent of millions and millions of pageviews that cycle through the most popular websites each day? Far too much.
Wendy Zamora – blog.malwarebytes.com
What exactly is Malvertising? Why do we want to avoid it?
Malvertising (a portmanteau of “malicious advertising”) is the use of online advertising to spread malware. Wikipedia notes :
Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Online advertisements provide a solid platform for spreading malware because significant effort is put into them in order to attract users and sell or advertise the product. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like
“Zero Days” and the Need for Cyber Policy
Imagine a world where the U.S. government, in partnership with the Israeli government, could develop a computer code to control and explode centrifuges at an Iranian nuclear facility, and could do so without anyone being able to detect how it happened, or who did it. This is the world we live in and it’s one where nation-states are surveilling and attacking each other in times of peace without the public’s knowledge.
Welcome to the world of cyberwarfare
Lisa Thomson – worldpolicy.org
Commentary: The world’s best cyber army doesn’t belong to Russia
National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns — and the presidents — of even its closest allies.
The United States is, by far, the world’s most aggressive nation when it comes to cyberspying and cyberwarfare.
James Bamford – reuters.com
South China Sea dispute escalates into all-out cyber war
Malware that appears to be controlled from China targeting countries involved in the dispute over South China Sea national boundaries has been uncovered by security software vendor F-Secure.
The discovery of the malware follows a ruling by the Permanent Court of Arbitration in The Hague over China’s territorial claims to most of the South China Sea in a case brought by the government of the Philippines.
The four cybersecurity terms everyone is talking about at Black Hat
As the saying goes, knowledge is power. And when it comes to cybersecurity knowledge, every year thousands descend on Las Vegas for the Black Hat conference to acquire as much of it as they can. For some, it’s an opportunity to share research and to demonstrate the fragility of computing systems.
For others, it’s a chance to show off new tools and technologies to defend against threats.
Monzy Merza – techcrunch.com
Hillary Clinton and Donald Trump’s Cybersecurity Platforms, Compared
Isn’t it funny how the liberal media covers things up, or makes huge issues out of them. I watched all of the debates from the very beginning, and both Hillary and Trump never once mentioned cyber security. Nobody except Carly Fiorina even uttered a word about cyber security — which was and continues to be the US most dangerous threat. But then the alleged Russian hack, and suddenly everyone’s talking cyber war. Do you feel lucky?
Every day it seems like there’s another hack, password theft, or leak. Both government agencies and private companies are regularly attacked, by intruders just looking for sensitive data to sell, or foreign actors looking for valuable information. That alone is reason enough for a Presidential candidate to at least have an educated, informed cybersecurity policy. Let’s take a look at their platforms to see if they do.
Thorin Klosowski – lifehacker.com
Towards a Cyber-Security Treaty
The Democratic National Convention (DNC) leaks revealed last week have presumably reminded many Americans to the severe cyber-threats this country is facing. Particularly alarming were the allegations that Vladimir Putin is behind the hack.
Homeland Security Secretary Jeh Johnson raised his concern that Russian hackers might be able to target voting machines on Election Day. WikiLeaks founder, Julian Assange, announced that the leaks were merely the first episode of an election-season series — largely still behind the curtain.
Ido Kilovaty and Itamar Mann justsecurity.org
Prominent Cybersecurity Leader Favors Clinton, Despite Email Debacle
Hillary Clinton is the candidate who set up a private email server and was — in the words of the director of the FBI — “extremely careless” in how she handled classified information. And her campaign and the Democratic Party just got hacked. Yet, prominent leaders in the cybersecurity industry are coming out in favor of Clinton for president.
“If Hillary is sort of almost status quo and the devil we know versus complete crazy unknown, I’m not willing to risk the country on the complete crazy unknown,” says Jeff Moss.
Aarti Shahani Twitter Facebook
There Is No Finish Line for Cybersecurity
Increased connectivity means increased vulnerability. People can easily be tracked from their mobile phone or Fitbit and have not only that device but also their car, watch and TV infected.
Digital communication will add functionality and control but also create new vulnerabilities. Just think of your E-ZPass being used by law enforcement to give you speeding tickets.