Security

The gears of the TrueCrypt audit have whirred into life overnight with boffins poised to again probe the open source crypto tool after nearly a year of waiting.

A tiny team will fondle the tool's random number generators, cipher suites and key algorithms in a bid to pull the internet's favourite crypto suite out of the pariah status it attained when its developers claimed it contained unspecified vulnerabilities and recommened users adopt alternatives like Microsoft's BitLocker.

Move over BlackBerry and say hello Taiga Systems and their TaigaPhone, the latest in cutting-edge cyber-security for the corporate smartphone users. To tackle the increasing global cyber-threat, Russia has been working on their very own super-secure smartphone to ensure that corporate information is always safe and sound.

If you have a Lenovo system that includes the Superfish malware, you'll want to remove it. Blowing away your system and reinstalling Windows is one way to do this, but while it's a relatively straightforward process, it's a time-consuming one. Using Lenovo's own restore image won't work, because that will probably reinstate Superfish anyway. Performing a clean install from Windows media will work, but you'll have to reinstall all your software and restore all your data from backup to do the job fully.

L33tdawg: On a somewhat related note, Markus Vervier will be talking about an attack that enables active cloning of mobile identities at #HITB2015AMS at the end of May...

Lenovo has admitted it "messed up badly" by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it.

"I have a bunch of very embarrassed engineers on my staff right now," Lenovo CTO Peter Hortensius said in an interview Thursday. "They missed this."

A security company in the U.S. has provided further evidence that last year’s devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.

The FBI has already named North Korea as the source of the attack, but some security experts have been skeptical, in part because the FBI didn’t disclose all the details of its investigation.

Israeli institutions have been targeted by an Arab-speaking hacker group that sought to extract sensitive documents, according to Trend Micro.

The campaign, which Trend called Operation Arid Viper, focused on sending phishing emails to targets. Those emails came with malware packaged with a short pornographic video, according to the company’s report.

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

Researchers from Trend Micro and Kaspersky Lab this week pulled the covers off research on a new Arabic-speaking cyber attack gang that has so far stolen more than 1 million files and is running ongoing malware campaigns on targets in more than 50 countries. Dubbed Operation Arid Viper, the campaign specifically detailed by Trend researchers in a report yesterday focuses on high-value Israeli targets, but this Desert Falcon group, as Kaspersky calls it, has gone after more than 3,000 victims in over 50 countries.

With the use of passwords coming under increased scrutiny, Microsoft is taking steps to move beyond them in Windows 10. Its biggest move: Joining the FIDO (Fast Identity Online) Alliance and adding support for the biometrics technology in the upcoming upgrade of the OS, which has been slated to ship this year.