Security

At the Hack in the Box security conference in Amsterdam, ERNW security researchers Enno Rey, Felix Wilhelm, and Matthias Luft presented Compromise-as-a-Service: Our PleAZURE (pdf).

Apple's march toward seamless integration between the Mac, iPhone and iPad worries some security experts who say companies may find it more difficult to prevent data leakage on the devices.

On Monday, Apple introduced Handoff, a feature in upcoming iOS 8 and Mac OS X Yosemite that would let a person start a task on one device and complete it on another. For example, an email started on the Mac could be completed later on the iPad.

The U.S. Army warned Thursday that databases holding information on 16,000 South Korean civilian employees of the U.S. military and applicants for base jobs may have been compromised.

The military became aware on May 28 that the Korean National Recruitment System may have been breached, according to a letter addressed to Korean employees signed by Gen. Curtis M. Scaparrotti, head of U.S. Forces Korea (USFK).

A workplace tip: If you’re planning an office prank war, don’t target someone with the skills to reverse-engineer and control the phone on your desk.

At Hack in the Box (HITB) security conference in Amsterdam, Steffen Wendzel, head of Fraunhofer FKIE, presented "Alice's Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment"(pdf). This wasn't "just" weaponizing your coffee pot. Brace yourself because Wendzel warned that a new class of botnet is coming. In fact, smart building botnets won’t be used for boring things like denial-of-service attacks or even refrigerators sending spam.

The OpenSSL project has reported fixes for several vulnerabilities, at least one of them serious.

The most significant vulnerability is SSL/TLS MITM vulnerability (CVE-2014-0224). Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.

The ransomware model is increasingly being adopted by cybercriminals who target mobile users, one of their latest creations being able to encrypt files stored on the SD memory cards of Android devices.

A new threat dubbed Android/Simplock.A was identified by researchers from antivirus firm ESET over the weekend and while it’s not the first ransomware program for Android, it is the first one seen by the company that holds files hostage by encrypting them.

Microsoft is one of the large US companies who are calling for a reform of the government surveillance laws, asking not only for increased transparency, but also for new laws that would basically block American agencies from accessing information stored on servers across the board.

The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.

The scans were performed over a period of several months by Stephen Kho and Rob Kuiters, a penetration tester and an incident response handler from KPN, the largest telecommunications provider in the Netherlands.

Most organizations are very bad at computer security.