It’s been a busy week with ups and downs in the world of security. But even when things get shaken up like a Michael Bay movie, we keep our eye on what matters the most.
That Google Phish
There was a lot of buzz as many people received phishing emails disguised as invitations to open a Google Doc. By authorising it, users unwittingly gave access to their emails to attackers.
The size and scale of the attack was reminiscent of the viruses of days gone by, such as Melissa.
While Google has worked to close the flaw, it doesn't help those users that have clicked on the link.
If you have clicked on the link, then you need to follow these steps:
- Go to google account permissions page and remove access for the fake app
- Change passwords on Google and any other sites that may have been using the same password.
- Enable two factor / two step verification (like needing an SMS code in order to log on).
Some are suggesting that given the similarities between this fresh phishing scam and the past activity of the DNC hackers, known as APT28, the Google phishers could be the allegedly Kremlin-backed crew. But to Jaime Blasco, chief scientist at security company AlienVault, that's unlikely: "I don't believe they are behind this though because this is way too widespread. Many people/organizations have received similar attempts so this is probably something massive and less targeted." - Full article
Smaller nations hacking skills
As the joke goes, on the internet, nobody knows that you’re a dog. Technology has done a great job in balancing the shift of power into the hands of the many. Now, with modest budgets and technology, startups can challenge well-established brands.
But that also means small nations can build cyber capabilities that match those of much larger nations.
While a lot of European companies are looking to the future wondering what GDPR will bring, the Register looked back and retrospectively estimated what regulator fines on data loss would have been last year had GDPR been implemented.
Where last year British companies were fined £880,500; under GDPR regulation that sum could have been £69 million.
- Register Story
- Gartner predicts GDPR flouters will be in the majority
- Google cloud will be ready for GDPR in May 2018
It’s just Metadata
It's why many governments have pushed for mandatory metadata retention laws, and have been successful. Because in the minds of many, it's only metadata.
- Troy Hunt wrote a good article on why Australia just showed the world the problem with mandatory data retention
- AFP officer accessed journalist's call records in metadata breach
- We kill people based on metadata
- What is metadata and why is it as important as the data itself?
Cloud Security TweetChat
We hosted a TweetChat on Cloud Security and had special guests Dave Shackleford, Senior SANS instructor, Lead Facilty IANS, and Founder of Voodoo Security, and Jaime Blasco, Vice President and Chief Scientist, AlienVault on hand to share their pearls of wisdom.
From hacker to cybercrime consultant
In a case of hacker turned good, a teenage Irish hacker who redirected The Sun newspaper’s users to a fake story claiming Rupert Murdoch was dead is now a security researcher for a UK consultancy firm.