Week in Review, 21st July 2017

July 21, 2017  |  Javvad Malik

The purpose of ransomware

Although monetary gain is the ultimate goal for most cyber criminals, there are multiple scenarios that are possible.

In this post, Bart goes over such tactics as:

  • Deployed as ransomware, extortion;
  • Deployed as smokescreen;
  • Deployed to cause frustration;
  • Deployed out of frustration;
  • Deployed as a cover-up;
  • Deployed as a penetration test or user awareness training;
  • Deployed as a means of disruption and/or destruction.

https://bartblaze.blogspot.co.uk/2017/07/the-purpose-of-ransomware.html

On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let's Encrypt

When Troy Hunt tackles an issue, you’re pretty much guaranteed an in-depth view, and he doesn’t disappoint with his post on Extended Validation (EV) certs, commercial certificate authorities, and let’s encrypt.

https://www.troyhunt.com/on-the-perceived-value-ev-certs-cas-phishing-lets-encrypt/

Securing an Amazon S3 Bucket

There have been several so-called breaches involving AWS S3 servers. However, the common element in all of these stories has been user error. It’s been the users that have been making the data public, then scratching their heads wondering what went wrong when millions of records were viewable by anyone with an internet connection.

Mark Nunnikhoven has written a great easy guide on how to secure an Amazon S3 bucket.

11 simple, yet important steps to secure AWS

Steal millions in ether with one simple trick

Someone tricked would be investors during an ethereum ICO into sending their cryptocurrency to the wrong address. Ether is a popular cryptocurrency alternative to Bitcoin.

It’s not entirely surprising though, given the rapid rise in popularity of cryptocurrency, companies are jumping on the bandwagon – prioritising speed over security. With an estimated market value of $100bn in a completely unregulated environment – we’ll likely see more of these occurences.

Hacker allegedly steals Ethereum with incredibly simple trick

These hackers stole $85, in Ether to save it from the real crooks (or so they say)

Parity Wallet Hacker Cashes out $90,000 in Stolen Ether

Burglary in mind? Easy, just pwn the home alarm

IoT and smart devices are the slow-heating pan, and consumers are the frogs, oblivious to the change in temperature.

Despite many high profile breaches involving so-called smart devices, it doesn’t appear as if manufacturers are improving the security of the devices.

Archimedes once said, “give me a lever long enough and a fulcrum on which to place it, and I will move the world”.

If he was alive today, he’d probably say, “give me enough smart devices and a reliable internet connection, and I will hack the world.”

Pwn the home alarm

Data protection down under

The Australian government is going through the same debates many other countries are having as to how to obtain access to user data from technology companies. Earlier this year Australia passed a metadata retention law that requires ISPs to keep records of IPs, phone, SMS, and email use.

There are a lot of details around it, so fortunately Patrick Gray has done us all a favour and summed up many of the key points on both sides, No encryption was harmed in the making of this intercept.

The GDPR tweetchat

Still confused about GDPR? We hosted a tweetchat on the topic and had some wonderful discussions that clarified many aspects.

Check out the blog post summing up the main points.

Share this with others

Get price Free trial