Welcome to this week’s security review, which
includes a detailed report from ESET on the state of information security in
companies in the EMEA region, helpful advice on support scams and the rise of
Android ransomware.
The state of information security in companies in
the EMEA region
For this extensive report, ESET
spoke to 1,700 experts and managers about the state of information security in companies that operate
in the EMEA region. The paper found that malware infection is reported as the
most frequent security incident (59% of respondents), followed by social
engineering, scams fraud and phishing. Interestingly, it was found that most
(98%) have invested in at least one cybersecurity solution.
Support scams: What do I do now?
ESET’s David Harley returned to the question of
what to do once a scammer has gained a foothold in your system. “There is no
single clear-cut answer to that question,” he
remarked. “[This is] because there
is no single ‘support scam’ …” In terms of what you can do, the expert offered
some solutions, highlighting the fact that it’s a “question best answered on a
case-by-case basis”.
The rise of Android ransomware
Ransomware attacks aimed specifically at Android
platforms are on the rise, a collaborative effort by ESET’s Robert Lipovsky,
Lukas Stefanko and Gabriel Branisa revealed in a white
paper. They explained that it is
part of a wider trend, whereby cybercriminals are focusing their efforts on
mobile devices. With more data being stored on these devices, they are a lot
more lucrative, the authors
highlighted.
How is cryptography incorporated into PoS
terminals?
ESET’s Lucas Paus discussed
the different types of cryptographic solutions available to PoS (Point of Sale) terminals.
“In payment terminals, largely speaking, there are three groups of
cryptographic algorithms that are used in a variety of technologies, where they
are combined with each other and with various types of architecture inside PoS
devices,” he said. These are symmetric-key algorithms, asymmetric-key
algorithms and one-way hash algorithms.
VTech warns users that sensitive information ‘may
not be secure’
VTech, which suffered a major data breach towards
the end of 2015, announced that its online service Learning Lodge – which
was specifically attacked – is now back online. However, what most media
outlets picked up on was the interesting
update to its terms and conditions. The company’s Limitation of Liability section now states that
customers agree that “any information [they] send or receive during [their] use
of the site may not be secure and may be intercepted or later acquired by unauthorized
parties”.
How to bypass this LG smartphone’s fingerprint
security in just 30 seconds
The independent security analyst Graham Cluley drew
attention to a “troubling
vulnerability” on LG’s V10, which makes it possible for someone to gain access
the smartphone easily. “Normally, to add a fingerprint to the phone, you would
have to enter a security PIN to prove that you are authorised to do so,” he
explained. “However [through the] Nova Launcher app [you can]gain access to the
fingerprint screen without any need [for authentication]”.
Major vulnerability found in GNU C Library
Researchers at Google announced that they had comes across a major
vulnerability in GNU C Library (glibc), which has been present since 2008. The
bug puts hundreds of thousands of devices and apps at risk, the tech company
stated. The full implications of this flaw are yet to be understood, but the
fact that it was found in the so-called building blocks of the internet is
nevertheless troubling. A patch has since been released.
http://www.welivesecurity.com/2016/02/22/security-review-state-security-companies-emea-region/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29