Tech
Zero Day Weekly: Jeep stunt hack, JPMorgan bust, Ashley Madison and LifeLock 'had one job'
Notable security news items for the week ending July 24, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending July 23, 2015. Covers news and business, is allergic to press releases: Enterprise, controversies, reports, and more.
- Microsoft's Advanced Threat Analytics (ATA) product will be generally available in August. ATA, Microsoft's on-premises cybersecurity software based on technology Microsoft acquired when it bought Aorato last year. ATA is meant to help businesses block targeted attacks by automatically analyzing, learning and identifying all normal and abnormal behavior, using machine learning. Microsoft this week also may have purchased cybersecurity vendor Adallom to bolster its cloud-security play.
- Wired published a blockbuster story Tuesday about security researchers remotely hacking a Jeep Cherokee driven by reporter Andy Greenberg. It seemed tailor-made made for dramatic news stories and inbound links galore -- but was swiftly panned by infosec communities, reporters and alarmed observers alike as "a really, really dumb stunt that potentially threatened the lives of those involved and any unwitting bystanders."
Holy shit, FOX News... pic.twitter.com/C8t1aGu0I3
-- Matthew Keys (@MatthewKeysLive) July 22, 2015
- Customers who hired the infamous ID theft-protection firm Lifelock to monitor their identities after their data was stolen in a breach were in for a surprise. It turns out Lifelock failed to properly secure their data.
- Elements of UK internet surveillance legislation that was rushed through parliament in a matter of days last year is unlawful and will have to rethought, the High Court has ruled. In a response to a challenge brought by MPs David Davis and Tom Watson, the High Court found that sections one and two of the UK's Data Retention and Investigatory Powers Act 2014 (DRIPA) are incompatible with the public's right to private life and communications and the protection of personal data under articles seven and eight of the EU Charter of Fundamental Rights.
2003: British Computer Society warned those who watch the movie The Matrix Reloaded not to emulate its realistic depiction of hacking.
-- Today In Infosec (@todayininfosec) June 17, 2015
- Lockheed said Monday it will review alternatives for its IT services unit amid shifts in the cybersecurity market. Strategic alternatives typically means an acquisition, spin off or initial public offering of a division. Lockheed Martin said its review is likely to result in a spin-off or sale.
- The Australian telecommunications industry has spoken out against a federal government proposal requiring them to increase network protection while providing greater access to government agencies to intervene for the purpose of protecting national security.
- Authorities arrested four people in Israel and Florida and revealed a complex securities fraud scheme tied to the computer hacks of JPMorgan Chase & Co. and other financial institutions. Behind the alleged crimes described Tuesday is a remarkable story of unpredictable alliances in modern computer crime involving, if true, a multi-layered organization with tentacles reaching Moscow, Tel Aviv and West Palm Beach.
#AlligatorCon speakers, don't fear if your live demo fails: we hired Serge from Hacking Team to distract the audience in case it happens.
-- Julio (@juliocesarfort) July 23, 2015
- Ashley Madison's dream of a public listing on a financial market this year is over according to bankers. The hookup platform had hoped to raise $200 million (£128 million) on the London Stock Exchange but its future hangs in the balance this week as hackers threaten to expose its 37 million users.
- A bug in the latest version of Apple's OS X gives attackers the ability to obtain unfettered root user privileges, which makes it possible to surreptitiously infect Macs with rootkits and other types of persistent malware. The beta version of Apple's upcoming OS X "El Capitan" does not have the same bug.