Zero Day Weekly: China leads global cyberattacks, Dell malware risk, air gap hacking

A collection of notable security news items for the week ending March 26, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
Written by Violet Blue, Contributor
China cyberattack

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending March 26, 2015. Covers enterprise, controversies, reports and more.

  • Akamai: A majority of the Internet attack traffic in 2014's fourth quarter originated in China, followed by the U.S., according to cloud service provider Akamai. China and the U.S. were the only countries where more than 10 percent of attack traffic originated. Still, the attack traffic coming from China was down compared to the third quarter, falling to 41 percent from 49 percent. Attack traffic coming from the U.S. also fell, decreasing to 13 percent from 17 percent.
  • A Dell support tool put PCs at risk of malware infection. A security researcher discovered the flaw in November and reported it to Dell, which patched it in January. However, it's not clear if the fix closed all avenues for abuse. The application, called Dell System Detect, is offered for download when users click the "Detect Product" button on Dell's support site for the first time.
  • IBM Security and the Ponemon Institute announced a study showing an alarming rate of mobile app developers are not investing in security. The study's findings show that nearly 40 percent of large companies, including many in the Fortune 500, aren't taking precautions to secure mobile apps they build for customers. They also found that organizations are poorly protecting their corporate and BYOD mobile devices against cyberattacks.
  • Israeli security researchers claim to have discovered a new way to jump supposedly secure air-gapped systems via heat emissions. The BitWhisper project claims that if two air-gapped computers are placed no more than 40cms apart and malware is downloaded onto each, the researchers can enable the systems to communicate with each other via heat emissions. By regulating heat patterns, they turned binary data into thermal signals which the machine next door measures using built-in thermal sensors and converts back into data.
  • Yahoo this week updated its transparency report; promises to scale new email encryption by end of year. On the financial side of the spectrum, Yahoo's board also approved a new multi-billion stock buyback program. Yahoo will be scaling its new e2e encryption email security measure to all accounts by the end of 2015.
  • Twitch, which is owned by Amazon and enables gamers to live-stream their game play, was compromised early this week. Twitch provided few details but did say that all user passwords have been reset and that accounts connected to Twitter and YouTube have been disconnected.
  • A former Tesla intern released a $60 open source car hacking kit. The small CANtact device, built by Eric Evenchick, serves as a sort of hub between a computer and your car's on-board diagnostic computer. From the device's interface, you can control windows, brakes, service lights, and more.

Editorial standards