Zero Day Weekly: Cyber national emergency, GitHub and Slack nailed, Android malware less than 1 percent

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending April 3, 2015. Covers enterprise, controversies, reports and more.

• The U.S. declared cybercrime a 'national emergency', threatening sanctions against hackers, online espionage: A White House executive order signed by President Obama this week declared a state of national emergency with regard to the threat of cyber attacks on US companies, authorizing a set of new sanctions against individuals or groups whose cyber attacks result in significant threats to US national security or economic health.

• China's main digital certificate authority CNNIC got a beatdown this week when Google and Mozilla announced that updates to their respective browsers will remove trust (read: blacklist) the sketchy certificates. Mozilla explained its reasoning, saying "CNNIC had issued an unconstrained intermediate certificate, which was subsequently used by the recipient to issue certificates for domain names the holder did not own or control (i.e., for MitM)."

• Android is a mobile malware target but the rate of "potentially harmful" Android app installs was cut nearly in half from Q1 to Q4 2014, according to Google's Android security year in review report released Thursday. In fact, Google found that fewer than 1 percent of Android devices had a "potentially harmful app (PHA)" installed in 2014. The report pulled from Google Play, the official Android app store; Verify Apps, which scans apps installed outside Google Play; SafetyNet, an app health check service for developers, and; Safe Browsing, which monitors phishing sites and malicious URLs.

• This week started out rough for companies using popular team collaboration and messaging service Slack Technologies.Slack (incidentally, popular with security startups) said it was hacked over a four-day period in February and up to 500,000 users' personal information was snatched by intruders. The news came a week after the company was in talks with investors to raise financing at a valuation of more than $2 billion.

• Uber, on perpetual damage control, this week announced the hiring of Facebook's Joe Sullivan as its new chief security officer. Sullivan has been serving in the same role over at Facebook, and prior to Facebook, Sullivan spent several years at eBay and PayPal as well as eight years with the Department of Justice while prosecuting cybercrime.

  Special Feature

  IT Security in the Snowden Era

  The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

  Read now

• Spying by the National Security Agency revealed by Edward Snowden will cost cloud and outsourcing providers about $47 billion in revenue over the next three years, but that sum is better-than-expected, according to a Forrester Research analysis. Forrester found that the PRISM program hurt U.S. cloud providers, but the revenue hit to U.S. cloud and outsourcing providers is less than initial projections because international customers upped security instead of leaving.

• Salesforce.com Wednesday added mobile-based two-factor authentication to its stable of identity and access control technologies with the acquisition of Texas startup Toopher. The capabilities will be folded into Salesforce's cloud platform, according to a statement left behind on the now barren Toopher website. Terms of the deal were not announced. Toopher counts LastPass, MailChimp, and the universities of Oklahoma and Texas as its customers.

• Four plead guilty to intellectual property theft conspiracy impacting Microsoft, other firms: Last fall, a group of men was charged with stealing more than $100 million worth of intellectual property and proprietary data from several companies, including Microsoft. Thursday the FBI announced that all four members of the hacking ring have pleaded guilty to their crimes.

• Tech industry darling, code repository site GitHub has recovered after a week-long DDoS that downed the site. Two specific sections of GitHub were targeted: One content area run by Greatfire.org, an anticensorship organization which releases tools to help Chinese citizens circumvent the county's stringent censorship controls. The second links to copies of the New York Time's Chinese language website and other banned domains. The Electronic Frontier Foundation (EFF) said Wednesday that wider use of HTTPS could have prevented the attack.

• In the young, billion-dollar growth sector of threat intelligence, vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products. That's because right now, organizations know they need to 'do' threat intelligence -- yet few understand, or can agree on what that means. A new threat intelligence whitepaper backed by the UK government waded through the confusion and snake oil salesmen to design a framework for threat intelligence that can be scaled to different sectors, sizes of organization, and organizational goals.