Zero Day Weekly: WhatsApp, Blackphone, Citadel hits password managers

A collection of notable security news items for the week ending November 21, 2014. Covers enterprise, controversies, reports and more.
Written by Violet Blue, Contributor
zero day weekly

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending November 21, 2014. Covers enterprise, controversies, reports and more.

This week, WhatsApp went crpto, WireLurker malware went down, Blackphone encountered political controversy, the UK found a Russian hacked-webcam streaming site, and a new configuration of Citadel malware was found that exploits flaws in two popular password managers.

  • WhatsApp made end-to-end encryption a default feature in the most recent update to its messaging app for Android this week. The encryption fete is significant, as it makes WhatsApp one of the most secure text messaging apps available.

  • Microsoft has delivered a new public preview of its enterprise security product formerly known as Forefront Identity Manager, and now known as "Microsoft Identity Manager." The new Identity Manager "gets your identities ready for the cloud, offers updated support for security identity self-service and enhances admin security," according to company officials.

SilentCircle Blackphone Ukraine
  • The UK's Information Commissioner's Office (ICO) said a Russian website is streaming live footage from unsecured webcams. It accesses a range of devices such as corporate CCTV to baby monitors by using the default login credentials for thousands of models of cameras, which are freely available online. According to the BBC, around 500 of the feeds are from the UK and 5,000 from the US.

  • Google advances SSL with new Chrome versions: The latest stable version of Chrome removes the source of the POODLE bug and SSLv3 support will be out altogether over time. The Canary version disparages implementations not up to standards.

  • High-volume DDoS spiked in use during Q3 2014, according to new research released by Verisign. According to the Reston, Virginia-based firm's Q3 2014 DDoS Trends Report, through July to September this year there was an increase in the frequency of DDoS attacks exceeding 10 Gbps in size, accounting for more than 20 percent of all mitigations conducted by the company.

  • IBM’s Trusteer researchers have discovered a new configuration of the Citadel malware that attacks certain password managers. The configuration activates key logging when certain processes are running on the infected machine; the targeted processes include Password Safe and KeePass, two open-source password managers.

Editorial standards