We highlight some of the biggest security-based news stories from the past few days.
Microsoft acquires data security firm Adallom
Microsoft has reportedly acquired Adallom, an Israeli data security firm in a deal worth $320 million. According to reports from two publications including Calcalist and Globes, the firm is also expected to open a cybersecurty operation in Israel.
In addition, endpoint security firm Bromium has revealed it will be working with Microsoft to ensure Bromium micro-virtualisation and Windows 10 work better together to provide users with a secure endpoint.
The new partnership will bring together new security capabilities with Windows 10 and Bromium’s virtualisation technology to help secure enterprises against data breaches.
Infidelity site faces security breach
An infidelity site has had some of its personal information leaked and stolen, as hackers demand that the site is shutdown. The site, named Ashley Madison, which boasts the strapline ‘Life is short. Have an affair’, encourages married users to cheat on their spouses.
The hackers, who are known as the Impact Team, says it has access to the site’s database, including user records, financial records, as well as other sensitive information. So far the team has released 40MB of data, including credit card details.
Small businesses receive £5,000 grant to boost cyber security
The Government has revealed a new £5000 grant scheme to help protect small businesses from cyber attacks. Speaking at the Reform Cyber Security: assurance, resilience, response conference in London, Ed Vaizey, digital economy minister, revealed that the new voucher scheme would launch later this month.
EICAR unveils new security standards
The European Expert Group for IT Security (EICAR) has launched a set of new standards customers should expect from security products.
The set of standards named the EICAR Minimum Standard for Anti-Malware Products, aims to ensure all security products comply with Data Protection regulations, offer product and feature transparency to the user, and can provide assurance that they have not been manipulated.
Kaspersky Lab finds malicious TeslaCrypt infections
Kaspersky Lab has detected threats from TeslaCrypt from the ransomware encryptor family. In version 2.0 of the Trojan, it displays an HTML page in the browser, which is a copy of the CryptoWall 3.0.
Once hackers have successfully infected a device, the program demands a $500 ransom for the decryption key, and if users delay a response this then doubles.
Apple Pay security
Following the release of Apple Pay in the UK, Kaspersky’s principal security researcher, David Emm, believes the new payment service helps to reduce stolen card data, but warns users should be aware of jailbreaking their device.
He said: “It’s good that the card details aren’t stored on the device, just a device-specific token (the Device Account Number) and a cryptogram generated per transaction. This reduces the opportunities for card data to be stolen – even if token and cryptogram were intercepted, it would not be possible to re-use them.
“However, it makes it more important than ever that people don’t ‘jailbreak’ their device, thereby stripping away the built-in security. It’s also important that people don’t let anyone else store their fingerprints on the device, to ensure that transactions can only be authorised by the owner of the device.”
Adobe aims to fix Flash security issues
Adobe has promised to improve the security of its Flash tool, following criticisms of the service from Mozilla and Facebook.
The firm said in a blog post: “Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, is a target of malicious hackers. We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.”
Telegram app bought down by DDoS attack
Messaging app Telegram has been hit by a 200GBps distributed denial of service (DDoS) attack.
Using a new hack named Tsunami TCP SYN flood, attackers knocked out the service for around five per cent of the company’s 60 million users.
Ashley Stephenson, CEO at Corero Network Security, said: “Yet again another company is suffering an outage as a result of a preventable DDoS attack. These types of attacks can easily be detected and blocked with proper protection mechanisms for your online service.
“Without a DDoS analytics capability the victim corporations lack visibility and networks forensics for the incoming threat vectors. Subsequently, the victims of DDoS attacks are often confused as to how they are being attacked and what steps to take for remediation.”