This week we find out how hackers are using social media to execute attacks and why Gmail, Outlook, Yahoo and Fastmail are lacking in security.
Gmail, Outlook, Yahoo and Fastmail are lacking in security and reliability
New research from High-Tech Bridge reveals the security and reliability of the most popular free email services, including Gmail, Outlook, Yahoo and Fastmail, is lacking.
The research found that almost all email providers still support depreciated SSLv3.
Earlier this year, the Internet Engineering Task Force declared that SSLv3 must not be used as it is insecure and threatened the confidentiality of encrypted communication, allowing attacks such as POODLE and BEAST. The Task Force recommended moving to the more secure TLS 1.2.
How hackers are using social media to execute attacks
F-Secure Labs has examined how hackers use third party services to coordinate malware campaigns.
“If I had to put it in a nutshell, I’d say that attackers are using certain third party services to help them fly under the radar of corporate security,” said F-Secure Researcher Artturi Lehtiö.
“Many online services use encryption to prevent data from being intercepted and stolen while in transit, but the downside of this is that security measures like firewalls aren’t able to identify malicious traffic. It’s a real challenge for companies, and my research has shown how attackers like The Dukes capitalise on this advantage in their attacks.”
F-Secure’s report specifically highlights how The Dukes were able to use Twitter to communicate with infected machines and direct them to download additional malware. The Dukes were also able to use Microsoft OneDrive as a data exfiltration tool, allowing them to retrieve stolen data without drawing attention to themselves.
8MAN recruiting new UK VARs
European security company 8MAN is looking to recruit new value added resellers to join its UK partner programme.
The security company recently opened its London headquarters and secured additional investment funding to support its ambitious growth plans for the UK market.
It is currently looking to recruit committed, strategic channel partners to work with to educate the market and sell and support the 8MAN products in return for ‘generous margins and hands-on support’.
How sportscotland eliminated shadow IT with Centrastor
Sportscotland has detailed how it moved from Dropbox to Redstor’s Centrastor platform to eliminate shadow IT.
“When looking for a new solution we knew we needed to offer our staff the same functionality as Dropbox so as not to turn them away from sharing data altogether,” explains Gareth Bevan, ICT Systems Engineer for sportscotland.
“However, we also knew that we needed an admin perspective to keep track of the information that was shared and who had access. Cost was very important and when we saw Redstor was priced competitively with other solutions, we knew the company and their technology would be a good fit.
“The biggest difference to our organisation with Centrastor has been the visibility. Previously we had little to no control over what information was being shared or who it was shared with. This was a great concern that could have had serious consequences if there had been an incident. However, Centrastor has given us a peace of mind.”
Other security news this week:
– Kaspersky’s principal security researcher, David Emm commented on concerns about the security of Mattel’s Hello Barbie doll, saying: “Concerns about the doll centre mainly around privacy – the fact that secrets entrusted to the doll by a child are shared with Mattel and its partners. There’s also the potential risk that such data might fall into the hands of hackers, if the security of Mattel or its partners are breached.”
– New research from iStorage reveals that 95% of consumers feel businesses should do more to protect customers’ personal data
– The code breaking whizz kids from Haileybury in Hertford have become the winners of the Cyber Security Challenge UK Cyber Games. Seven teams of the UK’s best 13-18 year old code-breakers from schools across the country competed in the competition to become the ultimate young cyber security defenders.
Image source: Shutterstock