GCHQ crypto flaws, Dridex strikes and Ukraine malware attacks: The week in security

It’s been another busy week in security as Ukraine continues to suffer at the hands of unknown hackers targeting critical infrastructure including power grids and airports.

GCHQ, meanwhile, was criticised by a security researcher for reportedly installing a backdoor into its Mikey-Sakke encryption standard. In other news, the notorious Dridex banking trojan returned to target UK citizens with an advanced ‘redirection technique’. 

Read on for the top security stories of the week from V3:

GCHQ-developed crypto tools have built-in backdoors to allow snooping

GCHQ Cheltenham

A security researcher claimed that Mikey-Sakke, the security protocol behind the GCHQ-developed Secure Voice encryption standard, has a built-in backdoor that allows the spy agency to intercept and snoop on phone calls.

Dridex trojan targeting UK banks with Dyre-like ‘redirection’ techniques

Malware cyber criminal

Researchers from IBM Security revealed that a new variant of the Dridex malware has taken inspiration from the Dyre banking trojan and is being used in attacks on UK bank accounts.

Ukraine power grid attacks continue but BlackEnergy malware ruled out

power-grid-pylon-electricity

Cyber attacks against the Ukraine power industry look set to continue after security firm ESET uncovered evidence of a fresh wave of malware strikes on the country’s critical infrastructure.

Oracle unleashes 248 security updates in first patch release of 2016

Oracle building

Oracle released a whopping 248 security updates across a range of products as part of the firm’s quarterly patch release cycle.

Linux kernel zero-day flaw puts ‘tens of millions’ of PCs, servers and Android devices at risk

Apple MacBook computer

A zero-day vulnerability in the Linux kernel put “tens of millions” of PCs and servers, and roughly two-thirds of all Android devices, at risk, according to security researchers.

Facebook adds Tor support for Android app users

Facebook

Facebook announced an enhanced privacy feature for users of its Android app to let them browse the social network using Tor.

Security firm Trustwave hit with legal action over breach investigation

legal

Affinity Gaming, a Nevada-based firm that operates 11 casinos across the US, is suing security firm Trustwave for failing properly to contain a data breach it was hired to investigate, according to legal documents.

UK phishing scams rise by 20 percent in 12 months

Isolated phishing email

New figures released by Action Fraud suggest that phishing scams in the UK have grown by 21 percent over the past 12 months.

NSA maintains phone surveillance regime meets privacy standards

A smartphone being used in the dark

The US National Security Agency released a transparency report claiming that its updated phone surveillance regime meets the civil liberty and privacy standards of the recently enacted USA Freedom Act.

European court ruling does not mean firms can snoop on your emails or WhatsApp chats

i-heart-my-boss

A recent headline-grabbing story jumped on by mainstream tabloids suggested that a ruling by the European Court of Human Rights gives bosses in the UK the right to spy on private messages sent from WhatsApp, Twitter, iMessage and personal email accounts. This was untrue.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

22 January 2016 | 3:37 pm – Source: v3.co.uk

[ad_2]

Leave a Reply

Your email address will not be published.