Advanced Android Malware and NSA Snooping on Citizens
Are you, like most network administrators, too busy to follow all the latest information security (infosec) news each week? If so, this vlog is for you. Each Friday I summarize the biggest infosec stories, and share some practical security advice.
In this episode, I cover some of the week’s software updates, I talk about a new sophisticated Android malware variant , and I discuss Edward Snowden’s leak of NSA’s PRISM program. Watch the video below for the details, and check out the Reference section for more.
Have a great weekend, and stay safe out there.
(Episode Runtime: 9:17)
Direct YouTube Link: https://www.youtube.com/watch?v=5jb3ey1ZRBQ
Episode References:
- Software Updates
- Microsoft June Patch Day Summary – WGSC
- IE Cumulative Patch – WGSC
- Office Security Bulletin – WGSC
- Consolidated Windows Alert – WGSC
- Adobe Flash update – WGSC
- Kaspersky describes advanced new Android malware – Securelist
- NSA gathering customer data from many social networks, ISPs, and web email vendors – The Guardian
- Snowden claims NSA is hacking China too – Wired
- NSA says PRISM stops terrorists – The Next Web
- Schneier’s take on NSA snooping and Snowden – Schneier on Security
- Hacker tells NSA we don’t need them – Slate
- Mainstream media overstate PRISM story – ZDNet
Extras:
- Trend Micro spots new attack affecting Asia – The Register
- UK banks more worried about hackers than Euro crisis – PC Pro
- FDA warns about vulnerabilities in health care equipment – FDA.gov
- OWASP releases a new web application vulnerability top ten – Network World
- Look for a big Java patch next week – PC World
— Corey Nachreiner, CISSP (@SecAdept)
How did that happen?
Sent from my iPhone
1. Big Data storages of social enterprise networks (and email) are already “fine tunned” sources for military and govermental organizations. Is this not obvious from technical point of view? Another point, that such information was publicly disclosed, and that is equitable tendency.
2. A lot of authentication, verification and other security functions in Android are based on Java (and XML configuration modules). So, in that context, it not suprising, that powerfull trojans (like Backdoor.AndroidOS.Obad.a) are started to appear and circulate “in a wild”. Besides, in spite of more secure and well-crafted OS Android architecture – code for Androis is created by humans, so mistakes are unavoidable…and exploitable sometimes.