Happy Friday everybody, and welcome to another installment of our Weekly News Roundup. It certainly was another busy week in the application security world, with several cyber attacks, new regulations, and updated security measures making headlines. Veracode’s Marketing team rounded up some interesting articles on some of the biggest topics of the week. Give them a read and enjoy.
1. New Data Protection Laws: “EU to Propose New Data Breach, Privacy Regulations” by Brian Prince (@threatpost). Over the weekend the European Union announced that they would soon be proposing new laws that would require companies that are impacted by cyber attacks / data breaches to inform authorities and customers within 24 hours. The legislation will primarily be focused on protecting online consumers by giving them more online privacy and information security rights. The EU also hopes that the proposed regulations will help simplify their data protection methods. It appears that the proposed laws will probably not go into effect for another two years.
2. SQL Injection Attacks: “Avoidable Attacks Cause Most Data Breaches” by Sophie Curtis (@scurtsy). In this article, Sophie Curtis provides insight on the widespread lack of prevention against SQL injection hacks shown by many businesses. Curtis reports that businesses with underequipped or out-of-date cyber security methods are among the easiest targets for hackers and that these attacks cost billions of dollars while impacting millions of people annually. The article also provides insight on SQL injection attacks and measures that can be taken in preventing them.
3. Kelihos Botnet: “Microsoft: 'Kelihos' botnet master worked for AV vendor” by Ryan Naraine (@ryanaraine). Microsoft has identified the developer behind the “Kelihos” botnet that was responsible for countless spam emails, identity theft, stock scams, and more. According to Microsoft, the software developer is Andrey Sabelnikov, a Russian man who used to work for an antivirus/firewall/security software company. Sabelnikov has been accused of creating over 3,700 subdomains from a Czech free hosting site and using the subdomains to control the Kelihos botnet.
4. Data Privacy Day: “SSCC 81 - NCSA and Data Privacy Day” by Chester Wisniewski (@ChetWisniewski). Happy Data Privacy Day! In this article and podcast, Chet Wisniewski talks about the upcoming holiday (Data Privacy Day is officially January 28th) with Michael Kaiser of the National Cyber Security Alliance. The two discuss the role of the holiday in promoting privacy and cyber security awareness globally as well as what consumers should do to protect themselves.
5. Application Security: “Cover Your App: Five Lessons from Recent Data Breaches” by Scott Vernick (@HuffPostTech). The growing problem of cyber attacks has more and more consumers thinking about the security of their personal information online. Scott Vernick offers five excellent tips on measures consumers can take to protect their data in this article from the Huffington Post.
6. Smartphone Security: “Lookout’s New App Visualizes Mobile Security Threats As They Are Detected Around The World” by Leena Rao (@LeenaRao). As it continues to become more of an issue, we are seeing many companies releasing mobile security solutions. Earlier this week Lookout released a new app for Android users that allows them to monitor cyber attacks as they take place. The app also provides information on the top security threats that are taking place, and the breakdown of malware attacks vs. spyware attacks happening in real time. Products and applications like this will hopefully increase cyber attack awareness amongst smartphone users.