One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 362127 |
| Date de publication | 2017-05-03 16:49:00 (vue: 2017-05-03 16:49:00) |
| Titre | Alien Eye in the Sky – 5th May 2017 |
| Texte |
It’s been a busy week with ups and downs in the world of security. But even when things get shaken up like a Michael Bay movie, we keep our eye on what matters the most.
That Google Phish
There was a lot of buzz as many people received phishing emails disguised as invitations to open a Google Doc. By authorising it, users unwittingly gave access to their emails to attackers.
The size and scale of the attack was reminiscent of the viruses of days gone by, such as Melissa.
While Google has worked to close the flaw, it doesn't help those users that have clicked on the link.
If you have clicked on the link, then you need to follow these steps:
Go to google account permissions page and remove access for the fake app
Change passwords on Google and any other sites that may have been using the same password.
Enable two factor / two step verification (like needing an SMS code in order to log on).
Some are suggesting that given the similarities between this fresh phishing scam and the past activity of the DNC hackers, known as APT28, the Google phishers could be the allegedly Kremlin-backed crew. But to Jaime Blasco, chief scientist at security company AlienVault, that's unlikely: "I don't believe they are behind this though because this is way too widespread. Many people/organizations have received similar attempts so this is probably something massive and less targeted." - Full article
Threat post article
Smaller nations hacking skills
As the joke goes, on the internet, nobody knows that you’re a dog. Technology has done a great job in balancing the shift of power into the hands of the many. Now, with modest budgets and technology, startups can challenge well-established brands.
But that also means small nations can build cyber capabilities that match those of much larger nations.
We knew the U.S. and Russia were hacking powers, but Ethiopia and Pakistan?
GDPR
While a lot of European companies are looking to the future wondering what GDPR will bring, the Register looked back and retrospectively estimated what regulator fines on data loss would have been last year had GDPR been implemented.
Where last year British companies were fined £880,500; under GDPR regulation that sum could have been £69 million.
Register Story
Gartner predicts GDPR flouters will be in the majority
Google cloud will be ready for GDPR in May 2018
It’s just Metadata
It's why many governments have pushed for mandatory metadata retention laws, and have been successful. Because in the minds of many, it's only metadata.
Troy Hunt wrote a good article on why Australia just showed the world the problem with mandatory data retention
|
| Envoyé | Oui |
| Condensat | £69 £880 2017 2018 500; 5th access accessed account activity afp alien alienvault allegedly also any app apt28 are article attack attackers attempts australia authorising back backed balancing based bay because been behind believe between blasco brands breach bring british budgets build busy but buzz call can capabilities case challenge change chief claiming clicked close cloud code companies company consultancy consultant could crew cyber cybercrime data dave days dead disguised dnc doc doesn't dog don't done downs emails enable established estimated ethiopia european even eye facilty factor fake fined fines firm flaw flouters follow founder fresh from full future gartner gave gdpr get given goes gone good google governments great guests hacker hackers hacking had hand hands has have help hosted hunt ians implemented important instructor internet invitations irish it's it’s itself jaime job joke journalist's just keep kill knew known knows kremlin larger last laws lead less like link log looked looking loss lot majority mandatory many massive match matters may means melissa metadata michael million minds modest most movie much murdoch nations need needing newspaper’s nobody now officer only open order other page pakistan password passwords past pearls people people/organizations permissions phish phishers phishing post power powers predicts president probably problem pushed ready received records redirected register regulation regulator reminiscent remove researcher retention retrospectively rupert russia same sans scale scam scientist security senior shackleford shaken share shift showed similar similarities sites size skills sky small smaller sms some something special startups step steps: story successful such suggesting sum sun targeted technology teenage that's then these things those though threat too troy turned tweetchat two under unlikely: unwittingly ups users using verification vice viruses voodoo way week well what when where who why widespread will wisdom wondering worked world would wrote year you’re |
| Tags | Guideline |
| Stories | APT 28 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.