Threatpost News Wrap, April 22, 2016

Enjoy!

https://threatpost.com/threatpost-news-wrap-april-22-2016/117607/

Advertisements

SMS phishing attackers continue to pursue Apple users

Given the rich target environment presented by Apple users, this type of phishing attack makes sense.  The iPhone is to smartphone users as the Windows OS is to PC’s.  Many users click on SMS links out of blind faith in the obscurity of their phone’s OS, so this attack vector is particularly effective.

http://www.welivesecurity.com/2016/04/23/sms-phishing-attackers-continue-pursue-apple-users/

Most orgs couldn’t quickly detect breach, study

Sadly, many organizations find themselves in the majority of those surveyed in this article.  Resources are simply not dedicated to monitoring systems and detecting anomalous behavior.  If logs are being collected and correlated, the exceptions are not reviewed.  Web application firewalls are either not in place or are not monitored appropriately.  It is still a very slow process for the progression of proper security in most organizations.

http://www.scmagazine.com/study-finds-orgs-may-shift-focus-from-perimeter-to-database-security/article/491467/

Judge tosses evidence obtained by FBI malware planted on dark website

This is a curious article, especially given its conclusion.  I do not believe that the FBI has been restricted in any significant way by this ruling.  I simply believe the warrant process has been better clarified.  There is and will continue to be a mechanism for this type of data collection by law enforcement in the US.

https://nakedsecurity.sophos.com/2016/04/21/judge-tosses-evidence-obtained-by-fbi-malware-planted-on-dark-website/

FTC Issues Alert on Earthquake Relief Email Scams

This is both troubling and completely expected.  Cyber criminals have been leveraging the compassion of individuals since the beginning of the Internet.  There are many worthy and safe mechanisms to use to give to those in need around the world.  Take the time to do your research and give safely.  Consider http://www.redcross.org/mo2 as a good starting point.

http://www.tripwire.com/state-of-security/latest-security-news/ftc-issues-alert-on-earthquake-relief-scams/