Computer and Online Cyber Security

RETURN TO SECURITY ARTICLES INDEX

Computer Security No 11: Exploit Kit

Corporate Computer Security

Exploit kit
Software kit designed to run on web servers
Identifying vulnerabilities in the client machines

Exploit kit = software kit designed to run on web servers with the purpose of identifying vulnerabilities in the client machines that communicate with the server; once the vulnerabilities are discovered, it uploads and executes malicious code on the client.

Privacy Shield = EU-US Privacy Shield is a set of principles between US and the European Union, allowing some US companies to receive personal info from EU entities, under EU Privacy Laws. Replaces International Safe Harbor Privacy Principles (established in 2000) – NOT in effect as yet. Outstanding issues: deletion of data, collection of large amounts of data and Ombudsman mechanism.

About Over 50 Personal Computer Security Exploit kit

Ransomware & privacy

CryptXXX distributed via Spam emails

Searchengine with no ads - DuckDuckGoFrance serves notice to Microsoft on Data Tracking

Searchengine with no ads

The ransomware operators made US $50K from CryptXXX, sent to a single Bitcoin address between June 4 and June 21, 2016, according to SentinelOne researchers.

The main characteristic of the ransomware campaign, which infected more than 2,000 websites was the use of realstatistics.info and realstatistics.pro domains, which were redirecting users to the exploit kit landing page.

More info:

CryptXXX is one of the most prevalent ransomware. Previously, it distributed only via exploit kits (see definition above).

In the beginning of July 2016, Proofpoint researchers spotted emails with attached documents that contained malicious macros.

www.securityweek.com

France serves notice to Microsoft on Data Tracking

The French National Commission on Data Protection (CNIL) gave Microsoft 3 months to fix the non-compliance with its French Data Protection Act.

Issues found were related to Windows 10:

- Collection of irrelevant or excessive user data

- Users can choose a four character PIN to authenticate access to on-line services without limiting the number of attempts

- Microsoft puts advertising cookies on users’ terminals without properly informing them or allowing them to opt out

- Microsoft moves user data outside the EU despite this not being allowed If Microsoft does not comply, they could pay $165,000 in fines.

The new “Privacy Shield” sets out tough rules to prevent US intelligence agencies accessing Europeans data.

To read the report :

www.securityweek.com/france-serves-notice

Searchengine with no ads - DuckDuckGo

About Over 50 Personal Computer Security Duck Duck Go

It helps you take your privacy back. Its founder, Weinberg states "By default, DuckDuckGo does not collect or share personal information. That is our privacy policy in a nutshell." However, they do maintain logs of all search terms used.

More info:

https://en.wikipedia.org/wiki/DuckDuckGo

Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au

© 2011 - 2016 Advisory Boards Group             website by aml websites

 
Advisory Board Group