Computer and Online Cyber Security
Computer Security No 11: Exploit Kit
Corporate Computer Security
Software kit designed to run on web servers
Identifying vulnerabilities in the client machines
Exploit kit = software kit designed to run on web servers with the purpose of identifying vulnerabilities in the client machines that communicate with the server; once the vulnerabilities are discovered, it uploads and executes malicious code on the client.
Privacy Shield = EU-US Privacy Shield is a set of principles between US and the European Union, allowing some US companies to receive personal info from EU entities, under EU Privacy Laws. Replaces International Safe Harbor Privacy Principles (established in 2000) – NOT in effect as yet. Outstanding issues: deletion of data, collection of large amounts of data and Ombudsman mechanism.
Ransomware & privacy
CryptXXX distributed via Spam emails
Searchengine with no ads - DuckDuckGoFrance serves notice to Microsoft on Data Tracking
Searchengine with no ads
The ransomware operators made US $50K from CryptXXX, sent to a single Bitcoin address between June 4 and June 21, 2016, according to SentinelOne researchers.
The main characteristic of the ransomware campaign, which infected more than 2,000 websites was the use of realstatistics.info and realstatistics.pro domains, which were redirecting users to the exploit kit landing page.
CryptXXX is one of the most prevalent ransomware. Previously, it distributed only via exploit kits (see definition above).
In the beginning of July 2016, Proofpoint researchers spotted emails with attached documents that contained malicious macros.
France serves notice to Microsoft on Data Tracking
The French National Commission on Data Protection (CNIL) gave Microsoft 3 months to fix the non-compliance with its French Data Protection Act.
Issues found were related to Windows 10:
- Collection of irrelevant or excessive user data
- Users can choose a four character PIN to authenticate access to on-line services without limiting the number of attempts
- Microsoft puts advertising cookies on users’ terminals without properly informing them or allowing them to opt out
- Microsoft moves user data outside the EU despite this not being allowed If Microsoft does not comply, they could pay $165,000 in fines.
The new “Privacy Shield” sets out tough rules to prevent US intelligence agencies accessing Europeans data.
To read the report :
Searchengine with no ads - DuckDuckGo
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© 2011 - 2016 Advisory Boards Group website by aml websites