Another week is over which means another news recap. A bit of a slow week this week but still have some good stuff for you, enjoy!
- First story of the day is in regards to the new Cybersecurity law passed in China that gives the government even more control over the internet. The crux of the new law is that now users have to register using their real names and personal info when signing up for things like messaging services, essentially removing any anonymity. Additionally, companies operating in China are now required to essentially store all collected data within the Chinese borders, making it easier to access by Chinese law enforcement and government authorities.
- Read More @ http://thehackernews.com/2016/11/china-cybersecurity-law.html
- Next, a good review of the current exploit kit landscape by the folks over at Malwarebytes. There has been quite a number of changes in the EK landscape recently, with a lot of the long time show runners disappearing, so this is a good refresher of what’s out there and active right now.
- Read More @ https://blog.malwarebytes.com/cybercrime/exploits/2016/11/exploit-kits-fall-2016-review/
- Next, DDoS attacks are back in the news, and this time the targets seem to be Russian banks. At least 5 banks in Russia have been under a sustained DDoS attack, for days, with the likely culprit being the Mirai botnet again, though this remains unconfirmed. Why do I feel like these Mirai related DDoS attacks will become the norm going forward.
- Read More @ http://www.theregister.co.uk/2016/11/11/russian_banks_ddos/
- Next, some Anti-Virus beef, news. Kaspersky is apparently filing a complaint against Microsoft for giving an unfair advantage to it’s own AV product “Windows Defender”. They claim that a number of anti-competitive practices are in place, such as the 3rd party AV being disabled and Defender being enabled upon upgrade to Windows 10. In addition, if Windows Defender was disabled and another AV was enabled, it would pop up a warning saying to the user to uninstall the other AV and enable Windows Defender. Given the fact that Windows Defender is actually a fairly crappy AV this is not exactly beneficial to the user.
- Read More @ http://www.myce.com/news/kaspersky-files-complaint-microsoft-giving-unfair-advantage-windows-defender-80877/
- Lastly, something a bit different but definitely useful. A guide on avoiding some of the common security mistakes when it comes to Virtualization. Given that nearly everyone out there now in the corporate world is utilizing Virtualization technology, knowing how to properly secure, and deploy it is extremely important. Good read.
- Read More @ http://resources.infosecinstitute.com/security-mistakes-avoid-virtualization/
- This week’s webcast by CSCSS takes a high level look at the DDoS attack on DYN, the impact of the attack and lessons learned from it. It’s not very in depth technically, but provides a good overview of the attack.
- Watch @ https://www.brighttalk.com/webcast/14737/231657