Alien Eye in the Sky – 5th May 2017

May 5, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It’s been a busy week with ups and downs in the world of security. But even when things get shaken up like a Michael Bay movie, we keep our eye on what matters the most.

That Google Phish

There was a lot of buzz as many people received phishing emails disguised as invitations to open a Google Doc. By authorising it, users unwittingly gave access to their emails to attackers.

The size and scale of the attack was reminiscent of the viruses of days gone by, such as Melissa.

While Google has worked to close the flaw, it doesn't help those users that have clicked on the link.

If you have clicked on the link, then you need to follow these steps:

  1. Go to google account permissions page and remove access for the fake app
  2. Change passwords on Google and any other sites that may have been using the same password.
  3. Enable two factor / two step verification (like needing an SMS code in order to log on).

Some are suggesting that given the similarities between this fresh phishing scam and the past activity of the DNC hackers, known as APT28, the Google phishers could be the allegedly Kremlin-backed crew. But to Jaime Blasco, chief scientist at security company AlienVault, that's unlikely: "I don't believe they are behind this though because this is way too widespread. Many people/organizations have received similar attempts so this is probably something massive and less targeted." - Full article

Smaller nations hacking skills

As the joke goes, on the internet, nobody knows that you’re a dog. Technology has done a great job in balancing the shift of power into the hands of the many. Now, with modest budgets and technology, startups can challenge well-established brands.

But that also means small nations can build cyber capabilities that match those of much larger nations.

GDPR

While a lot of European companies are looking to the future wondering what GDPR will bring, the Register looked back and retrospectively estimated what regulator fines on data loss would have been last year had GDPR been implemented.

Where last year British companies were fined £880,500; under GDPR regulation that sum could have been £69 million.

It’s just Metadata

It's why many governments have pushed for mandatory metadata retention laws, and have been successful. Because in the minds of many, it's only metadata.

Cloud Security TweetChat

We hosted a TweetChat on Cloud Security and had special guests Dave Shackleford, Senior SANS instructor, Lead Facilty IANS, and Founder of Voodoo Security, and Jaime Blasco, Vice President and Chief Scientist, AlienVault on hand to share their pearls of wisdom.

From hacker to cybercrime consultant

In a case of hacker turned good, a teenage Irish hacker who redirected The Sun newspaper’s users to a fake story claiming Rupert Murdoch was dead is now a security researcher for a UK consultancy firm.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

TAGS: news

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL