Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

This Week in Security: Google Android, Galaxy S6 Edge, KnowBe4, TalkTalk...

DZone's Guide to

This Week in Security: Google Android, Galaxy S6 Edge, KnowBe4, TalkTalk...

Announcements, patches, updates, and vulnerabilities in the news this week.

· Performance Zone
Free Resource

There has been a considerable amount of noise in the news this week about mobile threats and how we are becoming more and more bombarded with attacks on mobile devices.

Google Android

Google has released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process. The release fixes a series of vulnerabilities such as remote execution of code, information disclosure and privilege elevation.

You can read the details here:

https://groups.google.com/forum/#!topic/android-security-updates/GwZn7sixask

Samsung Galaxy S6 Edge

Google have discovered in the OS running on the Samsung Galaxy S6 devices 11 Sever vulnerabilities due to the customisations carried out by the device manufacturer. Project Zero is the google project that is investigating the security of OEM products using the Android OS.

You can read the Project Zero blog post concerning the Galaxy S6 here:

http://googleprojectzero.blogspot.ro/2015/11/hack-galaxy-hunting-bugs-in-samsung.html

KnowBe4

KnowBe4 are releasing a free add-in for Outlook that enables users to quickly and easily report phishing attempts.

You can learn more about the add-in here:

https://knowbe4.zendesk.com/hc/en-us/articles/208969608-Phish-Alert-Outlook-Add-in

TalkTalk

A fourth person has been arrested in relation to the TalkTalk data breach, he is still in custody, the other three individuals have been bailed for the time being.

You can read how the case is transpiring here:

http://news.met.police.uk/news/new-arrest-in-talktalk-investigation-136381

TalkTalk announced on the 6th November that 156,959 customers personal details, 15.656 account numbers and sort codes were accessed and that 28,000 obscured credit and debit cards numbers were also accessed but cannot be used because the information is incomplete and that no customer information was associated with these records.

You can read their press release here:

http://help2.talktalk.co.uk/oct22incident

PageFair

PageFair Ad-Blocker Breached and used as delivery mechanism for malware:

Read their press-release here:

http://blog.pagefair.com/2015/halloween-security-breach/

UK Investigatory Powers Bill

UK Bill being discussed to oblige cloud encryption to contain a backdoor for use by the provider for allowing access to law enforcement.

More detail available from the Telegraph:

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html

iboss and Goldman Sachs

iboss who produce a secure web gateway platform receives 35 Million investment from Goldman Sachs

You can read their press release here:

http://www.iboss.com/iboss-cybersecurity-announces-35-million-investment-from-goldman-sachs

Russian, Polish and Japanese Banks Under Attack

Tinba Trojan has been seen to be targeting mainly Russian and Japanese banks although Poland is still under attack.

You can read more about the initial discovery here:

https://securityintelligence.com/tinba-worlds-smallest-malware-has-big-bag-of-nasty-tricks/

The latest news comes from Dell SecureWorks and you can read more here:

http://www.secureworks.com/resources/tips-and-articles/featured_articles/media-alert-banking-trojans-attack-russian-banks

CISCO

Cisco has created a patch for their Web Security Appliances that fixes the command injection vulnerability CVE-2015-6298 detailed here:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa

You can read about the patch here:

http://tools.cisco.com/security/center/publicationListing.x

CryptoWall 4.0

A new strain of the CryptoWall ransomware has been release that now encrypts filenames making it very difficult to determine what files have potentially been lost.

You can read more about the new version at the two below links:
https://heimdalsecurity.com/blog/security-alert-cryptowall-4-0-new-enhanced-and-more-difficult-to-detect/

http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/

Topics:
security ,vulnerabilities ,patch ,ransomware ,performance ,mobile

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}