At AV-Comparatives we follow around 50 security related news sources for the selection of the malware of the month. Often the blog post headers of the news feeds show a variety of security issues and news items addressed. To Determine which malware(s) got substantial media attention normally requires further reading of the blog posts. This month it was an easy choice. Bad Rabbit and the Wifi-Krack dominated the media.
Spotlight on security: New Windows 10 security features
On Tuesday the 17th October, Microsoft started to rollout the ‘Fall Creators Update’ of Windows 10. This second major update in 2017 has some interesting new security features. Microsoft was so generous to give Windows 10 Home users also the added protection of the new Exploit Guard and Controlled folder access. The only catch is that they are built into Windows Defender.
Malware in the media: anti-malware tests are our legacy and future
The DerbyCon security conference reminded us of an important AV-Comparatives advantage. In his keynote speech John Strand stated that “researchers are terrified that they are going to get sued”. At AV-Comparatives we have some experience with security firms threatening to go to court to prevent publish our (independent) test report. One vendor for example tried to prevent us publishing our Next Gen endpoint protection test results by publicly announcing to sue one of our partners.
Spotlight on security: iPhone X introduction – job well done?
Did you watch the Apple event? The first ever announcement in the Steve Jobs Theater showed that they miss Steve Jobs. I remember Steve Jobs introducing the NeXTcube. That was a jaw dropping event. The NeXTcube had display depth while the rest of the world used monochrome. It marked the birth of the dock. Combining an application launcher, desktop explorer, and task manager into one single application. So simple straightforward, yet so brilliant and beautiful.
Malware in the media – Augusts’ eclipse and Android 8
On August the 21st people in the USA could witness a total solar eclipse. People from Oregon to South Carolina could see the moon totally covering the sun. A total eclipse is a unique event. The last total eclipse of the sun happened 38 years ago and the next one will be in 2024. Google smartly used this event to introduce the next Android OS version. Version 8 is named Oreo, a popular chocolate cookie filled with butter milk cream.
Spotlight on security: Does Google lives up to its promise?
In 2007 Google promised to change the world with Android and the Open Handset Alliance: “A new computing environment that will change the way people access and share information in the future. The Android platform will be available under one of the most progressive, developer-friendly open-source licenses to bring to market new innovative products faster and at a much lower cost.“
A decade after the announcement we did some fact checking to see whether Google lives up the promises made in the original press release?
Malware in the media – July’s “ignorance is bliss”
The Internet of Things (IoT) promises to make life easy, but Panda calls it “the next cyber security nightmare” and CSO ranked “the Internet of malicious things” as the number one threat for 2017. Shortly after the NotPetya ransom-worm, the first ever WIFI-worm was unveiled: broadpwn!
On July the 27th Nitay Artenstein demonstrated the first successful WIFI-worm attack at the Blackhat USA 2017 event. Broadpwn used a vulnerability of the Broadcom WIFI chipset which could potentially impact over one billion smartphones. Luckily both Google and Apple released a patch before public disclosure (ignorance is bliss).
Spotlight on security: Bob Dylan & Dalai Lama on threats & transparency
At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?
Malware in the media – June’s “fire in the hole”
Fire in the hole is a warning that an explosion is about to occur. In old days coal miners used to yell this three times before igniting dynamite. In those days dynamite was used to break rock and dig tunnels to excavate coal. The military adopted this expression to warn of an impending explosion.
Spotlight on security: Pi-hole a blackhole for Internet advertisements
Starting from June, AV-Comparatives will highlight an interesting event, idea, initiative, announcement or product which will make the digital world a safer place to surf and live in. We will kick off with an interesting piece of software originally developed for the Raspberry Pi, called Pi-hole.