Wednesday, 9 November 2016

Google to Label Malware Sites with 30-Day Full Page Alerts

Google will slap repeat malware offenders with a 30-day red alert for website visitors.
Chrome, Firefox and Safari will display a full page 'deceptive' warning for those websites that appear to intentionally spread malware, unwanted software or phishing pages.
Further, they’ll be blocked from the Safe Browsing review process, to prevent nefarious webmasters from gaming the system.
Google normally allows a review process if a site is branded as harmful. An operator can ask Google to review the site and remove the warning once it has been confirmed that the offending issue has been rectified.
However, Google has observed that some websites will cease harming users for long enough to have the warnings removed, and will then revert to harmful activity.
“Repeat Offenders are websites that repeatedly switch between compliant and policy-violating behavior for the purpose of having a successful review and having warnings removed,” said Brooke Heinichen, of the Google Safe Browsing Team. “Once Safe Browsing has determined that a site is a Repeat Offender, the webmaster will be unable to request additional reviews via the Search Console for 30 days, and warnings will continue to show to users. When a site is established as a Repeat Offender, the webmaster will be notified via email to their registered Search Console email address.”
Websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.

Rash of PlayStation Hacks Hits UK Gamers

Widespread reports of stolen PlayStation Network accounts, especially in the UK, have started appearing in support forums.
PlayStation gamers have taken in droves in the past few weeks to the Sony Twitter support handle as well as Reddit to report that they have had their accounts hacked. In some cases, users say that the compromises resulted in fraudulent charges being made—mostly, they complain of their account IDs being changed so they can’t log in.
Sony has yet to issue an official response, but it’s been replying to customer tweets directing users to a generic contact form.
The compromises could be stemming from phishing attacks, or credential re-use (i.e., a hack of another site yielded credentials that also work for PSN). The issue could also be botnet-driven.
The other possibility is a hack of the platform itself, which is not unprecedented. The 2011 PlayStation hack exposed the personal information of the entire PSN user base, 77 million people, including users' account names, dates of birth, email addresses and credit card details. The incident, which Anonymous took credit for, forced the company to shut down its entire system for almost a month.
In April, five years after the massive hack, Sony finally implemented two-factor authentication for the PSN. Encouragingly, 2FA has alerted some users to an account compromise. One person said on Reddit: “I've had my psn account hacked twice. Both times I managed to regain control of it. Then Sony released two factor sign in. Since Saturday I've gotten I think eight requests for the code. Someone is trying again and has somehow gotten my password.”

18-year-old Wins Cyber Security Challenge UK

Ben Jackson, an 18-year-old student from the Sussex town of Bexhill-on-sea, has won the Cyber Security Challenge UK’s Masterclass competition, making him the youngest ever champion.
Jackson beat 41 other talented amateurs in a three-day cyber-attack simulation led by PwC with help from the National Crime Agency, GCHQ and the Bank of England.
That challenge, which took part in a Security Operations Center in Shoreditch, required participants to investigate a data breach at a power station.
Working in teams, candidates were presented with the profiles of ‘employees’ which may have carried out the attack, and were required to work against the clock under the twin pressures of hacktivist cyber-attacks and live updates from government agencies and the company’s board.
They were also tasked with keeping the operation under wraps from journalists.
All 42 finalists were apparently rated by cybersecurity experts against real world criteria covering both technical and soft skills like teamwork, leadership and communication.
The final rounds off a year-long search for the UK’s most talented cybersecurity amateur, with qualifying rounds pitting participants against each other face-to-face and online.
It is hoped the competition will raise the profile of the industry and help ensure more talent is discovered to plug worsening cybersecurity skills gaps.
It’s claimed that half of the candidates competing in the Masterclass competition and face-to-face rounds have indeed gone on to work in the industry.
Jackson will now be able to choose from a range of prizes including university courses, industry training and access to industry events provided by sponsors such as Sans, Bank of England, PwC, GCHQ, CompTIA, Royal Holloway University and Crest.
"It’s hard to put into words how I feel but I can say it’s a complete privilege to win such a well renowned competition,” said Jackson in a statement.
“I’m frankly amazed that I’ve won. This has been a brilliant few days and a life changing experience, meeting some great people along the way. I hope to now go on to pursue a career in cybersecurity, something which I really enjoy.”