Cyberespionage group used stolen D-Link certificates for new malware campaign

Security Digest Information security news and advice from TechTarget's network| July 11, 2018 FEATURED STORY Stolen digital certificates used in Plead malware spread by Michael Heller, Senior Reporter Researchers found the spread of Plead malware was aided by the use of stolen digital certificates, making the software appear legitimate and hiding the true nature of the attacks. (SearchSecurity.com) Advertisement NEWS   Researchers discover Android apps spying on users' screens News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. (SearchSecurity.com)   WebAssembly updates may cancel out Meltdown and Spectre fixes News roundup: Upcoming WebAssembly updates may undo the Meltdown and Spectre mitigations. Plus, FireEye denied claims it 'hacked back' China, and more. (SearchSecurity.com)   Cyber attribution: Why it won't be easy to stop the blame game Infosec experts have argued that too much focus is put on cyber attribution, but moving away from publicly identifying threat groups and nation-states may be easier said than done. (SearchSecurity.com)   RAMpage attack unlikely to pose real-world risk, expert says The RAMpage attack against the Rowhammer vulnerability in Android devices is theoretically possible, but it may be more academic than it is a practical concern, one expert said. (SearchSecurity.com)   Have I Been Pwned integration comes to Firefox and 1Password With new Have I Been Pwned integration, Firefox and 1Password users will be able to learn if their email addresses have been compromised in any known data breaches. (SearchSecurity.com)   Risk & Repeat: Is AI-driven identity management the future? In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management. (SearchSecurity.com) EXPERT ADVICE   Is Docker's Kubernetes implementation good for security? Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security. (SearchCloudSecurity.com)   Common security oversights within an AWS environment There's often an assumption that AWS systems can't be tested, as they're hosted in the cloud; however, this is not the case. Discover common security oversights in AWS environments. (SearchSecurity.com)   Why a zero-trust network with authentication is essential Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model. (SearchSecurity.com)   What effect does GDPR have on the WHOIS database? With GDPR in effect, ICANN proposed redacting information from the WHOIS database. Expert Michael Cobb discusses what this could mean for the domain database. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.