Week in review: European Space Agency breach, SQL injection trends and iPhone secret location tracking
Here’s an overview of some of last week’s most interesting news and reviews:
Final report: Pan-European cyber security exercise
The EU’s cyber security agency, ENISA, has issued its final report on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010.
Security fears still an obstacle to cloud adoption
Over three fifths (62 per cent) of IT managers state concerns about security as an obstacle to cloud adoption, according to Kaspersky Lab. The research found that among the IT managers and directors surveyed, less than half of the businesses (41 per cent) are planning to move or have moved their IT operations to the cloud.
Gaping security hole in Skype for Android
The Skype application for Android contains a flaw that allows a rogue app to access and harvest users’ personal information and things like chat logs from the device without needing root access or special permissions.
HBGary does some reputation building
Saying that their decision not to comment much on what happened in the press has proven not to be the best since it lead to a large amount of misinformation being reported in the press, the company is bent on painting itself like a victim of circumstance.
IPv6 for Enterprise Networks
The February news that the last batch of IPv4 addresses has been distributed has resounded across the Internet as a final wake up call. It made everybody aware of the fact that IPv6 will very soon become the prevalent standard, and that the time has come to think about deploying it within the enterprise. This book explains why and most especially how to make that transition seamless.
Software industry risks and SQL injection trends
With the trend of targeted cyber attacks along with the exploitation of common vulnerabilities such as SQL injection, it is clear that the core software infrastructure of several critical industries remains extremely vulnerable.
Cybercriminals shifting to smaller, more opportunistic attacks
The seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals.
Yahoo! backtracks on data retention policy decision
The company’s chief trust officer Anne Toth revealed in a post on the company policy blog that “over the past several years it’s clear that the Internet has changed, our business has changed, and the competitive landscape has changed,” which led a revaluation of the log file data retention policy and its closer alignment to “the competitive norm across the industry”.
European Space Agency website and FTP servers hacked
The European Space Agency’s website has been hacked on Sunday by a Romanian going by the handle TinKode, who documented the hack on his personal blog and made public the root password and a number of FTP accounts, email addresses and passwords for administrators and editors.
Dramatic increase in cyberattacks on critical infrastructure
A survey of 200 IT security executives from critical electricity infrastructure enterprises in 14 countries found that 40 percent of executives believed that their industry’s vulnerability had increased. Nearly 30 percent believed their company was not prepared for a cyberattack and more than 40 percent expect a major cyberattack within the next year.
Your iPhone keeps an unencrypted record of your movements
If you are an owner of an iPhone or a 3G iPad, you’ll probably want to know that your location – along with a timestamp – is recorded by the device and stored into a file called “consolidated.db,” which is then copied on the computer to which you synchronize the device.
Bredolab variant delivered by fake Facebook warning
There are over 600 millions of active Facebook users in the world, so it’s no wonder that they are often targets of a great variety of scams. The latest one is delivered directly into their inboxes, and claims that their Facebook account has been spotted sending out spam and that their password has been changed to prevent that.
Software company Ashampoo breached, customer data stolen
The German computer software company Ashampoo has been targeted by attackers that managed to gain access to its customers database and possibly exfiltrated data such as names and email addresses.
Why do governments have trouble retaining cyber warriors?
The retention of skilled experts is particularly challenging – some burn out, some go over to the “dark side”. Time and time again, government department or agency heads bemoan the loss of perfect candidates – and employees – to the private sector.
U.S. federal lab linked to Stuxnet breached
A federally funded U.S. lab that is suspected to have been involved in finding the vulnerabilities in Siemens SCADA systems used by the Stuxnet worm has shut down the Internet connection for its employees following the discovery of a breach into the facility’s systems.
A closer look at DropDMG
DropDMG (v3.0.6) is a piece of software that helps you create and work with Mac disk images – Apple’s preferred format for distributing Mac software and the only archive format whose contents you can directly access in the Mac Finder.
Michigan State Police denies downloading drivers’ phone data
A few days ago, the American Civil Liberties Union of Michigan made public their belief that the Michigan State Police might have been using portable devices that allowed them to secretly extract personal information from cell phones of drivers who have been pulled over.
Carder pleads guilty to hacking and selling stolen card numbers
The 26-year-old Georgian native Rogelio Hackett, Jr., has admitted that he has been selling credit card numbers online on IRC and a variety of criminal forums, and that he hacked into the servers of an online ticket seller and stole information on some 360,000 credit card accounts.
Interest in royal wedding abused by fake AV peddlers
As the day of the wedding of Prince William of England and his long-time girlfriend Kate Middleton quickly approaches, scammers have began to exploit the interest of Internet users around the world and pushing out a variety of poisoned links regarding the subject.