Week in review: IMF breach, Bitcoin-stealing Trojan and the 10 most common iPhone passcodes
Here’s an overview of some of last week’s most interesting news:
Foreign government behind IMF breach and data theft?
The International Monetary Fund’s systems have been breached by cyber attackers believed to be linked to a unnamed foreign government.
Alleged Spanish, Turkish Anonymous members arrested
The Spanish police has arrested three Spaniards in their early 30s, in Almeria, Barcelona and Valencia, who are thought to have been behind the attacks on the Sony PlayStation online gaming store.
Web host victims repeatedly exploited by cybercriminals
More than one-third of respondents to an Anti-Phishing Working Group (APWG) survey were repeat victims of phishing attacks that resulted in a successful establishment of phishing or spoofing websites on their web server platforms.
History and future of mobile malware
Panda Security released a report on the history, current state and future of mobile malware which aims to raise awareness of the threats affecting mobile devices as well as provide tips individuals can follow to avoid falling victim to mobile threats.
National US data security breach notification law on the horizon?
Californian Representative Mary Bono Mack has jumpstarted the latest quest for a national data security breach notification law and is currently working on its draft.
Two-factor authentication for Mailchimp using AlterEgo
MailChimp is an innovative company that provides mailing list management services with a twist. The company recently announced a new integration option which provides its users with two-factor authentication capabilities.
10 most common iPhone passcodes
The problem of poor passwords is not confined to computer use, and the fact was discovered by an app developer who has added code to capture user passcodes to one of its applications.
LulzSec DDoS rampage downs game servers and sites
Tuesday has been another busy day for the LulzSec bunch, and has witnessed DDoS attacks against a number of targets.
Citigroup data theft the result of a common vulnerability
If the information the NYT has received about the Citigroup breach is correct, and the intrusion was made possible by the exploitation of a vulnerability so frequent and common that it made OWASP’s top 10 web application risks list, one wonders how it is possible that the world’s largest financial services company hasn’t got security experts that would remedy it.
Man convicted for using DDoS attacks in extortion scheme
A German man has been convicted to a 34-month prison sentence and has been ordered to pay some 350,000 Euros to the companies he blackmailed by threatening to take down their websites.
Microsoft investigates emerging Internet phone scam
An Internet scam that targets English-language markets and costs victims on average $875, according to Microsoft.
Huge decline of Autorun-abusing malware
Infections with malware that abuses the Windows Autorun feature by automatically enabling AutoPlay have been declining since February, says Microsoft, and credits the security updates for Windows XP and Vista they started releasing at the beginning of that month for that decline.
Risk management under pressure
Has the financial services industry reached a comfort zone, placing it in jeopardy of another crisis? Are today’s risk management practices and reporting in tune with existing risk culture and organizational expectations?
SpyEye Trojan attacks Air Berlin and AirPlus travelers
Trusteer have uncovered a SpyEye configuration that targets users of two leading European airline travel Web sites: Air Berlin, the second largest airline in Germany (after Lufthansa) and AirPlus, the global provider of business travel services for companies. SpyEye exploits the user’s machine, not the websites, to carry out this fraud.
LulzSec leaked passwords come from Writerspace
Following LulzSec’s sharing of a list of 62,000+ random login credentials, people who have been looking into it say that some of them are likely to come from online writing community.
Trojan goes after Bitcoins
Bitcoin – the digital currency that has lately become a point of contention between those that consider it a perfect way of handling payments online and those who said that its anonymous nature will be severely misused by criminals – has definitely caught the attention of said criminals.
Trojan targets devices with custom Android versions
In order to install its payloads, the Trojan exploits the fact that system images in most custom ROMs are signed with publicly available private keys in the Android Open Source Project.