Week in review: Massive iFrame injection attack, Anonymous/LulzSec arrests and Facebook phishing
Here’s an overview of some of last week’s most interesting news and articles:
Global analysis of 10 million web attacks
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to Imperva. They observed and categorized attacks across 30 applications as well as onion router (TOR) traffic, monitoring more than 10 million individual attacks targeted at web applications over a period of six months.
Hackers steal 8 GB of data from Italian anti-cybercrime unit
Evidence servers of the Italian National Anti-Cybercrime Center for the Protection of Critical Infrastructure (CNAIPIC) have been breached and some its contents published by a group of hackers calling themselves “Legion of Anonymous Doom”, who apparently got on board the AntiSec campaign.
Japanese man arrested for storing malware
38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house’s Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament.
SecurID users targeted by fake NSA email
RSA’s SecurID token users have recently been targeted with fake emails supposedly coming from the US National Security Agency urging them to update their token code.
CompTIA introduces healthcare IT technician certificate
The CompTIA Healthcare IT Technician certificate is a vendor- and technology-neutral credential that validates the operational, regulatory and security knowledge necessary to provide hardware and software support in medical environments where electronic health record (EHR) systems are used.
US CERT director resigns
Randy Vickers, the director of the US Computer Emergency Readiness Team, has unexpectedly and rather abruptly resigned his position on Friday.
The problem with current cyber-liability insurance policies
The repercussion from the massive breach are still reverberating through Sony and, as the company managers move to minimize the losses, an unexpected development could throw a wrench in their plans.
90,000+ web pages compromised through iFrame injection
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites.
SpyEye Trojan country hit list
The number of financial institutions targeted by the SpyEye Trojan is growing, according to Trusteer. Risk analysis teams have also observed an increase in the number of countries where financial institutions are being targeted by fraudsters using SpyEye.
Phishing attacks on Facebook intensify
There was a significant increase in the amount of phishing attacks on Facebook, as well as other social networking sites such as Habbo in June, according to the latest spam report from Kaspersky Lab.
Arrested Anonymous activists just a small part of a long list
Even though the FBI started serving search warrants and arresting people suspected in participating in the Anonymous’ “Operation Payback” way back in January, it is only after last week’s arrests that it began to be clear that the FBI is not randomly knocking on doors of people who used the PayPal site at the time of the attack.
Google still grabbing more than just Wi-Fi devices’ MAC address?
Google is in for another privacy dispute, as it seems that its Street View cars have not been collecting only hardware IDs of detected Wi-Fi devices, but also the MAC addresses of cell phones, laptops and other Wi-Fi enabled devices.
Phishers becoming sophisticated marketers of fraud
Phishers are becoming more sophisticated criminal marketers, according to a report by IID which documents a quarter that was a watershed for data breaches, from large-scale attacks at Sony and Epsilon, to penetrations against security companies themselves, and even assaults on small, non-traditional targets like a knitting community.
LulzSec member Topiary arrested?
Was the right person arrested by the e-Crime Unit of London’s Metropolitan Police on Wednesday?
What did the RSA breach end up costing EMC?
In its earnings call for the second quarter of the running year, the company has revealed that it has spent $66 millions for investigating the attack, hardening their systems and working with customers (transaction monitoring, SecurID token replacements) to implement their remediation programs.
BT commanded to block site linking to pirated content
The ruling could provide a much needed precedent for future suits initiated by the artistic content industry, since this is the first time that an ISP has been ordered to comply with their requests by a court of law.
“Wrong hotel transaction” spam bombards victims with malware
A particularly malicious spam run consisting of emails ostensibly sent by reception desk managers of various hotels has been targeting Visa users.
Conficker found on external HD devices on sale
Australian supermarket chain ALDI might seem like the last place where one can pick up a Conficker infection, but according to an emergency security alert by the AusCERT, the worm has been discovered on a Fission External 4-in-1 Hard Drive/DVD/USB/Card Reader product the stores offer for sale.