Week in review: Massive carding ring bust, cyber attacks against US gas companies, and the creation and evolution of the superuser
Here’s an overview of some of last week’s most interesting news, podcasts and articles:
Phishers mimic OpenID to steal credentials
New spam email campaigns are taking advantage of the users’ vague familiarity with the OpenID authentication method to phish their login credentials for a number of different and popular online services.
Government workers unprotected against visual data leakage
Oculis Labs released results from its “Government Worker Privacy” survey on privacy risks for mobile workers.
FBI wants social networks and IM services to be wiretap-friendly
Worried that technology advances will leave its agents incapable of conducting surveillance of online communications of potential criminals, the FBI is quietly lobbying top Internet companies not to oppose the broadening of scope of the Communications Assistance for Law Enforcement Act (CALEA).
Ransomware increases in prevalence as cyber-criminal tactic
Trojans set a new record as the preferred category of cybercriminals for carrying out information theft, representing 80 percent of all new malware.
Securing mobile apps in the enterprise
The mobile app has become the endpoint. With the advent of consumerization and BYOD, the number of managed devices began shrinking and that of unmanaged devices continues to rise. Consequently, device-level protection techniques have slowly given way to new technologies that focus on protecting the apps themselves and the enterprise data they hold.
Cyber attackers target US natural gas pipeline companies
Unknown attackers are actively targeting natural gas pipeline sector companies in the US with spear phishing emails, the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warns with its monthly newsletter.
The personal cloud will eclipse the PC
The personal cloud is poised to eclipse the PC as the hub of consumers’ digital lives by 2014 as rapid growth in the use of apps and services introduces a new paradigm for how people store, synchronize, share and stream content, according to Gartner.
Online banking fraud insurance scam
In their never ending effort to devise new schemes that defraud online banking accounts, criminals have come up with a scam that is both simple and extremely believable – they are promising online banking fraud protection insurance that is, well, fraudulent.
Phishing impersonating email service providers spikes
IID attributes this spike to spammers needing unsullied email addresses since many major spamming botnets have been shut down, and Internet service providers have become more successful at identifying and blocking email from botnets and other known spam sources.
Privacy icons summarize privacy policies
A group of students from Yale University have shared their final project for their Control, Privacy, and Technology course which offers the novel idea of using icons to brief users of a site’s privacy policy in a clear and simple manner.
Java drive-by generator used in recent attack
A malware delivery campaign that doubles its infections efforts to really make sure the users get compromised has been recently spotted by F-Secure researchers
Americans are less concerned about security
Americans are less concerned about nearly all aspects of security than they were 12 months ago, but an overwhelming majority consider security issues very important when assessing presidential candidates, according to new research by Unisys.
Ransomware starts targeting US users
A year or two ago, fake antivirus solutions were pushed almost daily onto users, but as time went by, they became wiser and more able to recognize them. So cybercriminals toned it down and began replacing that malware with ransomware.
Digital Forensics with Open Source Tools
Proprietary digital forensics tools have long been popular with the majority of forensic practitioners, but there are also open source ones that can come very handy. The book introduces a great number of them, and the only limitation is that the authors focused strictly on those that are used for analyzing media and images of systems that are offline.
Trojan posing as Flash Player for Android
Russian Android users are constantly targeted with Trojans posing as legitimate apps. Last month it was fake Instagram and Angry Birds Space apps, this time the lure is a bogus Flash Player for Android.
The creation and evolution of the superuser
“When I think about managing identities and privileges within an organisation, one of my favorite analogies for the whole privileged identity lifecycle is biblical,” writes Philip Lieberman, President and CEO of Lieberman Software. “Everything starts ‘in the beginning’ with a super user. Whether someone starts with a server or a workstation, creates on-premise solutions for their network infrastructure or builds out a cloud, they’ll always have to start out with an account with god-like power that will control all other accounts accessing that resource going forward in the future.
Open certification framework for cloud providers
The Cloud Security Alliance (CSA) announced the CSA Open Certification Framework, an industry initiative to allow global, trusted certification of cloud providers.
Another alleged TeamPoison hacker arrested
A 17-year-old male that is suspected to be “MLT”, a member and the unofficial spokesman of the notorious “TeamPoison” hacking gang, has been arrested in Newcastle on Wednesday.
47 arrested in massive carding ring bust
47 individuals were arrested on Wednesday by the officers of the Royal Canadian Mounted Police following an investigation of a highly organized and disciplined criminal ring that has managed to steal at least $7 million via cloned bank cards.