Week in review: Multi-platform malware, new trends in BYOD, and Google setting up privacy team
Here’s an overview of some of last week’s most interesting news, articles and reviews:
92% of the top 100 mobile apps have been hacked
Ninety-two percent of the Top 100 paid Apple iOS apps and 100 percent of Top 100 paid Android apps have been hacked, according to a new report by Arxan Technologies.
Copyright infringement blackmail scam targets mobile phone users
According to TorrentFreak, the victims seem to have visited via their mobile phones a malicious website that managed to extract information from their devices.
SMSZombie Android Trojan infects 500,000 users
Chinese mobile security company TrustGo Security has recently discovered an Android Trojan that targets Chinese users exclusively, as it takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, steal bank card numbers and money transfer receipt information.
From identity and access solutions to access governance
The need to identify users, control what they can access and audit their activities is fundamental to information security. Over the past decade, there has been a tsunami of identity and access management technology designed to provide a solution to these needs.
The cyber warfare revolution
F-Secure’s new Threat Report uncovers a security landscape in which focus has shifted away from traditional virus and malware threats to nation state sponsored cyber attacks.
Open certification framework for cloud providers
The Cloud Security Alliance (CSA) announced additional details of its Open Certification Framework, and its partnership with BSI (British Standards Institution). This partnership will ensure the Open Certification Framework is in line with international standards and is based upon a comprehensive certification process.
65% of companies expose personally identifiable information
More than 65 percent of businesses don’t protect their customers’ private data from unauthorized employees and consultants, according to a survey of hundreds of IT managers and developers at large organizations conducted by GreenSQL.
Beware of bogus email with iPhone 5 details
Malware peddlers are taking advantage of the fact that the next version of Apple’s popular iPhone is due to be released soon by targeting users with specially crafted spam emails.
Israeli firms targeted by cyber extortionists
While Iranian systems seem mostly targeted with state-sponsored espionage malware, Israeli businesses and financial institutions mostly fear cyber extortionists.
BYOD 2.0 and spotting the next big trend
The very flexibility that corporate management demanded of its workforce has bounced back as the same workforce demanded flexible methods of working. BYOD is, in fact, just the beginning of a process that will require IT departments to work closely with staff regarding the choice of tools that they use.
Mac malware Crisis can spread to different environments
Symantec’s researchers have recently discovered that the Windows version of the threat uses three methods to spread itself: to a removable disk drive, to a VMware virtual machine, and to a Windows Mobile device.
Fake Android Flash Player contains malware and adware
Malware peddlers are taking advantage of the fact that Adobe has pulled its Flash Player app from Google Play and decided to concentrate on PC browsing and mobile apps bundled with Adobe AIR, and have begun offering Android malware disguised as the aforementioned legitimate software.
The Tangled Web: A Guide to Securing Modern Web Applications
We all use the Internet to some extent and browsers to surf through it. With security vulnerabilities affecting them and the technologies that allow them to function popping up every day, most of us are aware that we should never consider ourselves completely secure while doing it. This book explains in detail the security pitfalls every web application developer should strive to solve or at least avoid.
FTC to investigate websites allegedly collecting data from children
Among the websites named in the complaint are McDonald’s HappyMeal.com; Nickelodeon’ Nick.com; General Mills’ ReesesPuffs.com and TrixWorld.com; SubwayKids.com; and Turner’s CartoonNetwork.com.
Google instituting internal Privacy Red Team
Google is looking for a Data Privacy Engineer to be part of an internal team whose goal will be to find – and remove – privacy risks in the company’s many products.
US Feds shutter three Android app pirate sites
For the first time since it has started the war against illegal sites, the US Department of Justice has swooped on three websites that were engaged in the illegal distribution of copies of copyrighted Android apps.
Bogus Booking.com emails carry malware
The popularity of the Booking.com, one of the world’s biggest and most used online hotel reservations agency is getting misused in the latest malware distribution campaign.
Aramco hackers threaten to attack oil giant again
The group of hackers that claimed responsibility for the recent Saudi Aramco breach has announced that it will be targeting the company again because they want to prove that they accomplished the attack without the help of a company insider.
Proactive or reactive: Should that be the question?
For a number of years digital forensics has referred to “the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law’. While collecting this digital evidence, to be used retrospectively in subsequent litigation, is a valid activity there is growing support for a more proactive proposition.
Crisis malware doesn’t affect most VMware hypervisors
Unlike the majority of other malware that terminates itself when it detects a VMware virtual machine image on the compromised computer in order to avoid being analyzed, this one mounts the image and then copies itself onto the image by using a VMware Player tool. The news troubled users of VMware products, but according to Warren Wu, director of datacenter products at Trend Micro, there’s very little to worry about.