Week in review: Facebook investigates data leak, removes insecure feature, and Windows 8 exploit on sale
Here’s an overview of some of last week’s most interesting news, podcasts and articles:
Privacy compliance laws: Why the European Commission finally got it right
The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy.
Cloud Security Alliance released SIEM guidance
The new report, prepared by the SecaaS Working Group, provides guidance for best practices on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructure and applications.
Privacy-invading module found in thousands of apps on Google Play
An advertising module embedded into over 7,000 “free” fake versions of legitimate Android apps that can be found on Google Play is actively harvesting a ton of personal and mobile use information from unsuspecting users, warns Trend Micro Senior Threat Researcher Alice Decker.
Malware authors turn to simpler detection evasion techniques
Malware authors are always trying to bypass automated threat analysis systems and their sandboxed that let the programs do their thing and log their behavior. They are currently trying out new tricks for making their wares seem harmless.
A surveillance system that can anticipate trouble
Two researchers from the Psychology Department of the Carnegie Mellon University have managed to create a video surveillance system that not only follows human activity, but is also capable of predicting what the observed people will likely do next.
Yahoo! will disregard Do Not Track requests from IE 10 users
As more and more browser developers add the support for the Do Not Track header to their products, and since Microsoft’s decision of making IE10 have the Do Not Track on by default, the discussion about whether websites should or should not accept this particular user request has reached a new level.
Inside the black market for social network fraud
In its analysis of a large hacker forum containing roughly 250,000 members, Imperva detected a black market for social network fraud.
Israel Police pulled computers offline due to RAT infestation
Investigation into the matter revealed that police servers and computers may have been compromised almost a week age before the presence of the malware was first discovered.
Facebook investigates data leak from 1 million accounts
Facebook will be launching an internal investigation following the revelation by Czech blogger Bogomil Shopov that data belonging to over one million Facebook users was offered for sale for $5.
Can the Nuclear exploit kit dethrone Blackhole?
In a market dominated by the mega-popular Blackhole exploit kit (newly upgraded to version 2.0) and the somewhat less sought-after Eleonore and Phoenix exploit packs, can the developer of a fourth one hope to compete?
Microsoft’s worldwide threat assessment
In this podcast recorded at RSA Conference Europe 2012, Tim Rains, the Director of Product Management at Microsoft’s TWC group, talks about volume 13 of Microsoft’s Security Intelligence Report which analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide.
Georgia shows photos of Russian-based hacker spy
A Russian-based hacker has been unmasked as one of the attackers behind a long-standing campaign aimed at compromising computers belonging to Georgian ministries, parliament, banks and NGOs, and stealing information from them seemingly at the behest of Russian security agencies.
Costs of tools and activities in the Russian cybercriminal underground
A new Trend Micro research paper describes a broad offering of tools and activities that can be bought and sold on underground forum shopping sites. It examines the prices charged for various types of services, while also providing examples of information shared among cybercriminals.
Windows 8 exploit combining several 0-days already up for sale
Less that a week after Microsoft released is long awaited Windows 8, with new and improved security features, French bug hunters VUPEN Security have announced that they have created an exploit for the new OS version that takes advantage of several zero-day flaws.
25% of Google Play apps pose a security risk
New research shows that more than 100,000 Android applications in the Google Play store (25 percent) pose a security risk to mobile device users and the enterprise networks to which they connect.
Facebook flaw allowed access to accounts without authentication
A commenter on the Hacker News website has discovered by accident a pretty big security flaw that could allow anyone who knew what to search for to access over a million Facebook accounts – all without needing to know the password.
Team GhostShell leaks 2.5M records from Russian govt, firms
Team GhostShell, the hacker group responsible for the recent leak of some 120,000+ records raided from top universities around the world, has done it again.