Week in review: Google Glass hacked, Bitcoin risks, and why we need security awareness training programs
Here’s an overview of some of last week’s most interesting news, reviews and articles:
Info of 50M LivingSocial customers compromised following breach
LivingSocial, the company behind the eponymous deal-of-the-day website, has confirmed that its computer systems have been breached by attackers and that user information such as names, email addresses, date of birth, and encrypted passwords have been compromised.
SpamHaus DDoS suspect arrested in Spain
The Spanish National Police has arrested a 35-year-old Dutch citizen that is suspected of being one of the individuals behind the recent massive DDoS attack launched against Spamhaus, an organization that tracks spam-related activity and provides a blacklist of IP blocks used by known spamming outfits for various anti-spam filters.
Sophisticated Apache backdoor in the wild
The threat is a highly advanced and stealthy backdoor being used to drive traffic to malicious websites carrying Blackhole exploit packs. Researchers have named the backdoor, Linux/Cdorked.A, and it is the most sophisticated Apache backdoor seen so far.
How cybercriminals can target you on public networks
To help consumers avoid online fraud and malware risks, ThreatMetrix has identified several scenarios of how cybercriminals can access sensitive transactions on public networks.
How secure is your confidential data?
It seems ages ago that companies were first warned about the danger of confidential information being found in trash bags in front of the office, yet despite the use of shredders and complex security systems, data still manages to leak out the old fashioned way.
Why we need security awareness training programs
The claim that security awareness trainings are not working is a claim based on wrong assumptions. It also shows a clear lack of understanding of the inner workings of the human mind, and a total lack of respect for your co-workers.
FBI wants to fine companies not complying with wiretap orders
The FBI is pushing for a new legislation aimed at pressuring tech companies to create ways for law enforcement officials to be able to wiretap popular communication channels that they currently have no access to.
APT1 cyber espionage group is back to their old tricks
Despite Mandiant’s prediction that the release of their report on the attack methodology of the so-called APT1 (or “Comment Crew”) cyber espionage group would lead to them changing their attack techniques and consequently make them harder to track in the future, it seems that the group laid has bucked the expectations.
Hackers challenged to crack unhackable secure messaging app
Swiss-based U.K. firm Redact has launched a new app which, they claim, offers a completely secure way of exchanging encrypted messages from iPhone to iPhone and even the possibility of deleting a sent message from the recipient’s device.
Review: Codeproof for iOS
Codeproof Technologie is a SaaS (Software-as-a-Service) provider from Redmond that offers a mobile device management (MDM) solution for Android and iOS devices. This review focuses on the company’s cloud solution for managing Apple’s iPhone devices.
FinFisher spy kit’s C&C servers are popping up around the world
Toronto-based Citizen Lab’s latest report shows that the number of counties in which active FinFisher C&C servers are located has jumped to 36, and that spying software is being distributed under the guise of the popular Mozilla Firefox web browser.
Fake AV scammers impersonate Microsoft
Webroot researchers have spotted an active campaign that involves an ever-rotating slew of websites sporting a warning mimicking a Microsoft Security Essentials alert.
Which companies help protect your data from the government?
The Electronic Frontier Foundation has released its annual report on online service providers’ practices when it comes to protecting users’ privacy and data from government access, and it should not come as a total surprise that Verizon and MySpace are at the bottom of the list.
Serious website vulnerabilities continue to decrease
In 2012, the average number of serious vulnerabilities per website continued to decline, going from 79 in 2011 down to 56 in 2012. Despite this, 86 percent of all websites tested were found to have at least one serious vulnerability exposed to attack every single day of 2012.
A primer on Bitcoin risks and threats
Bitcoin is a digital currency whose creation and transfer is based on an open source cryptographic protocol. There are many benefits to using it (no transaction fees, anonymous payments, etc.), but there are also risks involved.
Do young people care about privacy?
Everywhere I go, I hear some variation of the claim that “young people today just don’t care about privacy.” This is something that people widely seem to believe is “just true.” The latest claim to this effect comes in the form of a new poll, the release of which was trumpeted with unfortunate headlines like “Millennials don’t worry about online privacy.” In fact, the poll, which was conducted by the University of Southern California’s corporate-partnered Center for the Digital Future, showed no such thing.
Multi-stage exploit attacks for more effective malware delivery
Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage.
Google Glass hacked, could be used for spying
The advent of Google Glass – the Augmented reality, head-mounted display that looks like a pair of glasses (albeit a little more high-tech) and allows users to access information and record everything they see and hear – has people worried about their privacy.
Top Android AV software fooled by common evasion techniques
A team of researchers from Northwestern University and North Carolina State University have tested ten of the most popular Android anti-virus software and have discovered that all of them can be fooled by common code obfuscation techniques.