Week in review: cyber war, SQL injection, spam evolution, Apple and Microsoft patches

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Cyber war is coming, the impact could be huge
Admiral Mike McConnell, Former Chief of National Intelligence says that the US are extremely dependent on the power grid and that they are not prepared for cyber attacks that would jeopardize it.

Free Web application security assessment
The Cenzic HealthCheck program is offering the first 500 SMBs a free application vulnerability assessment performed by Cenzic Web security experts using the companies ClickToSecure managed service solution.

Snow Leopard 10.6.2 updates security
The 10.6.2 update is recommended for Mac OS X 10.6 Snow Leopard users and includes general operating system fixes that enhance the stability, compatibility, and security of your Mac.

Koobface worm creates Facebook accounts to spread
A new Koobface component makes IE create Facebook accounts by automating the whole process – the browser registers the account, confirms and activates the registration via Gmail, joins random Facebook groups, adds friends, posts messages to their walls…

Q&A: Web application security
Robert Abela, Technical Manager at Acunetix discusses in this interview Web application attack vectors, the impact of Cross-Site Scripting, future threats and offers advice on securing Web applications.

Firefox most vulnerable browser, Safari close second
A Cenzic report detects Mozilla Firefox as the most vulnerable browser, followed by Apple Safari.

Cybercrime reality through FBI eyes
Shawn Henry, FBI Assistant Director of Cybersecurity, shares some stories about recent cybercrime investigations conducted by the agency.

International hacking ring caught in $9 million fraud
Three individuals from Russia, Ukraine and Moldova have been indicted by a federal grand jury on charges of hacking into a computer network operated by the credit card processing company RBS WorldPay.

How to protect personal information
How do you know if your online activities are secure, or if trouble is lurking around the corner? IEEE’s security expert members evaluate the most substantial threats and offer advice.

Looking back at 2009 through SQL injection goggles
In February a group of Romanian hackers in separate incidents allegedly broke into Kaspersky, F-Secure, and Bit-Defender websites by use of SQL Injection attacks. This kind of attack was first mentioned a decade ago – why is it still effective?

Apple Safari 4.0.4 patches critical vulnerabilities
Safari 4.0.4 includes improvements to performance, stability, and security.

Biggest website security weaknesses
WhiteHat Security released a report assembled from real-world website security data. It is a high-level perspective on major website security issues that continue to compromise corporate data across all industries.

WordPress 2.8.6 security release
WordPress 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

Serious Adobe Flash vulnerability
Foreground Security discovered a critical vulnerability in Adobe Flash that allows the same-origin policy of Adobe Flash to be exploited to allow nearly any site that allows user generated content to be attacked. No fix for this vulnerability currently exists.

Spam evolution: September 2009
An analysis of email spam, malware and phishing scams during the month of September by Kaspersky Labs.

Don't miss