Week in review: IE vulnerabilities, iPhone anti-virus and security threats for 2010

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Workers stealing data for competitive edge
85% of people admit they know it’s illegal to download corporate information from their employer but almost half couldn’t stop themselves taking it with them with the majority admitting it could be useful in the future!

Latest 0-day Internet Explorer exploit
A new exploit made public on the BugTraq mailing list on Friday could be soon used for attacking unsuspecting surfers that use Internet Explorer 6 and 7. The two versions of the browser are used by 40% of Internet users.

iPhone worm turns devices into zombies
It took 3 weeks for someone to again take advantage of the vulnerability that leaves the owners of jailbroken iPhones exposed to attacks, and this time the attack is executed with decidedly malicious intent.

FBI’s network against cyber crime
The FBI gave an overview of its actions and practices at the Senate’s Subcommittee on Terrorism and Homeland Security hearing entitled “Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace”.

Aggressive malware attack disguised as Flash player upgrade
The link in the email takes the users to a web site that recommends that they update to the latest version of the Macromedia Flash Player by downloading “flashinstaller.exe” – actually, a banking Trojan.

MySpace phishing and malware combo
F-Secure warns about phishing emails that urge users to update their MySpace accounts.

Online financial security threats: What can we expect in 2010?
Ori Eisen, Chief Innovation Officer at 41st Parameter, highlights the top five financial security threats which emerged as the biggest money makers for fraudsters and where he believes they will make their next move.

IE8 exposes sites to XSS attacks
A flaw in the latest version of IE enables XSS errors to be introduced on websites that are in all other respects completely safe. And this flaw is found in the feature Microsoft added to its browser for the specific prevention of this sort of attack.

Cloud computing pros and cons
Cloud computing – what is it exactly and what benefits does it bring? A new white paper from ISACA describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing.

Q&A: Passwords
Dmitry Sklyarov, an IT security analyst at Elcomsoft, discusses strong and insecure passwords, the compromise between usability and security as well as software you can use to make sure your credentials are safe.

Top 5 Firefox add-ons: Security testing and assessment
Test your sites and web applications and perform a security assessment/audit of your work with 5 handy tools.

Macbook Air prize spam delivers malware
A good rule of thumb when it comes to unsolicited email offers or announcements should be: If it’s too good to be true, it probably is.

iPhone anti-virus software: Has the time come?
Lately there has been a string of worms that compromise jail-broken iPhones. Apple says that they have no intention of offering security for those, because they don’t condone this practice.

Invasive vs. non invasive web application security scan
When evaluating an automated web application security tool, the first two questions that typically one would ask are “Does this tool perform an invasive scan or not?”, and “Will it damage my website?”

5 handy WordPress security plug-ins, part 2
If you’re one among the millions of users of WordPress, and you really don’t have that much knowledge about what’s going on under the hood, your best bet to securing your website is to use plug-ins.

Don't miss