Week in review: Massive SQL injection attack, botnets, security trends and the Conficker worm

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Phishing campaign targets cPanel users
Trusteer warned the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials.

Facebook establishes new Safety Advisory Board
Facebook announced the formation of the Facebook Safety Advisory Board, a group of five Internet safety organizations from North America and Europe that will serve in a consultative capacity to the company on issues related to online safety.

Looking back at spam in 2009
At the end of last year, it was predicted spam volumes would rise slightly higher than 95 percent in 2009 because of a growing use of botnets. Let’s see if the prediction came true.

Q&A: Web application scanning
Mike Shema, Web Application Security Engineer at Qualys, discusses the challenges related to effective Web application scanning, the way a Web application product adapts to new attack vectors, security at the developer level, current and future threats.

Safety in the cloud
As CIOs and IT Directors search for an alternative to layoffs, Software-as-a-Service (SaaS) solutions are frequently emerging as a cost effective way to reduce overhead, without the trauma of slashing projects or staff.

Conficker worm to become a bigger threat in 2010
The Conficker worm continues to wreak havoc, and BitDefender researchers predict that it will become an even bigger threat in 2010.

5 key security trends for the next decade
Imperva predicts five key security trends to watch for over the next ten years.

Microsoft releases six security bulletins
In the latest Patch Tuesday, Microsoft delivers 6 bulletins that fix vulnerabilities targeting Windows, Office and Internet Explorer.

Fake fingerprint fools biometric devices
Japan saw its first case of biometric fraud. The police discovered that a woman had plastic surgery during which the fingerprints of her left and right hand’s thumbs and index fingers were swapped, with the purpose of tricking biometric checks carried on by the immigration control.

Advances in surveillance, more attacks on the horizon
Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn’t retreat and will only intensify in 2010, Unisys security experts predict.

FIFA World Cup related scams
Hot news and big events are almost always used by spammers, phishers and peddlers of scareware to reach the widest audience possible. The FIFA World Cup that takes place in South Africa next year is no exception.

Top 10 botnets and their impact
Botnets – apart from inundating out inboxes with spam – can also be used for ulterior purposes such as executing DDoS attacks or hosting websites, so understanding the “modus operandi” and size behind the well-known names is a good idea.

Threats and threat technologies in 2010
Trend Micro released a report titled “The Future of Threats and Threat Technologies”, in which they analyzed the current situation and made some predictions for 2010 and beyond.

Zbot Trojan uses Amazon cloud
There is a new variant of the Zeus/Zbot Trojan out there that takes advantage of Amazon’s EC2 services for command and control purposes of the botnet.

The security nightmare formula
Small errors on the part of computer users or their IT departments may not wreak havoc on their own, but in combination, they dramatically increase security challenges.

SQL injection attack claims 132,000+
A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites.

Q&A: Digital signatures and use cases for Adobe CDS
Steve Duncan, the Director of Entrust Certificate Services, talks about their Certificates for Adobe CDS that enable organizations to use digital signatures to sign Adobe PDF files with confidence.

Securing the foundation of IT systems
In a constantly changing environment locking down operating systems across the enterprise and maintaining an identified level of compliancy is no easy task.

Do new technologies offer greater security?
Many administrators and CSOs are tired of the constant system patch battle and security software updates. Google Chrome offers them hope for a safer computing experience but whether it can actually offer this safety is a very difficult question.

Don't miss