Week in review: Aurora malware, cyber war games and 0-day vulnerabilities for sale

Here’s an overview of some of last week’s most interesting news and articles:

Biggest Chinese hacker training site taken down
Black Hawk Safety Net, which offered attacking programs and malicious software to its subscribers, has been shut down by the police.

Sensitive information retrieved from P2P networks
Security researchers demonstrated the amazing variety of sensitive information that people send out out over peer-to-peer networks.

Zero-day vulnerabilities on the market
Zero-day vulnerabilities have become prized possessions to attackers and defenders alike, and hackers ask from tens of thousands to hundreds of thousands dollars for each one.

Phishing site spoofing secure login page
A phishing site masquerading as the secure login page of CenturyLink, the fourth largest local exchange telephone carrier in the US in terms of access lines, has been discovered.

Researcher hacks security encryption chip found on millions of PCs
The Trusted Platform Module (TPM), a secure chip that stores cryptographic keys and when activated adds an extra layer of protection through encryption, has been until now considered impregnable.

Microsoft releases giant patch collection
In this month’s Patch Tuesday, Microsoft delivers 13 bulletins that fix vulnerabilities targeting Windows and Office.

OpenDNSSEC 1.0.0 released
Internet engineers continue to enhance Internet security with the release of OpenDNSSEC, a tool which simplifies the process of signing one or more zones with DNSSEC.

Operation Aurora malware investigated
According to the report, “forensic tool-marks in the CRC algorithm can be traced to Chinese origin. That, combined with domain registration information, leads to at least one potential actor, Peng Yongii.

A closer look at USB Secure 1.3.0
USB Secure helps you password protect USB drives, thumb drives, memory cards, external drives and flash drives.

The four myths of cyber security
Organizations are failing to accept responsibility for their own security, instead blaming the inherent flaws and insecurity of the internet, saying that security is a global problem and therefore everyone is to blame. It’s time to dispel these myths.

Hacking games: Key to finding cybersecurity talent
To catch a thief, you must think like a thief – the best way to defend an asset is to get inside the head of the attacker and predict his actions.

Simulated cyber attack will test US Government response
For the first time in U.S. history, a cyber attack worst-case scenario war-game will be presented on television.

ZBOT/Zeus makers mock AV companies
In a bid to demonstrate their superiority, the authors inserted a hidden message in a new variant of the Trojan.

Will virtualization and cloud computing change how we achieve security?
As the industry moves towards a new IT infrastructure play, what are the implications on IT security?

Chip and PIN system on banking cards seriously flawed
A team of Cambridge computer researchers has discovered a flaw in the chip and PIN system used on most – if not all – credit and debit cards around the world.

Lawful wiretap interfaces accessible to cyber criminals?
The lawful intercept architecture in Cisco Systems’ networking products has been examined and found wanting by Tom Cross, manager of IBM’s X-Force research team.

Google Buzz for spammers
Security implications and privacy concerns regarding Google Buzz.




Share this