Week in review: Phone phishing, botnet monetization, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Insufficient employee security training for the cloud
Despite security concerns and the expected growth in cloud computing, only 27 percent of respondents said their organizations have procedures for approving cloud applications that use sensitive or confidential information.

ZeuS vs. Zeus Killer
Back at the beginning of February, we wrote about the SpyEye toolkit and its author’s intention of encroaching upon Zeus toolkit’s turf. Two months later, the authors of both toolkits are issuing updates that offer additional functionality.

iPad, iPhone “prizes” as lures for Twitter users
Not surprisingly, spam using the Apple iPad as a lure to get users to give up personal or credit card information has began to make rounds of Twitter users.

Check how secure, private and open an app is
WhatApp is a wiki page where you can rate and read reviews of Web and social network applications, browsers, add-ons and mobile platforms – reviews that will not tell you if an app is cool or not, but will tell you how secure, private and open it is.

Facebook will not start charging users
“News” of Facebook’s plan to charge for the use of its network is once again surfacing and being propagated by users and Facebook groups.

(IN)SECURE Magazine issue 25 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 25 has been released today.

Is phone phishing making a comeback?
Pennsylvania Attorney General Tom Corbett is warning the state residents that the number of phishing calls of this kind has increased recently, and that the scammers are using live operators and automated calls to create an aura of legitimacy.

Web application security issues and solutions
In this video, Cenzic’s Mandeep Khera focuses on the fact that most web applications are not being tested for security problems and introduces a new Cenzic cloud offering that you can use to get a quick jumpstart on your web application security.

U.S. infrastructure at risk from sophisticated cyber attacks
Nearly three-quarters of federal IT decision-makers who work in national defense and security departments or agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year.

Does single sign-on have a future?
Single sign-on has been for a while now lodged into many IT minds as a potential ideal solution for the issue of the forever-piling sign-in credentials. The usual issues of security and trust are – as always – what stands in the way of potential adoption.

Bank employee accused of stealing from “infected” ATMs
The accused allegedly designed a piece of malicious software and infected the system with it so that he could withdraw money from the ATMs without them recording that the transaction occurred.

Hacking Web 2.0 JavaScript: Reverse engineering, discovery and revelations
This paper wants to throw light on the methods that can be used to look for security loopholes such as XSS (Cross-Site Scripting) in JavaScript, specific to the Web 2.0 implementations of the same which consumes information from untrusted sources.

Q&A: Cyber warfare
Geoff Harris is the President of the UK Chapter of the Information Systems Security Association (ISSA) a not-for-profit, international organization of information security professionals and practitioners. In this interview he discusses cyber warfare.

lThe botnet economyTrojan disguised as Windows Mobile game
A “trojanized” pirated version of a 3D first-person shooter game for the Windows mobile platform found its way to some Windows Mobile freeware download sites and “infected” the phones of those who downloaded it.

Don't miss