Week in review: Apache.org hacked, Facebook ups defenses, Adobe and Microsoft patches

Here’s an overview of some of last week’s most interesting news, articles, and podcasts:

Endpoint data leak prevention still a major headache
More than one in three (38%) of respondents are still failing to deploy any form of data leak prevention, according to a survey by DeviceLock.

WordPress hacked, affected blogs point to malware site
A throng of blogs have been compromised and are pointing readers to a malicious website containing scripts that lead to a Trojan that drops and executes other malicious files.

Cash extortion scheme targets BitTorrent users
BitTorrent users are targeted by an unprecedented extortion campaign that threatens them with legal action for copyright infringement, unless the pay a $400 “fine”.

Farm Town players targeted by malvertisements?
Players of the popular Facebook game application Farm Town are warned not to fall for the fake security warnings claiming that the user is infected by a virus that pop up while they are playing.

Future air travel security risks, privacy and social implications
ENISA has analyzed the risks associated with a future air travel scenario, enabled with “Internet of things”, IoT / RFID technology. The report identifies major security risks, as well as privacy, social and legal implications and also makes concrete policy, research and legal, recommendations.

Medical records secured by code-changing algorithm
Within electronic medical records, every disease, symptom or injury has its own code, which makes analysis easier and faster. But, the problem is that these codes are available through public databases and electronic medical records.

10 online safety tips
BitDefender offers a few points of conversation that parents and teachers can use to start a dialogue regarding online safety.

Apache.org hit by XSS, bruteforce attack
The Foundation is warning users of the Apache hosted JIRA, Bugzilla, or Confluence that a hashed copy of their password has been compromised.

15 vulnerabilities patched in Adobe Reader and Acrobat
Critical vulnerabilities that could cause the application to crash and could potentially allow an attacker to take control of the affected system have been identified and patched in Adobe Reader and Acrobat.

Microsoft patches 25 vulnerabilities
In this month’s Patch Tuesday, Microsoft delivers 11 security bulletins to address 25 vulnerabilities affecting Windows, Office and Exchange. Five bulletins are rated Critical, five rated Important and one is rated Moderate.

iPhone unlocking tricks get PCs into trouble
A malware-spreading mechanism targeting the “iPhone unlocking” fans goes to prove that cybercrime is never short of imagination.

iPhone OS 4.0 security fear, uncertainty and doubt
Instead of hearing about genuine problems and viable solutions, we’re bombarded with speculation and fierce theories aimed at shining the spotlight on a solution or service.

A third of Windows XP security solutions failed independent tests
60 solutions were tested, but only 40 received the VB100 award. Among those that failed are solutions from well-known security companies such as Kaspersky, Lavasoft, Fortinet, Sunbelt and others.

Facebook builds up its defenses
The redesign of its Safety Center is just one of the steps Facebook is lately taking to tackle the security issues that have been steadily rising along with the number of users.

Little-known Java feature exploited in-the-wild
A recently unearthed feature that has been built into Java since Java 6 Update 10 allows developers to easily distribute their applications to end users. Unfortunately, it also allows criminals to remotely execute malicious code on the user’s computer.

Infected XP machines remain unpatched
To avoid the systems crashes from February, which were triggered by the security updates to the Windows kernel, Microsoft has made some modifications to the security updates released on Tuesday.

Open authentication standards and OATH
In this podcast, Siddharth Bajaj, Chair of the Joint Coordination Committee which leads the Initiative for OATH (Open AuTHentication), talks about the work OATH has been doing the last 5 years and explains open authentication standards.

Don't miss