Week in review: KHOBE attack, Facebook security and the biggest phishing crime syndicate

Here’s an overview of some of last week’s most interesting news and articles:

phpnuke.org compromised, serving exploits
PHP-Nuke is a popular Web content management system based on PHP and various databases. Its main website provides handy resources for those who use it.

ATM hacks to be demonstrated at Black Hat USA
Barnaby Jack is coming back to Black Hat with an improved presentation that will feature ATM vulnerabilities and demonstrate hacks that will rival those from the “Terminator 2” movie.

Windows 7 Compatibility Checker turns out to be a Trojan
A deceptive “help” message invites recipients to check their PCs’ compatibility with Windows 7 by downloading and running an altered version of the Windows 7 Upgrade Advisor concealing a Trojan.

Patch time: Keeping your system and programs up-to-date
For all computer users, patching is an important aspect of keeping secure online. Need more information on exactly what patching is, why it’s so important, and how to stay up-to-date?

Security hole in Yelp Instant Personalization
A never-ending string of privacy glitches and bugs has struck Facebook since the implementation of its highly controversial Instant Personalization feature.

Microsoft delivers two critical updates
In this month’s Patch Tuesday, Microsoft delivers two security bulletins that address vulnerabilities affecting Windows, Office and Visual Basic for Applications.

The KHOBE attack: Are all AV solutions vulnerable?
Dubbed an “8.0 earthquake for Windows desktop security software” by its creators, the KHOBE or the argument-switch attack has been recently presented as a technique that can bypass most – if not all! – security software.

Rootkit-based Skype worm opens backdoors
Unlike average IM worms, Backdoor.Tofsee features an extensive set of tricks to deter detection and removal, as well as a wide assortment of ways to harm both the user and their computer.

Lessons learned and ongoing risks at third anniversary of T.J. Maxx breach
As the third anniversary of the infamous TJX data breach approaches, Slavik Markovich, CTO of Sentrigo, shares his thoughts on how data security has improved, and also discusses some of the hurdles that still need to be addressed.

A closer look at LastPass
LastPass is a multi-platform, multi-browser password manager and form filler. You can use it on Windows, Mac OS or Linux; with IE, Firefox, Safari or Chrome. I will be using it on my MacBook with the Safari browser.

One crime syndicate responsible for most phishing attacks
A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 — according to a report released by the Anti-Phishing Working Group (APWG).

FacebookDigits phishing scam
The phishing website, whose looks evoke those of the social network, is trying to convince potential victims that they can now take advantage of a service that will allow them to get a “Facebook phone number”.

Black swans, secure access and business continuity
The eruption of the Eyjafjallaj?¶kull volcano was a true “black swan’ – a rare, unexpected, yet high-impact event, and it has forced businesses to review their continuity plans, to accommodate a wider range of eventualities.

Facebook’s changes clash with Europeans’ expectations of privacy
Europeans are well-known for their high privacy expectations and demands. Another proof of that is a letter that the Article 29 Working Party (an independent European Commission advisory body) has sent to Facebook.

Attack detectors on CPUs expose backdoors
How can you be sure that the CPU on your computer hasn’t been tampered with and is not stealthily collecting your data for someone else to use?

Four things about Facebook most people aren’t aware of
Joey Tyson (also known as “theharmonyguy”) reveals that there are a few things that Facebook would never come out and say directly.




Share this