Week in review: Adobe Reader sandbox, Stuxnet worm and a new 0-day Windows vulnerability

Here’s an overview of some of last week’s most interesting news, reviews, articles and videos:

10 steps for safe web surfing
This is a good time for vacation-goers — and everyone else — to reevaluate how they use the Web and re-educate themselves about how to avoid disclosing personal information when they use the Internet at home or on vacation.

Skimming devices on gas pumps sending stolen card numbers via Bluetooth
A maintenance worker at a Shell gas station located in Florida was the first one to notice that a gas pump he was checking had been fitted with a credit card skimming device.

Identifying suspicious URLs
This video explores online learning approaches for detecting malicious Web sites using lexical and host-based features of the associated URLs.

Hacker fingerprints – the future of malware detection?
Hoglund in scheduled to hold a briefing during Black Hat 2010, in which he is going to explain how his “hacker fingerprints/signatures” approach might just be the thing that will revolutionize the anti-malware market.

Botnet C&C centers move to social networks
“Bulletproof” hosting has proved not to be that reliable, so botnet herders decided to set up their C&C centers on social networks.

Lack of computer security experts weighs heavy on U.S. cyber defense
When it comes to defending itself from cyber attacks, the U.S. is one of the most vulnerable countries in the world, since many civilian and military operations are essentially dependent on data networking.

New zero-day “shortcut worm” vulnerability affects all Windows versions
The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer.

Siemens SCADA systems under attack by information stealing worm
The recently discovered Stuxnet worm that contains the password for Siemens’ SCADA systems is wreaking havoc around the world.

CCNA Security 640-553 Cert Flash Cards Online
The CCNA Security 640-553 Cert Flash Cards Online is a custom flash card application loaded with 250 total questions that offer a good way to review all the objectives on the IINS exam 640-553.

Google updates its anti-spam engine to block recent JavaScript attacks
These emails are a hybrid between virus and spam messages, and are designed to look like legitimate, Non Delivery Report messages.

“OMG mother went to jail” Facebook scam spreads virally
Similar to the recent “Never Gonna Drink Coca-Cola Again” scam, the attack encourages users to “like” a Facebook page, tricking them into sharing the link on their wall before they are able to access the image.

Finally! A sandbox for Adobe Reader
Brad Arkin of the Adobe Secure Software Engineering Team announced a big change – Adobe Reader is getting a “sandbox” environment that goes by the name of Adobe Reader Protected Mode.

Q&A: Sandbox for Adobe Reader
Didier Stevens is an IT security consultant well-known for his research into malicious PDF files. Since Adobe announced a sandbox for Adobe Reader, it was a perfect opportunity to hear his opinion on the subject.

Secure by design
In this video recorded at the IBM Innovate 2010 conference, David Grant, the Director of Security Solutions at IBM Rational, talks about how software is the invisible thread in a lot of innovations that enhance the quality of our lives.

1.2 million infected by Eleonore exploits toolkit
A two-month-long study by AVG Research researched 165 Eleonore toolkits in use by cybercriminals and concluded that those using the Eleonore exploit toolkit were experiencing a 10 percent success rate in infecting the more than 12 million users visiting their compromised web pages.

Privacy worries make the E.U. limit use of citizens’ personal data
The European Union has announced its plan to enforce stricter rules regarding its use of personal data of private citizens.

Safari’s AutoFill reveals personal information
A feature of Apple’s Safari browser can be used by hackers to harvest personal information, says Jeremiah Grossman, founder and CTO of WhiteHat Security.

Georgian businesses targeted by identity thieves
A week ago, Colorado’s Secretary of State and the state’s Attorney General warned registered businesses that criminals are hijacking corporate names and brands in order to secure loans and lines of credit and make off with the money.

Don't miss