Week in review: Inside a CERT, hotel systems breach and DHS network security holes

Here’s an overview of some of last week’s most interesting news, articles and videos:

Behind the scenes and inside workings of a CERT
Brian Honan is the founder and head of Ireland’s first Computer Emergency Response Team (CERT) team as well as owner of BH Consulting. In this interview he discusses the inside workings of Ireland’s CERT and how it was formed.

Rogue employees sell passport data of World Cup fans
Reports are coming in that the Information Commissioner’s Office has started investigating FIFA, the world football governing body, over allegations that details of thousands of World Cup fans’ – including their passport data – were accessed by one or more members of staff and then sold on the black market.

Hotel systems breached and card info stolen all over the U.S.
The payment system at a number of properties of the hospitality operator that runs over 30 upscale hotels across the U.S. under brand names as Marriott, Hilton, Sheraton and others – has been breached and card data of some 3,400 customers has been compromised.

Audit reveals gaping security holes on DHS networks
The recently released results of a security audit performed on the various systems used by the US-CERT to accomplish its cybersecurity mission revealed an unpleasant reality: a total of 671 unique vulnerabilities – 202 of which were high-risk – have been detected on the Mission Operating Environment (MOE) system.

How your identity could be stolen on Facebook
With its millions of users, the world’s most popular social network has become a perfect target for attackers exploiting such a dense concentration of potential victims. PandaLabs received numerous reports from users whose Facebook profile has been hacked and whose identity has therefore been placed at risk.

Critical 0-day Adobe Acrobat, Reader flaw exploited in the wild
Adobe has released a security advisory warning users about a newly discovered 0-day vulnerability that has already been spotted getting exploited in the wild.

Android SMS Trojan delivered via SEO techniques
Android users searching for pornography on their smart phones could be in for a costly surprise. During the course of researching the origin for the first SMS Trojan for Android devices, I found a new Android package masquerading as a porn media player but which instead sends SMS messages to premium rate numbers.

Tips for safer social networking
The popularity of social networking sites such as Facebook, Twitter and LinkedIn is continuing to grow dramatically, but not just with users. Cybercriminals increasingly are targeting these sites and their troves of sensitive, personal information.

Facebook survey spam worm spreads like fire
What seems to be a security glitch in the Facebook Platform has been misused by a number of developers to push out links through statuses and private messages.

Apple iOS 4.1 fixes security issues
The iOS 4.1 Software Update is the first major update to iOS 4, bringing Game Center, new iTunes features, high dynamic range photography, and security updates to the iPhone.

Every week 57,000 fake Web addresses try to infect users
Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake.

The emotional impact of cybercrime
A new study by Norton reveals the staggering prevalence of cybercrime: 65% of Internet users globally, and 73% of U.S. Web surfers have fallen victim to cybercrimes, including computer viruses, online credit card fraud and identity theft. As the most victimized nations, America ranks third, after China (83%) and Brazil and India (76%).

How black hat spam SEO works
More than 50% of popular searches contain at least one malicious spam SEO link in the first 10 pages. Is Google doing enough to protect its users? In this talk, we’ll debate that question.

Twitter XSS vulnerability exploited in the wild
Malicious links leading to the download of a malicious JavaScript payload have been popping up on various Twitter accounts, warns Kaspersky’s Stefan Tanase.

Wireless car hacking due to poor security
Research from the University of California San Diego and the University of Washington – and which concludes that modern cars are susceptible to wireless hacking – is the result of a security issues being ignored at the car electronics software design stage.




Share this