Week in review: Stuxnet, XSS Twitter flaw, and 2-factor authentication from Google

Here’s an overview of some of last week’s most interesting news and articles:

Cybercriminals steal Interpol Chief’s identity to access info on fugitives
Ronald Noble, Interpol’s Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information.

Google rolls out 2-factor authentication for Gmail and Apps
In view of the ever increasing number of successful phishing attacks that leave users with compromised accounts, Google has announced the introduction of two-step verification for its corporate users.

Fake “universal” iPhone jailbreaking exploit contains Trojan
When Apple released iOS 4.0.2 which, among other things, patched the vulnerabilities that allowed iPhone owners to jailbreak their device, these users were faced with the question “To upgrade or not to upgrade?”

One in five students have hacked, one in three did it for fun
Research published today by Tufin Technologies reveals that 23% of college and university students have hacked into IT systems. Of these hackers, 40% waited until after their 18th birthday before their first hacking attempt.

XSS Twitter flaw used to expose users to potentially malicious sites
The vulnerability – dubbed “onmouseover” because of the onMouseOver JavaScript code used to exploit it – was firstly used by a variety of Twitterers to have some fun and post “rainbow tweets” and make innocent text boxes pop up.

Cybersecurity tips for the enterprise
With the recent rise in malvertising, high-impact data breaches and other malicious security threats, the practices and secure infrastructure of legitimate marketers increasingly have been called into question.

The cookie that won’t go away
A proof-of-concept JavaScript API that manufactures persistent cookies and stores them in several types of storage mechanisms has been developed by security hacker Samy Kamkar, and he dubbed it evercookie.

Trojan stealing private key certificates
As you may have already noticed, malware peddlers have realized that their wares have a greater chance of being loaded by the targeted system if they are digitally signed. But, where can they get these digital signatures?

An ounce of prevention is better than a pound of cure
The famous quote from Benjamin Franklin on prevention being better than a cure could easily be applied to the issue of corporate data losses. It’s far better to stop breaches happening, than to try and clean up the fallout afterward.

Theories about Stuxnet’s goal and authors abound
The quality of its code, the stolen certificates used to digitally sign it, the specifically targeted configuration, the four 0-day Windows vulnerabilities it exploits to attack the systems, the very delicate nature of the targeted systems themselves – it all points to Stuxnet being an effort backed by a government.

Lack of security measures still hinder cloud computing adoption
Demand for cloud computing systems clearly exists. However, better security, like multi-factor authentication and encryption, are going to be required if cloud computing adoption is going to move forward.

Preparing for a firewall audit
Beyond compliance requirements, firewall audits are best practice for a very good reason. They increase your chances of catching weaknesses in your network security posture and finding places your policies need to be adapted.

“Girl killed herself” Facebook scam returns
There must be something in the title that made a lot of impact, because here it is – trotted out for another scam.

Bizarre tale behind conviction for botnet initiated DDoS attack
In a curious twist of fate, a man who refused to continue his collaboration with a group who’s goal was to unmask pedophiles because he was concerned that their methods were starting to break laws, has been found guilty of launching a DDoS attack with a botnet he assembled by himself.

Scaling intrusion prevention systems for 10G, 40G and beyond
This article takes a look at the distinctive features of IPS and how the performance of these systems can be increased to keep up with the relentless development on the bandwidth front.

Don't miss