Week in review: Gawker breach, social engineering and security predictions for 2011

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:

Gawker Media breach claimed by Gnosis
The credit for the breach of Gawker Media has been claimed by a group that goes by the name of Gnosis, and was apparently a way to get back at the company, its staff and its founder Nick Denton, for attacking publicly 4Chan.

Malware spread via Google, Microsoft ad network
A number of online ad networks – including the two largest, Google’s DoubleClick and Microsoft’s Media Network – have been found unknowingly spreading malware via compromised ads provided by a malicious “company” impersonating the legitimate ad serving and marketing firm AdShuffle.

Operation Payback and hacktivism 101
Hacktivism is the use of cyber attacks and sabotage to communicate and promote politically motivated causes. It has been around as long as the internet.

Top wireless security trends for 2011
When security is mobile, you need to be able to track it, according to Inovonics’ President Mark Jarman. Here are his predictions for 2011.

Hacktivism and social engineering emerge as top threats
Hacktivism and more profit-oriented malware, social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year, according to PandaLabs.

2010: The year of the vulnerability
Vulnerabilities have really come to the fore in 2010, especially those in Adobe software. Exploiting vulnerabilities has become the prime method for penetrating users’ computers, with vulnerabilities in Microsoft products rapidly losing ground to those in Adobe and Apple products.

Database breach that could endanger lives
A database breach that could result in more than just identity theft is the result of a compromise of the online database of the Mesa County Sheriff’s Department (Colorado) by yet unknown individuals

FBI put backdoors in OpenBSD IPSEC stack?
Some serious allegations have been raised yesterday as Theo de Raadt, founder and leader of the OpenBSD and OpenSSH projects, has made public a private e-mail he received from Gregory Perry, former CTO of NETSEC and current CEO of GoVirtual Education.

McDonald’s data breach just the tip of the iceberg
The FBI was involved and the investigation revealed that the breached database was administered by an Atlanta-based e-mail distribution company called Siverpop Systems. But, as it turns out, McDonald’s wasn’t the only company whose customers’ data was stolen.

Acunetix Web Vulnerability Scanner 7
A manual search for vulnerabilities would simply take too much time, so penetration testers usually use an automated web vulnerability scanner to do the preliminary work for them. Acunetix has long had the reputation of manufacturing one of the best tools for this kind of job.

Mozilla expands its bug bounty program
Back in 2004, the Mozilla Foundation instituted a bug bounty program that rewarded users who reported critical security vulnerabilities on the Foundation’s software with $500 per bug. Six years later, the amount received for the reported bugs can reach $3,000 per bug. Not even five months later, Mozilla has decided to up the ante once again.

After the 2010 security tsunami, tips on how to survive 2011
In the coming year companies will start to understand that the insider threat is real and that their existing security culture of using weak passwords, sharing privileged passwords and never changing root passwords will lead to greater financial losses and damage to their reputations.

NSA considers its networks compromised
Debora Plunkett, head of the NSA’s Information Assurance Directorate, has confirmed what many security experts suspected to be true: no computer network can be considered completely and utterly impenetrable – not even that of the NSA.

Bradley Manning offered plea bargain
US authorities have offered Army Private Bradley Manning – the young Army intelligence analyst that has allegedly delivered the classified government records to WikiLeaks – a plea bargain if he attests that Assange urged him to copy those record and deliver them to the organization.

Emergence of blended malware attacks lead concern for 2011
“The major theme in for 2011 will be evolution. The evolution of attacks like Stuxnet, the evolution of new platforms like iOS and most importantly, an evolution in the tools we use to secure our systems,” said Toney Jennings, CEO of CoreTrace.

How to protect your company from social engineering attacks
Jayson E. Street is the Chief Infosec Officer at Stratagem 1 Solutions, the author of the book Dissecting the hack: the f0rb1dd3n network and a well-known information security speaker. Jayson offers advice for companies on how to prepare themselves for potentially dangerous social engineering situations.




Share this