Week in review: Phishing, Kneber botnet and Microsoft vulnerabilities

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:

Adobe PDF format riddled with exploitable features
Adobe’s PDF format and standard has been known for a while now to be easily exploitable and, thus, rather insecure. In the past, attackers have taken advantage not only of its vulnerabilities, but of its features as well. And as Adobe has recently announced a sandbox for Adobe Reader, some experts wonder if it’s enough.

Tips to securely shred unnecessary files
Organizations often hold on to records that are no longer needed. These records take up valuable storage space and cost money that could otherwise be saved. Adhering to a retention schedule helps businesses operate more efficiently to save time, money and space.

Assessing, testing and validating Flash content
In this video, Peleus Uhley, the Platform Security Strategist at Adobe, discusses cross-site scripting, code examination, securing the server and cross-domain policies.

Security for Microsoft Windows System Administrators
Security for Microsoft Windows System Administrators aims at teaching the reader the very basics of information security: general concepts, some cryptography, concepts and vulnerabilities tied to network, system and operational security, and a bit about security audits.

Mobile users more vulnerable to phishing attacks
Trusteer recently gained access to the log files of several web servers that were hosting phishing websites. Analyzing these log files provided visibility into how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used to access the website.

A closer look at avast! Free Antivirus
Avast! Free Antivirus (v.5.1.864) is an anti-virus, anti-spyware software with boot-time scanning capabilities. It also incorporates anti-rootkit and strong self-protection capabilities, and contains several real-time “Shields” which continuously monitor your email and internet connections and check the files on your computer whenever they are opened or closed.

Is Google losing its fight against spam?
Lately, people have been noticing that when searching for evaluations of and quotations for consumer items or academically-related information, it is practically impossible to find relevant search results.

Microsoft confirms unpatched Windows vulnerability
Microsoft released a new security advisory to address a publicly disclosed vulnerability affecting Microsoft Windows’ Graphics Rendering Engine on Windows Vista, Server 2003 and Windows XP.

Kneber botnet returns, steals sensitive government documents
The Kneber botnet is running and striking again – this time with a Christmas-themed electronic greeting card seemingly coming from The White House and targeting employees of various government offices and agencies.

Fuzzing tool discovers over 100 vulnerabilities in popular browsers
The public release of cross_fuzz – a cross-document DOM binding fuzzer that is able to detect vulnerabilities in all browsers by examining how they interact with various elements while they render web pages – by the Google-employed security researcher Michal Zalewski has unveiled some worrying information.

Undetectable fake ATM keyboard steals PINs in real time
The latest discovery of a fake keyboard that is placed over an ATM’s legitimate one and records the typed-in PIN – in conjunction with a fake magnetic strip reader that can be manufactured from cheap spare electronic parts – shows that this kind of crime does not require a lot of funds and can bring in quite a lot of money.

Exploit code for critical MS Office flaw exploit found in the wild
A critical vulnerability in the way Microsoft Office handles RTF which can allow an attacker to remotely execute arbitrary code on the victim’s computer has been by Microsoft in November, but attacks exploiting it are still popping up in the wild.

Estonia institutes volunteer cyber army
In 2007, when Estonia’s government, financial and media computer networks were attacked by unknown Russian hackers following the government’s decision of relocating a Soviet war memorial, it must have been hard to believe that something good would come from it at the end.

Mac OS X 10.6.6 updates security and introduces App Store
Apple released Mac OS X 10.6.6 which which increases the stability, compatibility, and security of your Mac. What’s also very important in this release is the introduction of the long-awaited Mac App Store with more than 1,000 free and paid apps.

My first status scam spreads virally on Facebook
Messages claiming to share the users’ first ever Facebook status updates are being posted on users’ walls by a rogue application.

Mac App Store already cracked
The Mac App Store debuted on Wednesday, and it seems that a flaw has already been found that allows you to get paid applications for free.

50,000 stolen iTunes accounts for sale in China
Some 50,000 iTunes accounts – each associated with an active credit card and some guaranteed to work for at least 12 hours before getting deactivated – are currently being auctioned off on TaoBao, the Chinese equivalent of eBay, for as little as 1 yuan (¢15) per account.