Week in review: Facebook phishing, Stuxnet revelations and lessons from HBGary breach

Here’s an overview of some of last week’s most interesting news, videos and articles:

Virus downs Australian ambulance dispatch service
The infection spread quickly, and the staff was forced to shut down the whole system for over 24 hours.

Hardware keyloggers found on library computers
Two keyloggers have been confiscated at the Wilmslow and Handforth libraries each, but unfortunately a third one at the Wilmslow library had been removed – likely by the same people that put them there – before the police managed to arrive at the scene.

124 new advanced evasion techniques discovered
Stonesoft announced it has discovered 124 new advanced evasion techniques (AETs). Samples of these AETs have been delivered to the Computer Emergency Response Team (CERT-FI), who will continue to coordinate a global vulnerability coordination effort.

Chrome extension for blocking and reporting content farms to Google
It is a well-known fact that to search for a product review on Google has become almost pointless, and that the search engine is continually battling the rising number of content farms and scrapers. The company is obviously aware that this is becoming a large problem and its researchers have been thinking of ways to solve it.

SSL and the Internet: Where is it all going wrong?
SSL is known as “the security backbone of the internet,” as it is a security protocol that protects web sites by enabling encryption of sensitive information during online transactions. While it is a valuable protocol, implementations can have issues, including problems with configurations and certificate validations, which render SSL invalid, jeopardizing security.

Israeli general claims Stuxnet attacks as one of his successes
The Haaretz – Israel’s oldest daily newspaper – reports (via Google Translate) about the a surprising video that was played at a party organized for General Gabi Ashkenazi’s last day on the job.

Top 10 botnets of 2010
Damballa’s “Top 10 Botnet Threat Report – 2010” shows a dramatic increase in Internet crime and targeted botnet attacks.

HBGary e-mails are a treasure trove for social engineers
The recent publication of the second batch of corporate e-mails exchanged between HBGary and HBGary Federal executives and various contacts in US intelligence, military and law enforcement organizations is a godsend to individuals that aim to launch social engineering attacks against those people, says expert Chris Hadnagy.

Two BBC sites serving malware via injected iFrame
A piece of malware detected by only 21 percent of the anti-virus solutions used by VirusTotal is currently being pushed onto unsuspecting visitors of the BBC 6 Music and BBC 1Xtra radio station websites.

70% of SMS spam is financial fraud
An analysis of SMS traffic conducted from March through December 2010 reveals that according to the reports of misuse submitted by AT&T, Bell Mobility, KT, Korean Internet & Security Agency, SFR, Sprint, and Vodafone consumers, spam is found across all networks, and at levels higher than originally anticipated.

One in 10 IT pros have access to accounts from previous jobs
According to a survey that examines how IT professionals and employees view the use of policies and technologies to manage and protect users’ electronic identities, the sharing of work log-ins and passwords between co-workers is a regular occurrence.

Canadian government networks breached by Chinese hackers?
When it comes to covert cyber attacks on government networks, it somehow seems that they can always be traced back to servers in China.

A Trojan-Clicker for Android spotted
A new Android Trojan – dubbed HongTouTou or ADRD – has been spotted targeting Chinese-speaking users. Repackaged with popular Android applications and games, it is being distributed via unregulated app markets and online forums.

Information security pros stretched thin and overworked
A study based on a survey of more than 10,000 information security professionals worldwide finds that a growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years.

Facebook users targeted by unimaginative phishing campaign
A phishing campaign targeting Facebook users is currently under way and lures users with messages coming from compromised accounts seemingly containing links to various Facebook applications.

A lesson to learn from the HBGary breach
As you might have already read, the HBGary and rootkit.com breach by Anonymous was not executed by using obscure techniques or unknown vulnerabilities – quite the opposite, in fact.

Video: RSA Conference 2011 showcase
In this RSA Conference 2011 video showcase, you can check out the look and feel of the event and the expo floor.




Share this