Week in review: Epsilon breach, MITM attacks and the execution of the RSA hack

Here’s an overview of some of last week’s most interesting news, reviews, videos and articles:

The execution of the RSA hack
More than two weeks have passed since the high profile RSA hack, and the company has finally decided to share some of the details regarding the attack. The question that is uppermost on most people’s minds – What information did the attacker manage to get their hands on? – still remains unanswered, but at least we now know how he managed to breach the company defenses.

Massive Epsilon breach affects JPMorgan Chase, Capital One, US Bank and others
Third-party firms that handle e-mail marketing for big companies and corporations have lately become a very desirable target for attackers, and the onslaught continues.

Data breach mistakes feared more than attackers
Seventy percent of compliance professionals feel that their organizations are well or very well prepared to fend off malicious hacker attacks, however, their confidence wanes significantly when assessing other data breach threats.

Automated security analysis
Standing still isn’t an option – if you don’t adapt or change your security infrastructure and policies to keep pace, your networks are exposed. Yet just the act of making network changes can introduce unexpected vulnerabilities – which in turn, further complicates the security issue.

Secunia joins the Information Security Forum
Secunia has become a member of the Information Security Forum (ISF), an independent authority on best practice in the field of information risk management.

Condé Nast scammed out of $8 million with single spear phishing email
Cond̩ Nast Рthe company that publishes popular magazines such as Vogue, GQ, Architectural Digest, Wired, Vanity Fair, and many others Рhas been nearly defrauded of almost $8 millions with a single, well-crafted spear phishing email.

Cheap Zeus source code will generate more Trojan variants
Barely two months after cybercriminals put the source code of Zeus up for sale at $100,000, reports are now coming in that the source code is being offered at bargain basement prices from multiple sources.

SpyEye-fueled man-in-the-mobile attack targets bank customers
The customers of a European bank have recently been targeted by a man-in-the-mobile attack featuring a SpyEye variant.

Interpol chief calls for global electronic identity card system
The head of INTERPOL has emphasized the need for a globally verifiable electronic identity card (e-ID) system for migrant workers at an international forum on citizen ID projects, e-passports, and border control management.

MITM attacks made possible by SSL certs issued for unqualified names
The recent compromise of a Comodo affiliate Registration Authority has jolted the security community and has justifiably made it question whether the Web’s certificate authority infrastructure is a system that can be trusted.

Feedback loops in the fight against spam
Nearly everybody gets spam. But do you ever wonder what happens when you click that ‘Report Spam’ button on your mail reader? Does it do anything useful, or is it really the same as just clicking ‘Delete’?

Application security vulnerabilities
In this video, Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level.

New Chinese bootkit opens the door to multiple infections
It is being distributed by a downloader Trojan, which is picked up by users when they try to download a video from a bogus Chinese adult site.

Bogus Facebook app harvests user login credentials
It lures users with videos titled “Tornado Randomly Appears During Soccer Game” or “Video: This is the best April Fools’ prank ever!”

Privacy violations by popular mobile apps under investigation
An ongoing grand-jury investigation has revealed that many mobile applications could be sending various user information to advertising networks without the users’ knowledge and permission.

Mining the Social Web: Analyzing Data from Facebook, Twitter, LinkedIn, and Other Social Media Sites
This book will show you how to discover who’s talking to whom, what about and where they are located in the real world – in short, how to mine useful data from the social networks, blogs and email.

Servers breached at Fortune 100 company
The Connecticut-based Hartford Financial Services Group – a Fortune 100 company and one of the largest investment and insurance companies in the US – has suffered a breach that resulted in password-stealing Trojans being installed on a number of the company’s servers.

Hacking Unified Communications security
A fundamental shift in the IT security world has taken place.

US government to deliver terror alerts via Facebook and Twitter
Color-coded terror alerts for US citizens could very soon become a thing of the past. Starting from April 27, the Department of Homeland Security is likely to differentiate the risk as “elevated” or “imminent” and to start issuing public alerts via Facebook or Twitter.

TJX hacker appeals his sentence, claims US government sanctioned his crimes
Albert Gonzales is asking the court to throw out his earlier guilty pleas and annul both sentences because government agents authorized his hacking.

More about

Don't miss