Week in review: WordPress and Barracuda breaches, “free shopping” exploits, Koobface leaving Facebook

Here’s an overview of some of last week’s most interesting news and articles:

“Official Profile Viewer Application” Facebook scam
After many, many offers of applications that supposedly show Facebook users who views their profile the most, has the time finally come when these lures don’t work as they used to? Or have the scammers simply decided to increase the number of victims by simply adding that the application offered is “official”?

Government-owned credit cards compromised in contractor breach
Numbers and expiry dates of over 600 credit cards belonging to government and law enforcement employees have been stolen and exposed after an attack aimed at an Australian telecommunications company.

Koobface says goodbye to Facebook
Koobface – the computer worm that targets users of the social networking websites such as Facebook, MySpace, Twitter and others – has stopped using Facebook to spread.

Enterprises don’t understand IT risk
A global survey of more than 1,240 IT decision makers at large enterprises – 72% of which have more than 1,000 employees – found that one third (33%) of respondents do not believe their organizations have an accurate assessment of the level of IT risk they face from internal and external threats.

Holes found in majority of leading network firewalls
NSS Labs has begun testing both traditional network firewalls and so-called next generation firewalls, and its engineers have discovered serious flaws in these products, despite the maturity of the market and their certification by two other major certification bodies.

Barracuda Networks breached by automated SQL injection attack
Barracuda Networks is the latest security firm to be shamed by a successful attack against its assets.

Personal info of 3.5 million Texans was accessible to public
The records of about three and a half million Texans were erroneously placed on the server with personally identifying information, and the Texas Comptroller’s office is sending letters beginning Wednesday, April 13, to notify them that their personal information was inadvertently disclosed on an agency server that was accessible to the public.

Ransom Trojan locks Windows
Ransomware is slowly becoming quite a problem, and the latest one spotted by F-Secure tries a rather innovative approach: it locks the victims out of Windows and doesn’t allow them boot Windows in either normal or Safe mode until they have entered a code to “complete activation”.

French hacker and alleged Anonymous member arrested after bragging on TV
A French hacker has effectually tied a noose around his own neck when he bragged about hacking into the systems of a big government contractor on national TV.

Popular web stores vulnerable to “free shopping” exploits
A recently published paper titled “How to Shop for Free Online” presents the depressing results of a security analysis of some of the most popular online stores, executed as a joint effort by two researches from Indiana University and two from Microsoft.

“Request rejected” spam campaign leads to fake AV
A spam email campaign carrying a malicious attachment designed to download and run a fake AV solution on the recipient’s computer is currently hitting inboxes around the world.

Why stealing at a security conference is a bad idea
ISC West is one of the biggest international security conferences, and practically every inch of the expo floor has a camera or two trained on it. You would expect that such a setup would make attendees reject the idea of stealing items on display on the stands even before it had half-formed in their minds.

WordPress.com servers breached, source code presumed copied
Automattic – the web development corporation behind WordPress.com – has suffered a root break-in and a compromise of several of their servers.

External cyber security risks to surpass insider threats
57 percent of global C-level executives agree that in the next one-to-three years, external threats such as cyber-criminals will become a greater security risk than insider threats, according to Cyber-Ark.

A closer look at NetWrix File Server Change Reporter
NetWrix File Server Change Reporter generates reports on access and changes to file servers, including changes and access attempts to files, folders, shares, and permissions.

U.S. authorities hijack botnet by substituting C&C servers
The U.S. Department of Justice and the FBI have been granted by the federal court the permission to substitute the C&C servers of the massive Coreflood botnet with servers of their own that will be sending out “kill” commands to the infected computers every time they reboot.

Epsilon breach leads to more than just phishing
Since the Epsilon breach, the customers of the company’s clients have had daily reminders that they could expect and be prepared for spear phishing emails coming their way. But, phishing is not the only type of attack that can be mounted against them.




Share this