Week in review: Poisoned Google image searches, rogue Mac AV and a Java botnet in the wild

Here’s an overview of some of last week’s most interesting news and articles:

Osama bin Laden spam invades Facebook
Facebook ads are already spreading using videos of the death of Osama bin Laden as a trigger.

Osama bin Laden Twitter witness’ site hacked
Mr. Athar links to his blog on Twitter, and I’m sure a lot of users who saw his tweets went there. Unfortunately for them, the site was compromised and was serving a poorly detected malware through the Blackhole Exploit Kit.

Creating a secure firewall policy for a large company
When it comes to a network security policy, there often seems to be a direct tradeoff between security and maintainability. This doesn’t always have to be the case. Even in large organizations, security policies can be easy to maintain if you follow some best practices that ensure they remain clear, intuitive and well-organized.

24.6 million Sony Online Entertainment accounts stolen
Sony’s ongoing investigation of illegal intrusions into Sony Online Entertainment systems revealed that attackers may have stolen personal information from approximately 24.6 million SOE accounts, as well as certain information from an outdated database from 2007.

Technology is not the only solution against spear phishing
While technology plays an important role in protecting organizations from cyber threats, spear phishing attacks focus on the human element to ensure success. No technology solution is 100% effective in thwarting spear phishing, according to PhishMe.

New threats require multiple layers of defense
The Internet has become a primary conduit for cyber attack activities with attackers channeling threats through social-engineering attacks and legitimate websites, placing a higher risk to a larger number of people than in the past.

MAC Defender rogue anti-virus analysis and removal
SecureMac reports that a new privacy and security threat is targeting computers running Apple’s Mac OS X disguised as an anti-virus program called MAC Defender.

Self-encrypting drives most effective against data breaches
With more than 82 percent of respondents reporting one or more data breaches, a new Ponemon Institute study on self-encrypting drives found that 70 percent believed that self-encrypting drives “would have had an enormous and positive impact on the protection of sensitive and confidential data.”

The complex information security landscape
In this interview, Latha Maripuri, Director, IBM Security Services and Marc van Zadelhoff, Director of Strategy, IBM Security Solutions, discuss the increasingly complex information security landscape by addressing budget strategies, cloud computing security, mobile devices and more.

Malware campaign impersonates FBI
A new email malware campaign claims to come from the FBI and deliver a warning that they have been monitoring your Internet activities.

LastPass resets passwords for all users following potential breach
LastPass – the well-known and widely used password management and form filling system – has reset the master password for all its users following the discovery of two network traffic anomalies that could have been the result of a hack.

Sony breach due to outdated, unpatched servers?
The congressional testimony before the House Subcommittee on Commerce, Manufacturing, and Trade held Wednesday morning has revealed many things that shed a totally different light on the Sony PSN breach.

Governance on unstructured data
Businesses face challenges when implementing sound policies for dealing with their unstructured data, an ever-present thorn in the side of most enterprises today. It is estimated that more than 80 percent of enterprise data is in unstructured form, meaning it lives in files that are scattered around the file system.

Multiplatform Java botnet spotted in the wild
Cross-platform malware is still a rare occurrence, so when it’s detected, it usually attracts more attention than the malware engineered to affect only one particular platform. A recent one, detected by McAfee and “named” IncognitoRAT attacks both Windows and Mac OS users. So, how does it manage to do it?

Poisoned Google image searches becoming a problem
If you are a regular user of Google’s search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but it still has trouble when it comes to cleaning up its image search results.

Two new malware variants targeting Facebook
Two new malware variants are targeting Facebook users, according to Fortinet. The malware, which is intended to look as though they’re coming from Facebook, claim that the users’ Facebook passwords have been reset and a malicious attachment has their new passwords. Clicking on the attachment can lead to immediate infection.