Week in review: Leaking Facebook apps, Chrome sandbox cracked and explosion of Android malware

Here’s an overview of some of last week’s most interesting news, interviews, videos and articles:

Files uploaded to file hosting services accessed by malicious individuals
File hosting services such as RapidShare, FileFactory, Easyshare and others have a number of flaws that make it possible for unauthorized people to access and download files hosted on them, says a group of European researchers. And what’s more, they say that these vulnerabilities are being actively exploited in the wild.

“Time spent on Twitter” scam spreads virally
This time there is no survey involved, but the lure is the same.

Securing the virtual environment
In this video, Dimitri McKay, Security Architect at LogLogic, talks about vulnerabilities and the security challenges surrounding virtual environments: hyperjacking, VM hopping and VM theft.

Compliance is more than just cost
Compliance investments, which are basically treated only as a spending to align with compulsory regulations, when extended to all processes including privileged and super users, can build trust and competitive advantage for the organizations, according to IDC.

Cyber criminals moving operations to Canada
Cyber criminals are on the move again and, this time, Canada is the prime target.

Google Chrome sandbox apparently cracked
French security firm VUPEN has announced that its researchers have managed manufacture an exploit able to bypass Google Chrome’s sandbox, ASLR and DEP.

Fake AV spreading via Yahoo! Answers
From poisoned Google image search results to poisoned answers to legitimate questions on Q&A sites like Yahoo! Answers and public forums, malware peddlers are determined to use every possible way to spread their malicious payloads.

400% increase in Android malware
Enterprise and consumer mobile devices are exposed to a record number of security threats, including a 400 percent increase in Android malware, as well as highly targeted Wi-Fi attacks.

Majority not prepared for IPv6 transition
88% of business networks were not fully ready for a change to IPv6, with two thirds (66.1%) saying their networks are only 0-20% ready, despite the fact that the last blocks of IPv4 addresses have already been allocated.

Facebook apps found giving access to user accounts to third parties
A discovery that really should not surprise anyone has been made yesterday by Symantec – it turns out that due to to a flaw in the authentication schemes used before the now default OAuth 2.0, Facebook IFRAME applications have been leaking access tokens to third parties such as advertisers or analytic platforms.

Security needs to be unified, simplified and proactive
IT security powerhouse Check Point is on a mission to make the management of security products unified and simplified, and nowhere has that message been more clear than at its annual conference in Barcelona, where some 1,100 attendees – and Help Net Security among them – had the opportunity to see and hear everything they wanted to know about the company.

Explosive financial malware targets Windows
Trusteer identified Sunspot, a little known Windows malware platform that has been in circulation for some time, but was never previously recognized for its financial fraud capabilities.

Banking Trojan gang busted by Finnish police
Seventeen people were arrested for having taken part in a criminal scheme that targeted users of Finnish Nordea Bank and resulted in fraudulent transactions in the total amount of EUR1.2 million.

Email archiving challenges
Brian Azzopardi is the product manager for GFI MailArchiver. In this interview he discusses the challenges related to managing email growth and how archiving can help.