Here’s an overview of some of last week’s most interesting news, articles and reviews:
Vulnerable firmware could destabilize Internet-enabled technologies
Kill switches and backdoors inserted at the point of manufacture could act as a conduit for organized criminals or foreign states to access internet-enabled devices, according to Invictis.
EU data breach notification law under advisement
As national laws sometimes collide with that imposed by the European Union, the ultimate goal is to create a law that would be equal for all Member States.
Microsoft offers $250,000 reward for botnet information
Although the Rustock botnet infection base has been cut in half in the short time since the takedown, there are still hundreds of thousands of infected computers around the world.
LulzSec hacks News International servers, “kills” Murdoch
Hacktivist group LulzSec is back in business. It has added to the pressure put on Rupert Murdoch following the phone hacking scandal by hacking into News International servers, hijacking the front page of The Sun and redirecting users to the (also compromised) new-times.co.uk site where a fake story about Murdoch’s suicide was featured.
A new approach to circumventing state-level Internet censorship
A group of researchers led by J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan, have been working on a new anti-censorship system.
In the “speed vs. security” battle, speed still wins
IT security personnel within large corporations are shutting off critical functionality in security applications to meet network performance demands for business applications.
U.S. military contractors targeted with malicious PDFs
F-Secure researchers have recently spotted an email obviously directed at military contractors’ employees, which contains a malicious .pdf attachment.
Android malware trends
Could it be that 2011 is the year when the long-standing predictions about the rise of mobile malware come true? Symantec’s Irfan Asrar thinks that there are definite indicators that it might be so.
16 arrested for Anonymous-branded cyber attacks
Fourteen individuals were arrested on Monday by FBI agents on charges related to their alleged involvement in a cyber attack on PayPal’s website as part of an action claimed by the group “Anonymous,” announced the Department of Justice and the FBI. Two additional defendants were arrested on Tuesday on cyber-related charges.
Internet activist charged with hacking, theft of millions of digital documents
24-year-old Aaron Swartz, renowned programmer and Internet activist, stands accused of having stolen over 4 million digital documents from MIT’s JSTOR archive with the intent on distributing them freely online.
Security recommendations to prevent cyber intrusions
Network administrators and technical managers should not only follow the recommended security controls information systems outlined in NIST 800-53 but also consider measures recommended by US-CERT. These measures include both tactical and strategic mitigations and are intended to enhance existing security programs.
Google warns users about active malware infection
Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results.
DDoS bot masquerades as Java update
An especially virulent Trojan variant with DDoS capabilities has been spotted masquerading as a regular Java update and is being served both from legitimate and malicious sites.
Enhanced phishing methods on the rise
There’s been an increase in targeted and combined email-based threats, a new twist in phishing attacks, and an escalation in social engineering scams through popular social networking sites, according to M86 Security.
Power to the people: Securing consumerized devices
If employees are starting to take control of the devices and apps they use for work, why not empower and involve them in the security process- instead of blocking specific applications and devices altogether?
CCNP Security Secure 642-637 Official Cert Guide
The title of the book says it all – thick and all-encompassing, it covers the topics addressed in the exam CCNP Secure 642-637, but it should not be considered the only source of knowledge needed to pass it. What the authors were aiming for is a book that reviews the exam takers’ knowledge and points to topics that still need more attention. Included is a CD with memory tables and answers to the questions found in them.
Hacking a mature security program
Most organizations are used to standard penetration tests. However, companies that have been increasing their overall security posture proactively through years of program maturity and hard work, need something different.
US demands extradition of UK owner of link site
23-year-old UK citizen Richard O’Dwyer is currently fending off an extradition request by United States authorities. His crime? Setting up and operating a website that offered links to free movies and TV shows.
Chameleon-like fake AV delivered via clever social engineering
A very complex and likely very efficient fake AV spreading campaign has been spotted targeting Facebook users.
Oslo bombing Facebook scams infecting 1 user per second
Websense has found an alarming number of Facebook scams taking advantage of the tragedy that happened in Oslo, Norway on Friday.