Week in review: First flaws detected in the AES, Android malware and Internet bad neighborhoods

Here’s an overview of some of last week’s most interesting news and articles:

Third-party Firefox add-ons to be blocked automatically
Mozilla has decided to put a stop to the automatic installing of Firefox add-ons by third-party applications, as unwanted and disused add-ons can sometimes affect the browser’s stability, security and speed.

Dropbox for Android security bypass vulnerability
A security issue has been reported in Dropbox for Android, which can be exploited by malicious people to bypass certain security restrictions, according to Tyrone Erasmus of MWR InfoSecurity.

Banking Trojan that steals from the rich
To be sure, it steals from the poor, too, but it contains a routine that automatically tries to transfer a rather large amount of money from the victim’s account to those set up by the criminals.

Android malware answers calls, eavesdrops on users
Trend Micro warns of new Android malware that does the same thing, but can also automatically answer phone calls and hide that fact from the user by setting the device on silent mode prior to the call and hiding the dial pad/making the screen go blank.

Consumers keep falling into phishing traps
According to survey results, 22 percent of respondents would readily supply their personal information requested in an email from one or more of the following sources: bank, credit union, charitable cause, credit card company or national/state government agency.

Vulnerability in TimThumb WordPress plugins: The effects
With the popularity of the WordPress blogging platform, security researchers here at Websense Security Labs are sure to sit up and take note of any reported zero-day threats affecting the platform itself or the plugins used by blog masters.

Search engine hack innovation
Attackers are increasingly leveraging the power of search engines, like Google, to successfully carry out automated cyber attacks against vulnerable websites.

IE 9 best option against Web-based malware attacksMicrosoft’s Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware.

SpyEye source code and crack for the toolkit leaked
Three months after Zeus’ source code has been spotted being sold for small amounts on underground online markets, Xyliton – a French security researcher and member of the Reverse Engineers Dream Crew – has made public a step-by-step tutorial that can allow anyone to crack the protection that confines the SpyEye toolkit to one physical device.

Internet bad neighborhoods
A significant part of current attacks on the Internet comes from compromised hosts that, usually, take part in botnets. Even though bots themselves can be distributed all over the world, there is evidence that most of the malicious hosts are, in fact, concentrated in small fractions of the IP address space, on certain networks.

Fraudster broke into bank accounts by using Facebook info
An English man has been been found guilty of siphoning money out of bank accounts after using social networks to guess the security questions for the account owners’ online banking services.

Researchers identify first flaws in the Advanced Encryption Standard
Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts.

PoC keylogger app for smartphones revealed
Two security researchers from the University of California at Davis have managed to prove that it is possible to create a keylogger for smartphones.

Mass injection attack compromised 20,000+ domains, delivers fake AV
A simple mistake on the part of cyber attackers has revealed another mass malicious iFrames injection attack that is currently under way.

Personal information of BART police officers published by hackers
Following the disruption of cell phone service by the operators of the Bay Area Rapid Transit system (BART) that foiled a planned protest regarding the death of a man shot by the BART police, Anonymous organized another protest that went off without a hitch.

Confidence in online retailers sinks
According to a study of consumer sentiment toward online shopping and security by McAfee, only about a third of online consumers believe that most websites are safe for shopping, an 11 percent decrease since McAfee conducted the survey in 2009.

“Free ‘Breaking Dawn Part 2’ tickets” Facebook scam
The penultimate movie in The Twilight Saga has not yet arrived to cinemas, but cyber scammers have decided on an even bigger attraction to lure Internet users into sharing their personal information: the log-awaited last installment – Breaking Dawn Part 2 – which is scheduled to be released in November 2012.

Facebook releases official Security Guide
Tired of having to explain to friends and family about the dangers lurking on Facebook? The social network has released an official Guide to Facebook Security, so share the link with them.

Keeping abreast of Web malware delivery techniques
One of the crucial things that Google must do to keep making Internet users use its search engine is to keep an eye on the many ways that cyber criminals employ to spread malware and to try to thwart those attacks.

Emerging threats: Attacks via MIPS devices
If something has already been invented and has been seen in-the-wild more than once, it’s very likely to occur again and again, especially if the attacks were profitable for the cybercriminals.