Week in review: Digital forensics, new Facebook Privacy Settings and RSA phishing email found

Here’s an overview of some of last week’s most interesting news, articles and videos:

Chinese mobile phone monitoring service found
What do you think cyber crooks do with the information collected from mobile phones by malware? Trend Micro has one of the answers to that question.

Digital forensics: The inside story
Jelle Niemantsverdriet is the Principal Consultant, Forensics and Investigative Response EMEA, Verizon Business Security Solutions. In this interview he introduces the reader to the world of digital forensics and talks about computer forensics tools, privacy concerns, the fundamental differences in investigating different operating systems, and offers advice for anyone interested in learning more about computer forensics in general.

Google+ introduces verified accounts
Google is adding another feature that should guarantee that a Google+ profile corresponds with the actual real-life identity of a user.

$100,000 for open source security projects
Rapid7 created a $100,000 investment fund to support up to seven promising open source projects in the security industry. The “Magnificent7” projects will be identified and supported through the remainder of 2011 and into 2012.

Skype XSS vulnerability allows malicious code injection?
The vulnerability is due to a lack of input validation and output sanitization of the profile entries for home, office and mobile number, says the researcher, but Skype has denied that the vulnerability exists.

Yale confirms 10-month-long data breach
Names and Social Security numbers of some 43,000 people that were affiliated with Yale University back in 1999 have been accessible to users of the Google search engine for the past ten months.

Ramnit worm uses Zeus Trojan tactics for banking fraud
Trusteer discovered the 18 month old file infecting worm Win32.Ramnit has morphed into financial malware and is actively attacking banks to commit online fraud.

Malware targeting Android jumps 76 percent
The amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system.

Five mistakes companies make in their cloud strategies
Companies that fail to explore all the options may be leaving valuable services untapped and potential savings unrealized.

Facebook revamps its Privacy Settings
Facebook’s Privacy Settings have long been a thorn in privacy advocates’ side. They deemed it to complex for a typical user to understand, and have often decried Facebook’s long-standing opt-in-by-default policy when it comes to new features on the social network. Unfortunately, the latter has not yet been changed, but the Privacy Settings are in for a revamp that should make them more granular and – above all – easier to understand.

Domscheit-Berg says WikiLeaks is lying, new batch of cables released
WikiLeaks has announced the publication of another batch of 35,000 US diplomatic cables, and has asked the public to rifle through them and to reveal their finds on Twitter, followed by the #wlfind hashtag.

Have you been hacked this month?
You do everything you’re supposed to do, right? You’ve installed a firewall, you’ve got some anti-virus software, you never follow links in emails or open attachments from someone you don’t know or trust. Well, that’s all very commendable but unfortunately it isn’t you that’s been hacked. It’s your information stored by the companies you trust that’s been compromised.

Install one Trojan, get three more
Downloader Trojans are often used by cyber crooks to thoroughly infect systems in order to extract anything that might be of value to them. Trojan.Badlib is a particularly effective piece of malware belonging to that particular category, effectively acting as a malware distribution network.

“Apache Killer” tool spotted in the wild
The developers behind the open source Apache Foundation issued a warning for all users of the Apache HTTPD Web Server, as an attack tool it has been made available on the Internet and has already been spotted being actively used.

Zeus rival boasts of eluding tracker services, fails
Ice IX – the first crimeware based on the leaked Zeus source code – includes a feature that supposedly allowes it to foil trackers when they try to download and analyze its configuration file.

Next generation security as a service
In this video recorded at Black Hat 2011 in Las Vegas, Sumedh Thakar, Vice President of Engineering at Qualys, talks about QualysGuard Web Application Scanning (WAS) 2.0, the new QualysGuard User Interface (UI) as well as the new QualysGuard Consultant Edition.

Is this the phishing email that caused the RSA breach?
“I forward this file to you for review. Please open and view it,” says simply the email that is thought to have been the means of deploying the backdoor that resulted in the massive RSA breach in March.

Illegal keygen for well-known AV solution leads to infection
An illegal key generator for the recently released latest version of the TrustPort Internet Security solution brings big trouble to unsuspecting users, warns BitDefender.




Share this