Week in review: Anonymous arrests, Kernel.org and DigiNotar breaches, Google servers as a DDoS tool

Here’s an overview of some of last week’s most interesting news and interviews:

Disaster preparedness tips for computers
ISACA offers tips to the public and businesses to protect their computers, information and systems during a natural disaster.

Hurricane Irene scams hit Facebook
As predicted, Hurricane Irene-themed scams have begun spreading on Facebook. The one spotted by Trend Micro fraud analyst Karla Agregado lures users in by offering a chilling video to watch: “VIDEO SHOCK – Hurricane Irene New York kills All.”

Google servers as a DDoS tool
Google’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza.

SecurityByte: India’s largest security conference
Nishchal Bhalla is the founder of SecurityByte Conference as well as security companies SD Elements and Security Compass. In this interview, he introduces India’s largest information security event and provides insight into what attendees can expect at this year’s edition.

Google search results much cleaner than in 2010
It used to be that among the first ten pages of search results for popular terms, up to 90 percent of the offered links would take the users to a malicious page serving malware.

Rogue Google SSL certificate allowed MITM Gmail attacks
Recently discovered attempts of an SSL man-in-the-middle attack against Google users – spotted by a number of Iranian Internet users – have revealed that Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains on July 10.

Most security pros don’t think a breach will happen to them
New findings from a Tenable Network Security study have uncovered an “It Won’t Happen to Me” mentality amongst security professionals.

Akamai insider pleads guilty to foreign economic espionage
A former Akamai employee has been accused of and has pleaded guilty to having passed on confidential information regarding the company to a man he believed was a Israeli consular official, making him the eight person ever to be prosecuted for foreign economic espionage in the US.

Malicious infections enter 99% of enterprise networks
There is a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses, such as firewalls, intrusion prevention systems, antivirus, and Web/email gateways, according to FireEye.

Linux source code repository compromised
The Kernel.org website – home to the Linux project and the primary repository for the Linux kernel source code – sports a warning notifying its users of a security breach that resulted in the compromise of several servers in its infrastructure.

Mozilla, Tor Project, Yahoo targeted through DigiNotar attack
Following the admission that the rogue SSL certificate that allowed attackers to impersonate Google was missed by auditors and that several dozen other certificates were created at the same time but were soon revoked, the Internet is abuzz with speculation about what other sites were targeted.

Cyber crooks misusing audit tool to breach VoIP servers
Every now and then, cyber criminals misuse “good” software in order to do bad things, and the latest instance of this modus operandi has been spotted by NSS Labs researchers.

Blackhat SEO spam is a global problem
If you have wondered whether to switch your go-to search engine for another – perhaps more localized? – in order to avoid the seemingly ubiquitous poisoned search results, wonder no more: Zscaler’s senior security researcher Julien Sobrier has explored the options for you.

Has LulzSec member Kayla been arrested?
Two men were arrested yesterday by the Metropolitan Police Service’s Central e-Crime Unit in connection with cyber attacks executed by hacktivist groups Anonymous and LulzSec.

How the unredacted US cables were revealed to the public
It seems that the cat is out of the box. Only a few days after former WikiLeaks staffer Herbert Snorrason refused to say who inadvertently made public the password for the encrypted file containing unredacted US diplomatic cables, some people managed to piece together the various hints dropped by involved parties and track down where it has been published.

Morto worm surprises again
As it turns out, the recently discovered Morto worm that has been spreading in the wild has more than one never-before-seen characteristic.




Share this