Week in review: DigiNotar breach report, app piracy and email theft via doppelganger domains
Here’s an overview of some of last week’s most interesting news, articles and videos:
The Register, The Daily Telegraph, UPS hit by DNS hack
Readers of British technology news and opinion website The Register got an unwelcome surprise when they tried to access it last Monday.
Rogue SSL certs were also issued for CIA, MI6, Mossad
The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days.
New Zeus-based variant targets banks around the world
Another Zeus-based offering has been unearthed by Trend Micros researchers, and by the look of things, this one seems to be better crafted than the recently discovered Ice IX crimeware that doesn’t deliver on its promises.
A bid for the (ISC)2 board of directors: Beyond campaign promises
Wim Remes moves beyond the “election propaganda’ and addresses how he wants to achieve his stated goals.
SecurityByte: Cyber conflicts, cloud computing and printer hacking
The event started on Tuesday with a series of keynotes by influential people in information security, as well as those in the local government.
DigiNotar breach report reveals lousy security practices
An interim report issued by security audit firm Fox IT, who has been hired to investigate the DigiNotar breach, reveals that things are far worse than we were led to believe.
Sony hires new CISO
Sony Corporation announced that Philip R. Reitinger has been named Senior Vice President and Chief Information Security Officer, Corporate Executive in charge of global information security and privacy, Sony Corporation.
Video: SecurityByte Conference 2011 (video)
SecurityByte 2011 is India’s largest security conference. The event features over 30 talks with 3 parallel tracks, challenging War games and thought-provoking panel discussions.
Phishers up their game
An unusually well crafted phishing site posing as the site of a well-known software company has been recently spotted by Symantec.
Global cost of cybercrime? $114 billion annually
With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined.
3 million digital game keys leaked
An cardinal oversight on a third party fulfillment agency website hosting activation keys for Codemasters’ DiRT 3 game has resulted in the leak of some 3 million keys that allow the game to be played for free on the Steam game platform.
GlobalSign stops issuing certificates, investigates breach claim
Whether the claim made by the “Comodohacker” that he has compromised four other CAa besides DigiNotar is true or not, GlobalSign – the only one of those CAs that he has named – has decided to suspend the issuing of certificates for the time being.
New financial malware attacks global financial institutions
Trusteer warned that a second non-financial malware variant called Shylock has been retrofitted with fraud capabilities and is abusing its large installed base of infected machines to attack global financial institutions.
Facebook birthday scam
Facebook users are being targeted by a rather unusual scam. This one lures them in with the offer of a free official Facebook T-shirt as a way to celebrate the social network’s 7th birthday.
App piracy is hurting Android developers
App downloads in the U.S. are booming to the tune of 40 apps per user per year, according to the Yankee Group. However, not all platforms are participating equally in the frenzy.
Mozilla requests Firefox CAs to confirm they haven’t been compromised
As Google began notifying users that have been possibly affected by man-in-the-middle attacks through the use of the rogue SSL certificate issued by compromised CA DigiNotar, and instructing them on how to secure their Gmail accounts once again, other companies made some heavy decisions.
Identity theft protection tips for students
College students are especially attractive targets for identity thieves because they have unblemished credit records, making it easier for thieves to take out loans in their name.
Cybercriminals impersonating government agencies
GFI Software announced its top 10 most prevalent threat detections for August 2011. Notable threats last month included spam and poisoned search engine results targeting fans of Harry Potter, Trojans posing as electronic traffic tickets from the New York State Department of Motor Vehicles, and phishing emails disguised as official notices from the Department of Defense.
Scammers demand $143 from Windows users, threaten with file deletion
German Windows users are the latest target of some pretty brazen scammers, warns Panda Security.
Researchers steal 20GB of corporate emails via doppelganger domains
According to two researchers from the Godai Group, there is a particularly easy-to-execute type of scheme that is likely already being perpetrated by individuals located in China.