Week in review: Windows 8 security features, the end of DigiNotar and BIOS rootkit in the wild

Here’s an overview of some of last week’s most interesting news:

Linux Foundation suffers security breach
A few weeks after the discovery of the compromise of the kernel.org website and several servers in its infrastructure comes the news that the Linux.com and LinuxFoundation.org sites have been temporarily rendered unavailable.

GlobalSign audit reveals only isolated web server breach
The CA has retained the services of Fox IT, the same security audit firm that investigates the DigiNotar breach, and the audit of its infrastructure revealed that all of its other servers show no evidence of compromise.

NBC News Twitter account hijacked by using a Trojan?
On the very eve of the tenth anniversary of the September 11 attacks, the NBC News Twitter account begun posting messages saying that two civilian airplanes have been hijacked and crashed into Ground Zero, the site where the Twin Towers collapsed.

Large EU IT systems to be managed by single agency
The first step towards a pan-European agency that will manage the large IT systems common to all member states has been taken.

Facebook tool automates syphoning of user data
A group of security researchers has developed a proof-of-concept Java-based tool that could allow malicious individuals to automatize the syphoning of information from a target’s Facebook profile that would otherwise be unaccessible to them.

Botnet masters are spreading their resources
Having noticed that in some of the top spam countries the number of infected computers falls by a few percents as in others rises by nearly the same amount, Kaspersky Lab researchers have analyzed the information gathered on the top 11 countries on that list and have come to the conclusion that botnets in various countries are very likely run by the same people.

Improved SpyEye variant actively attacking Android devices
According to Amit Klein, Trusteer’s chief technology officer, the threat posed by DriodOS/Spitmo has escalated the danger of SpyEye now that this malicious software has been able to shift its delivery and infection methods.

Cyber security leaders share their APT knowledge
RSA and TechAmerica released key findings derived from a forum of more than 100 of the world’s top cyber security leaders from government and business who met in Washington, DC to address the impact of Advanced Persistent Threats.

Online communities least trusted with personal information
Over 2,000 UK adults participating in the survey were required to give a trust score of between one (don’t trust at all) and seven (trust completely) depending on how much they trusted firms within a specific sector with their personal information. Sectors included financial services, online retail, public sector, online communities, publishing and gaming.

uTorrent client on official site replaced with scareware
Users that have downloaded the uTorrent software client from the uTorrent.com website on Tuesday morning are warned that they might have ended up with scareware on their computer.

BIOS rootkit found in the wild
Security researchers have recently discovered a new rootkit that targets computers’ BIOS, making the infection harder to detect and eradicate, and persist even if the hard drive is physically replaced.

Russian cyber criminal steals $3.2 millions in 6 months
A Russian resident in his early 20s is believed to be the leader of a tightly knit gang using banking Trojans and money mules to earn themselves millions of dollars.

Is this the end of the line for DigiNotar?
After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates – i.e. certificates used to create digital signatures – issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA).

Windows 8 new security features
The Internet is all abuzz with the news of the upcoming Windows 8, whose early version has been demonstrated on Tuesday at Microsoft’s BUILD conference. Setting aside usability, efficiency, speed and all the other things that are most important to regular users, what news does this preview bring to those of us most concerned about security?

Evolving cyber threats continue to drive security strategy
43 percent of global companies think they have an effective information security strategy in place and are proactively executing their plans, placing them in the category of information security “front-runners.”

Most dangerous celebrities in cyberspace
Heidi Klum has replaced Cameron Diaz as the most dangerous celebrity to search for on the Web, according to McAfee.

Bing, Yahoo! serving malware for popular search terms
Bing results for popular search terms such as “Firefox/Skype/AdobePlayer/uTorrent download” have been poisoned with bogus websites pushing a variety of malware.

Leaked psychological profile of Anonymous leaders is a fake
The FBI has confirmed that the recently “leaked” psychological profile of Anonymous/Lulzsec leaders supposedly compiled by the Bureau is fake, and likely a prank perpetrated by those very people or some other members of the group.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss