Week in review: SSL encryption cracked, new Mac Trojan and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news and articles:

Smartphone and tablet security tips
ICSA Labs is offering a series of tips that businesses and consumers can use to protect themselves from security risks aimed at smartphones, tablets and apps.

Con artists love social networks
Most social networks’ users are hit by online scams almost daily – whether its the ubiquitous survey scam or the “share your cell phone number, get subscribed for a premium number service”. These schemes, however annoying they might be, are nothing when compared to those perpetrated by professional con artists that have discovered the advantages of hunting for their pray online.

Bots troll hacker forums to discover data breaches
Texas-based CSIdentity has managed to develop software that can mimic the speech patterns of cyber crooks, allowing the company to simultaneously engage a great number of hackers looking to sell stolen information on online forums, chat rooms, blogs, websites and torrent sources.

Pay-per-install services attempt discreet comeback
“Pay-per-install businesses can be temporarily compromised by welcome law enforcement action, but the crooks will always find a way to return,” says McAfee’s Francois Paget, who shared his recent discovery of a newly opened forum offering free malware to its users.

Cybercriminals find new ways to disguise spam
It used to be that malicious attachments came in emails with erotic photos of girls who “want to meet you”, or “scandalous photos” of celebrities. Now, cybercriminals are disguising their messages to make them look like official notifications or business correspondence.

Data seepage from the corporate boundary
In a growing number of cases, Internet-facing business systems do not always reflect a well maintained, up-to-date security profile, and, as one would expect they are, by inference, vulnerable to exploitation by miscreant people, and of course organized crime, and the cybercriminal fraternity.

DigiNotar files for bankruptcy
After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, VASCO announced that DigiNotar, filed a voluntary bankruptcy petition and was declared bankrupt.

XSS bug in Skype iPhone app allows address book theft
A bug in the latest version of Skype for iPhone and iPod touch makes its users vulnerable to having their address book stolen just by viewing a specially crafted message, says AppSec Consulting security researcher Phil Purviance.

Bluetooth vulnerabilities becoming easier to exploit
Based on Codenomicon’s robustness test results using smart model based fuzzing tools, 80% of all the tests against various Bluetooth devices find critical issues. Every device failed with at least one test suite against a critical communication profile.

Researchers crack SSL encryption
Two security researchers have found a way of breaking the SSL/TLS encryption that allows the information that passes from browser/user to server and back be reliable and, above all, private.

Android bugs allow attackers to secretly install malware
Jon Oberheide – the security researcher who has so effectively pointed out the existence of a major security bug in the Android platform nearly a year ago – has found two more.

“We are going to sue you” spam campaign leads to malware
A spam campaign recently spotted by Websense involves poorly written emails purportedly coming from well-established companies that threaten the potential victim with a lawsuit for sending out spam.

A botnet for the masses
Did you know that you can buy a bot for just 10 Euros? Researchers of German security firm G Data have discovered that a bot builder dubbed “Aldi Bot” is currently being offered for that much on underground forums.

(IN)SECURE Magazine issue 31 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Cisco reveals the importance of networks in daily life
Demonstrating the increasing role of the network in people’s lives, an international workforce study by Cisco revealed that one in three college students and young professionals considers the Internet to be as important as fundamental human resources like air, water, food and shelter.

Is China behind the Japanese defense contractor hack?
Anonymous sources “in the know” regarding the investigation of the Mitsubishi Heavy Industries breach have hinted at the possibility that the attackers are Chinese, reports the Daily Yomiuri.

Suspected LulzSec and Anonymous arrested and charged
Three more alleged LulzSec and Anonymous members have been arrested by the FBI and/or indicted for their misdeeds.

Over 300 cyberspy attacks against Russian targets discovered
Trend Micro researchers have discovered that 1465 computers belonging to 47 distinct political and economical entities in 61 different (mostly former Soviet Union) countries have been compromised through a slew of attacks that delivered the Lurid Trojan downloader.

New Mac Trojan copies successful Windows Trojan technique
Windows users have been warned time and time again of malware hiding behind icons and extensions belonging to files associated with legitimate software – most notably PDF, DOC and XLS files. In spite of that, malware peddlers have had a lot success with this simple technique. It is no wonder, then, that they would try to use it on Mac users as well.

Strong security is just common sense
The threats an organization faces are multifaceted. While it’s possible, and perhaps tempting, to spend millions plugging every hole the reality is it’s impractical. Instead a more common sense approach to security is required.




Share this