Week in review: U.S. government satellites hacked, Halloween threats and the m00p gang investigation

Here’s an overview of some of last week’s most interesting new, podcasts and articles:

Microsoft puts vulnerability exploitation into context
Recently Microsoft released the 11th volume of the Microsoft Security Intelligence Report, the most comprehensive version of this report to date. In this podcast, Tim Rains, the Director of Product Management at Microsoft’s TWC group, talks about the over 800 pages of threat intelligence spanning 100 countries and regions.

Consumers increasingly savvy about being online
Online consumers are increasingly savvy about being online, but many still do not employ all of the right tools to protect their privacy.

Microsoft YouTube channel hacked
A week after the official Sesame Street YouTube channel got compromised and started offering adult content to children, Microsoft’s official YouTube channel has been hacked by an unknown individual who removed all the videos and changed the accompanying text to say: “Wish to Become Sponsored? Message me.”

Anonymous shuts down child porn sites, leaks usernames
Hacktivist group Anonymous has started a new campaign. Dubbed “Operation Darknet”, it aims to battle child pornography and ISPs that knowingly support and allow such content to be hosted on their infrastructure.

Personal info of 9 million Israelis stolen, available online
Personal information of some 9 million Israelis (alive and deceased) has been stolen by a contractor working for the country’s Ministry of Labor and Welfare with the intent of selling it to the highest bidder.

Japanese Parliament’s computers infected, data stolen
The computer network of the Lower House of Japan’s Parliament has been compromised after a member opened an email attachment carrying a downloader Trojan in July.

Facebook Lottery scam emails making rounds
Offline crooks have had a lot of success with the bogus lottery winning letter scam, so it should come as no surprise it is often “translated” into an email and spammed out to unsuspecting targets.

The m00p gang investigation: a failure or a success?
Security companies and law enforcement agencies often collaborate on cyber crime investigations, and most of these investigations do end up with the arrest, prosecution and sentencing of some or all people involved. In this podcast, F-Secure’s Chief Research Officer Mikko Hypponen talks about the long investigation into an international malware writing group dubbed the “m00p gang” and offers his opinion on whether it can ultimately be considered a success.

A tech theory coming of age
As early as 2005, many industry analysts predicted “consumerization” — the introduction of consumer-owned/purchased devices into enterprise and business environments — would become one of the most important technology trends of the next 10 years. Just six years later, that has already come to fruition.

180,000 Swedes at risk following password-hacking spree
Registered members of around 60 popular Swedish websites are in danger of having their stolen login credentials misused by cyber crooks in the wake of the biggest ever password hacking incident to hit the country.

Spam gang uses own URL shorteners
According to the latest monthly threat report by Symantec, the company’s researchers have begun spotting URL shortening services dedicated to shortening malicious links way back in May, but this last month they discovered a spam gang that is operating over 80 such services.

Tsunami, a new backdoor for Mac OS X
Malware authors have taken an old piece of malware developed for Linux and have modified it to attack the Mac OS X platform.

Hackers attacked U.S. government satellites
Two U.S. satellites have been tampered with by hackers – possibly Chinese ones – in 2007 and 2008, claims a soon-to-be released report by the the U.S.-China Economic and Security Review Commission.

Facebook spammers trick users into sharing anti-CSRF tokens
A particularly intriguing technique has recently been spotted by Symantec researchers, who believe that this type of approach is likely to be used a lot in the near future.

Combating Halloween malware threats
Every year we see a number of classic scams and pieces of malware reappear in a bid to trick the general public. Unfortunately, these scams are all trick and no treat.

Duqu not developed by Stuxnet author
The Dell SecureWorks Counter Threat Unit (CTU) research team has been analyzing the Duqu trojan which received a great deal of attention because it is similar to the infamous Stuxnet worm of 2010.

New Facebook security features
Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked and to use a unique password for different third party applications that require logging in with Facebook credentials.