Week in review: Multiple dimensions of corporate espionage, 2012 biggest security threats, and avoiding malware behind QR codes

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

Rise of unencrypted cards
71 percent of merchants were found to store unencrypted payment card data in 2011, which is an increase of 8 percent since 2010, according to a study by SecurityMetrics.

SMS Privato Spy: Another piece of bogus software for sale
Every so often, a new piece of non-existent software gets advertised by scammers that are eager to part users with their hard earned cash. The latest one to be spotted is called SMS Privato Spy, which supposedly allows the buyer to spy on people’s activity on their mobile phones (viewing the screen, listening to conversations, viewing call logs, tracking them via GPS) by simply sending the target a specifically crafted SMS.

Pros losing confidence in hard tokens
Almost a quarter of organizations, 23%, have suffered a security breach as a result of identity fraud which was linked to a lost or stolen authentication device.

Chrome is the most secure browser, claims new study
Microsoft’s Internet Explorer does a better job protecting systems from attackers who already have gained some degree of access than Mozilla’s Firefox, and Google’s Chrome trumps both of them, says security firm Accuvant.

PCI DSS is working, but there are challenges to overcome
While significant progress has been made in the reduction of card fraud in Europe, more can be done. The unfortunate news is that there was still more than 417.5 million EUR in UK card fraud in 2010 – well over 1 million EUR per day!

The risks of unauthorized access
HP unveiled new global research that reports increased threats to sensitive and confidential workplace data are created by a lack of control and oversight of privileged users, including database administrators, network engineers and IT security practitioners.

Holiday travel is risky business for mobile devices
AVG has created a list of tips to help keep mobile devices safe during the holiday season and beyond.

Top software failures of 2011
SQS Software Quality Systems compiled a list of the worst software failures of 2011 that have damaged reputations, impacted negatively on financials and caused stress to users.

12 hacking groups are behind most Chinese cyber attacks
Eastern European and Russian hackers mostly steal financial information, while Chinese ones are mainly after intellectual propriety or other sensitive data, say security analysts and US officials, and the great majority of the attacks believed to be originating from China can be tied to as few as 12 distinct hacking groups.

Nitro attackers still at it, mock Symantec
Back at the beginning of November, Symantec researchers made public a report they compiled on a spear phishing campaign carrying a backdoor Trojan that was systematically targeting companies in the chemical and military industries. I guess the researchers hoped that once those details are made public the attackers will be forced to change tack but, as it turns out, the orchestrators of the campaign continued undaunted.

The multiple dimensions of corporate espionage
How do you protect against a sophisticated, motivated criminal? A professional spy who has targeted your company’s trade secrets? A skilled insider with a specific purpose in mind?

Top 5 authentication predictions for 2012
Confident Technologies offers their top 5 authentication predictions for 2012. They include authentication trends that they think will emerge next year, as well as some predictions about some specific attacks that will probably take place next year.

Carrier IQ bug did allow some SMS recording
Carrier IQ, the mobile analytics company that has lately been in the midst of a battle to prove that their CarrierIQ software didn’t log private information, has admitted that in certain circumstances the software had, indeed, recorded some text messages – but in encoded form.

A new perspective on the insider threat
In this podcast recorded at RSA Conference Europe 2011, Brian Honan, Principal Consultant at BH Consulting and founder and head of the Irish CERT, talks about the need for IT departments and employees to start working together and to realize that they are on the same side.

Users go to extreme measures for Internet access
Seven out of 10 young employees frequently ignore IT policies, and one in four is a victim of identity theft before the age of 30, according to a global study from Cisco.

Silent updating for Internet Explorer
Microsoft announced that in 2012 Internet Explorer will be updated “silently” to its newest possible version. This new silent update will eliminate the pop-up window that currently allows users to opt-out or postpone the update. Silent updating is generally seen as a big improvement to security on the Internet

GlobalSign reports CA infrastructure wasn’t compromised
Fox IT, the security firm that audited the DigiNotar’s infrastructure after the breach, was also hired by GlobalSign to perform the same actions on their own systems, and finally – after over two months – they issued the results of the investigation.

The challenges of setting up a security conference
In this podcast recorded at the SecurityByte conference held this year in Bangalore, India, the conference founder Nishchal Bhalla talks about his motivations for organizing such an event in his native country and what he hopes it will achieve.

How to avoid malware hiding behind QR codes
When used for legitimate purposes, QR codes make life easier for users. Unfortunately, they can just as easily be used to compromise the users’ mobile devices. So what can you do to protect yourself from this threat?

Biggest security threat for 2012? Privacy violations
Cyber-espionage, along with privacy violations and social networking attacks facilitated by the increased use of mobile and tablet devices, will be the source of increased security threats over the coming months.

Visa probes into potential card processor security breach
The company has not revealed which processor has been compromised, but has shared that it is serves a retailer chain with shops in a number of eastern European markets.




Share this