Week in review: Mobile application security risks, holiday-themed scams, and reasons for ditching Java

Here’s an overview of some of last week’s most interesting news and podcasts:

Windows 8 will have picture password sign in
As much as security experts would like for it to be otherwise, experience has taught us that no matter how many times some people are lectured on the use of complex passwords, a good number of them will always go for short, simple, easy-to-remember (but also to guess!) ones.

Latest spam campaigns delivering the Zbot Trojan
For a while now, fake messages and warnings from USPS, FedEx and DHL about supposedly undelivered packages have been hitting inboxes, and users have been getting wiser about the danger lurking behind the offered links and attachments. Trying to mix it up and catch the users unawares, Zbot peddlers have put a break on the aforementioned campaigns and have rolled out new ones.

Ransomware impersonating European police agencies
Users of a number of European countries have lately been targeted with localized social engineering tactics in order to first download the offending malware and then to pay up to make their computers “unblocked”.

Anonymous aims to make US Senators accountable for their votes
A group of Anonymous-affiliated hackers has made public a considerable amount of detailed personal information of the majority of the 86 US Senators that voted for the National Defense Authorization Act (NDAA).

Kim Jong-il death spam carries malware
As expected, malicious spam taking advantage of the death of North Korean leader Kim Jong-il has been hitting inboxes since the news was announced.

Android Trojan used for political activism
In the overwhelming majority of cases, mobile Trojans are designed to steal money or information which will ultimately be monetized. But occasionally, there are some out there whose main goal is not to change the contents of users’ accounts or wallets.

Mobile application security risks
In this podcast recorded at the RSA Conference Europe 2011, Chris Eng, VP of Research at Veracode, talks about mobile application security and the encouraging trend of companies trying to understand the risks tied to their use.

Fake eBay pages offering iPhone 4S for half the price
As more and more people take advantage of the option of buying things online, and especially during the holiday season, cyber crooks continually devise new schemes to trick them into handing over their hard earned money.

Chinese hackers infiltrated US Chamber of Commerce
The computer systems of the US Chamber of Commerce, a lobbying group that represents the interest of US businesses and trade organizations, have been infiltrated by hackers.

Researcher blasts Siemens for lying about SIMATIC bugs
The contentious issue of responsible and coordinated vulnerability disclosure has been revisited again as security researcher Billy Rios reacted to a statement made by Siemens claiming that “there are no open issues regarding authentication bypass bugs at Siemens.”

Ditching Java might be a good move
As unpatched Java vulnerabilities are frequently taken advantage by exploit kits and users often forget to update Java, F-Secure’s Mikko Hypponen says that maybe it’s time to consider doing without it.




Share this