Week in review: Multifunction printer hacking, new protection mechanisms for IE 10 and most notorious Android malware

Here’s an overview of some of last week’s most interesting news, podcasts, articles and reviews:

Multifunction printer hacking
In this podcast, Deral Heiland talks about the types of attacks that can be mounted against multifunction printers and shares best security practices and mitigation techniques that will make the attackers’ job a lot harder.

A new security strategy for Sony
In October, former McAfee CSO Brett Wahlin joined Sony Network Entertainment as its first CSO and has been working on implementing a defense strategy for the division ever since.

Teen exploits three 0-days to hack Chrome, earns $60K from Google
The end of this year’s editions of the Pwn2Own and Pwnium contests has been marked by another Chrome hack, executed by a teenage security researcher that goes by the alias “PinkiePie”, and the successful “pwnage” of Mozilla’s Firefox browser by researchers Willem Pinckaers and Vincenzo Iozzo.

New online banking fraud schemes target mobile users
Trusteer uncovered two online banking fraud schemes designed to defeat one time password (OTP) authorization systems used by many banks. Unlike a previous attack Trusteer discussed that involved changing the victim’s mobile number to redirect OTPs to the fraudster’s phone, in these new scams the criminals are stealing the actual mobile device SIM card.

DARPA director leaves the agency for Google
Regina Dugan, the first female director of the Defense Advanced Research Projects Agency (DARPA), has been offered and has accepted a “senior executive position” at Google.

Big gaps in backup plans
Small businesses are using a variety of technologies to back up data including some antiquated methods that leave the backup process incomplete and susceptible to information loss, according to Carbonite.

19-year-old wins UK Cyber Security Challenge
Computer sciences student Jonathan Millican from North Yorkshire is the winner of the latest edition of the UK Cyber Security Challenge, having successfully passed a number of tests during the last six months and having demonstrated knowledge that goes beyond his years.

China escalating Tibetan cold war into cyberspace
AlienVault has discovered a range of spear phishing attacks taking place against a number of Tibetan organizations, apparently from Chinese attackers.

The evolution of malware and the threat landscape
In this podcast, Tim Rains, the Director of Product Management at Microsoft’s TWC group, talks about a special edition of Microsoft’s Security Intelligence Report – “The Evolution of Malware and the Threat Landscape”.

Malware sophistication worries IT leaders
More than half of IT leaders (62 percent) fear that malware is growing more sophisticated faster than they can upgrade their analysis capabilities. Additionally, 58 percent cited the growing number of threats as their biggest worry for 2012, according to Norman.

Microsoft adds new protection mechanisms to IE 10
For those wondering exactly what kind of improvements IE 10 will bring, Forbes Higman, Security Program Manager for Internet Explorer, shared details.

Is Ukraine the perfect place for hackers?
What is it that makes the Ukraine such a fitting refuge for hackers and cyber crooks?

The Basics of Digital Forensics
With privacy becoming an increasingly urgent concern as years go by, every computer technology user should know a bit about what can be extracted from various devices – no matter which side of the inquiry he might find himself on.

Android pattern lock stumps FBI forensic experts
Who would have thought that pattern screen locks on Android phones actually provide such an effective barrier to unauthorized access that even the FBI is forced ask Google for help in unlocking a suspect’s phone?

A decade of vulnerabilities and predictions for 2012
Since 2001, Spanish security firm S21sec has been been compiling a database of vulnerabilities detected by themselves and those reported by a great number of sources which include software developers, vulnerability researchers such as Secunia and the full disclosure mailing list Bugtraq.

Most notorious Android malware
Total Defense announced the findings of its 2011 Internet Security Threat Intelligence Report, which indicates Android’s rise in market share was only surpassed by the amount of malware targeted at Android devices. In total, over 25 times more Android Malware was identified in 2011.

Are mobile password apps pointless?
ElcomSoft analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection.

Fake Google Play site serves Android malware
Online scammers are known for their adaptability, so it should not come as a surprise that the recent name change of Google’s official Android Market – now dubbed Google Play – would be quickly taken advantage of.

Working exploit for MS12-020 RDP flaw found
The vulnerability in Microsoft’s Remote Desktop Protocol (RDP) implementation (MS12-020) has been deemed critical enough to warrant a an immediate implementation of the patch, as it was expected that an exploit for the vulnerability would pop up in the wild in fewer than 30 days. But, as it turns out, it took only one.

Android banking Trojan steals both authenticating factors
The Zeus and SpyEye banking Trojans have recently been fitted with a new module that targets Android users that use their device as an added authentication method when accessing their bank accounts online. But in order to effect a successful attack against the user, both his PC and Android device have to be compromised with malware, so malware authors have decided to cut the effort in two and make a fake app that will get both authentication factors in one fell swoop.




Share this