Week in review: Vulnerable CCTV systems, Pinterest scam toolkits, and top three security concerns for CSOs and CIOs

Data from over 200 Pen Tests Shows Most Common Vulnerabilities. Learn more now.

Here’s an overview of some of last week’s most interesting news, podcasts, videos and articles:

IT candidates should shift career perspectives
Enterprises seem to be capitalizing on the competitiveness of the candidate pool, increasing expectations and requirements of skills and credentials.

Adobe backs down, will patch old software for free
Following Adobe’s recent release of Creative Suite 6 and its statement that it will not be patching critical security vulnerabilities in previous versions of the popular software the suite includes, security experts and users have voiced their indignation.

Alternative app marketplaces prove profitable for cybercriminals
Avast researchers discovered a new batch of fake alternative marketplaces for downloading smartphone apps that trick users into sending premium rate SMS messages.

Zeus exploits users of Facebook, Gmail, Hotmail and Yahoo!
Trusteer discovered a series of attacks being carried out by a P2P variant of the Zeus platform against users of Facebook, Google Mail, Hotmail and Yahoo – offering rebates and new security measures.

Microsoft shows cloud computing security benefits
Small and midsize businesses (SMBs) are gaining significant IT security benefits from using the cloud, according to a new Microsoft study in five geographies.

Pinterest scam toolkits widen the pool of potential scammers
Seemingly overnight, Pinterest gained massive momentum, making cyber scammers sit up and take notice, then jump right in. But the opportunities the site gives to those looking to make a quick buck are not open only to experienced scammers, but to novices as well, as Pinterest scam toolkits have been made available for sale.

Banking Trojan masquerading as Chrome installer
Brazilian and Peruvian users looking to install Google’s Chrome browser are in grave danger of downloading information-stealing malware instead.

Top three security concerns for CSOs and CIOs
In this podcast recorded at the RSA Conference 2012, Val Rahmani, CEO of Damballa, talks about the three things that currently worry CSOs and CIOs the most: the “unknown threat”, the lack of effective automated log analysis, and BYOD.

IT is embracing BYOD
IT is accepting, and in some cases embracing, “bring your own device” (BYOD) as a reality in the enterprise. A new Cisco study shows some of the quantifiable benefits and complexities associated with allowing employees to use their own mobile devices on their employers’ networks.

Avira “fixes” PC-crippling update bug
On Monday, Avira issued a faulty Service Pack for all of its products running on 32-bit versions of Windows, which resulted in massive problems for users as the AntiVirProActiv component began detecting pretty much every executable as malware.

Kickstarter bug granted access to unlaunched projects
A bug in the private application programming interface (API) of Kickstarter, the popular crowd funding website for creative projects, has exposed details about 70,000 projects that will be launched on the website in the near future.

SSL governance and implementation across the Internet
Philippe Courtot, founder of the Trustworthy Internet Movement (TIM), and chairman and CEO of Qualys, talks about how the TIM has chosen SSL governance and implementation across the Internet as its first project.

Flashback botmasters earned less than $15K
It has already been established that the criminals behind the Flashback botnet were after money, but according to Symantec researchers, their plan was foiled by the attention that the first massive Mac botnet was given by security researchers.

Leveraging PCI standards to accept mobile payments securely
The PCI Security Standards Council (PCI SSC) published a customized fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets.

Most CCTV systems are easily accessible to attackers
According to Gotham Digital Science researcher Justin Cacak, standalone CCTV video surveillance systems by MicroDigital, HIVISION, CTRing, and many other rebranded devices are not only shipped with remote access enabled by default, but also with preconfigured default accounts and passwords that are banal and easy to guess.

Anti-Anonymous hacker takes credit for The Pirate Bay DDoS
It was initially thought that Anonymous was behind the attack, because The Pirate Bay openly criticized Anonymous’ DDoS attacks against Virgin Media, a UK ISP that blocked access to the popular torrent site. But the hacktivist group denied it, and The Pirate Bay confirmed that they were not on its Facebook page.

Review: LOK-IT Secure Flash Drive
After a couple of years of research and development, LOK-IT was announced at the RSA Conference 2011 in San Francisco. The product boasted a unique concept of PIN-based hardware authentication. Later that year, at the FOSE 2011, LOK-IT was proclaimed to be the most innovative product at the show.

Spam with malicious attachments rising
While the volume of spam messages is falling, the number of messages containing malicious attachments increased, meaning that spam is growing more dangerous even as it becomes less prevalent, according to a Bitdefender study.

Password creation policies are the enemy of secure passphrases
Commenting on reports that a security developer has concluded that password-creation policies are the enemy of secure passwords, SecurEnvoy co-founder Steve Watts says that the fundamental issue is that conventional ID/password security is now coming to the end of the line as far as security is concerned.

Hacker jailed for targeting Call of Duty gamers
20-year-old Lewys Martin from Kent is a repeat offender that, among other things, masqueraded a keylogging Trojan as a “patch” for the popular Call Of Duty game and used it to steal personal and financial information from unsuspecting victims.

Twitter supports “Do Not Track” option
The news was announced by Ed Felten, the US Federal Trade Commission’s CTO, at a New York Internet Week privacy panel, and Twitter has quickly come out to confirm it: the popular micro-blogging service will support the “Do Not Track” initiative and has already rolled out the DNT opt-out cookie.

Worm targets Facebook users via PMs
A worm posing as a JPG image has seemingly been spotted propagating on Facebook and through various IM applications.