Week in review: New Nmap released, Zeus Trojan comes with ransomware, and SMS spying app on Google Play

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

IEEE introduces standard for body area networking
IEEE announced a new standard, IEEE 802.15.6TM-2012, optimized to serve wireless communications needs for ultra-low power devices operating in or around the human body.

Microsoft embraces CVRF format for its security bulletins
The Common Vulnerability Reporting Framework has recently received an update but, most important of all, has also received a very prominent backer: Microsoft.

Nmap 6 released
Nmap is a free and open source utility for network exploration or security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Organizations struggling to enforce policies for managing records
Despite greater investments in their information management programs, most organizations still struggle with properly implementing those programs and getting employees to comply with them, putting them at risk for information loss, regulatory non-compliance and litigation.

Mistakes that led to the massive Utah data breach
A little over a month ago, the largest data breach in Utah history resulted in the compromise of Social Security numbers of some 280,000 Medicaid and Children’s Health Insurance Plans users and “less sensitive” information on 500,000 more of them.

BYOD adoption is growing despite security concerns
A survey found that 69 percent of organizations polled allow some form of BYOD, whether that is strictly limited to internet connectivity or includes some access to corporate applications on employee-owned devices.

SMS spying app offered on Google Play
Phone spying apps are usually offered on hacking forums and third party app markets, but given their malicious potential, it’s unusual to see them being offered for sale on official online marketplaces. Nevertheless, it does occasionally happen.

Hackers breach WHMCS via social engineering
WHMCS, the company behind the popular commercial billing and automation software program used by many web hosting firms, has had its web server hacked on Monday.

Bogus Facebook apps could lead to Android malware
Bitdefender researchers have recently spotted something that could be the beginning of paid promotions through Facebook, and believe that the approach can very easily be used for peddling malicious mobile apps.

Tips for a unified records management approach
While an increasing number of companies have one policy for handling paper documents and electronic files, the pervasive growth of new record sources like Twitter, wikis and collaborative software applications like Microsoft SharePoint threatens their ability to keep those policies current and compliant.

Financial fraud drives most targeted attacks
Check Point announced the results of a new survey revealing 65% of organizations who experienced targeted attacks reported that the hacker’s motivation was driven by financial fraud, and resulted in business disruption and the loss of sensitive information, including intellectual property and trade secrets.

Trojan stealing money in German online banking scam
Trusteer came across a complex new criminal scheme involving the Tatanga Trojan that conducts an elaborate Man in the Browser (MitB) attack to bypass SMS based transaction authorization to commit online banking fraud.

Zeus Trojan variant comes with ransomware feature
The recent popularity of ransomware as a tactic for duping users into giving up their hard-earned cash has resulted in an unexpected malware combination.

Top 10 patching hurdles and how to overcome them
Patching is the most effective, efficient and simple method to mitigate malware, worms and viruses. It may not protect against advance attacks that make use of 0-day vulnerabilities, but for the most part it is an excellent cost effective and reliable solution.

Google begins notifying users infected with DNS Changer
As the date set for the final shutdown of the infrastructure that keeps computers infected with the DNSChanger Trojan connected to the Internet is approaching at a fast pace, Google has decided to begin warning affected users that land on its search sites.

Security considerations for IPv6 launch day
Because IPv4 is not going away and many estimate that it will take 10 years (or longer) for the natural death of IPv4 to occur, we will essentially live in perpetuity with both designs.

The potential of virtualization security
In this podcast recorded at RSA Conference 2012, Anup Ghosh, CEO of Invincea, tells us how security hasn’t advanced much in the past decade from a technology point of view.

Photos: HITBSecConf 2012 Amsterdam
Taking place last week in Amsterdam was the well-known HITBSecConf that featured deeply technical talks, workshops, hands-on lab sessions, a brand new attack and defense Capture the Flag game, and much more.

Significant malware increase across all platforms
In Q1, PC malware reached its highest levels in four years, as well as a steep increase in malware targeting the Android platform. Mac malware was also on the rise, indicating that total malware could reach the 100 million mark within the year, according to McAfee.

Cloud computing choices
The cloud is not one thing; it covers a wide spectrum of types of service and delivery models ranging from in-house virtual servers to software accessed by multiple organizations over the internet.




Share this