Week in review: Gizmodo, Reuters, Blizzard hacks, and the underground economy of social network

Here’s an overview of some of last week’s most interesting news and articles:

“Microsoft support” scammers still cold calling users
The old “Microsoft support center” scam is back. It is likely that it never went away, but lately the scammers have increased their efforts, targeting users again and again.

The underground economy of social networks
In a new study, Barracuda Labs analyzed a random sampling of more than 70,000 fake Twitter accounts that are being used to sell fake Twitter followers.

Malicious Olympic 2012 Android apps spotted
Webroot researchers have recently spotted an app that supposedly shows users aggregated 2012 Olympics news, but also harvests their contacts list, reads their text messages, and collects information about the device’s ID and location.

Employees targeted with faked emails from payroll services firms
Administrators at companies that outsourced payroll management to outside firms have recently been heavily targeted with malicious emails supposedly coming from those very same companies, warn SANS ISC researchers.

Quantum cryptography theory has a proven security defect
Researchers at Tamagawa University, Quantum ICT Research Institute, announced today that they had proved the incompleteness and limit of the security theory in quantum key distribution. They showed that the present theory cannot guarantee unconditional security.

Gizmodo hack reveals worrying flaws in data management policies
Mat Honan, the former Gizmodo employee who’s personal Twitter account compromise resulted in the temporary hijacking of the tech blog’s Twitter account, has revealed how the hackers managed to do it and, simultaneously, wreak havoc on a number of his other personal accounts.

Reuters hack was due to old WordPress version
While the individuals responsible for the recent hijacking of Reuters’ blogging platform and one of its Twitter accounts are still unknown, it has emerged that the attackers likely managed to hack the former because Reuters still used an older version of WordPress.

Iran government systems to be taken off the Internet for protection
The step was announced by Iran’s telecommunications minister Reza Taghipour at a conference recently held at Tehran’s Amir Kabir University, and is considered to be a direct consequence of the Stuxnet and Flame malware attacks that were obviously directed at targets within the country.

Burning enterprise authentication issues
In this Help Net Security podcast, Mike Moir, Product Manager for Entrust, talks about burning enterprise authentication issues for CxOs in the enterprise, and ways of solving them.

The fuel that drives global cybercrime
Karine de Ponteves is a FortiGuard AV analyst with Fortinet. In this interview she discusses how cybercriminals exploit major events to deliver malware, the oversharing of personal information and how that leads to targeted attacks, and more.

Apple, Amazon change their security policies following epic hack
In the aftermath of the spectacular hack that left former Gizmodo employee Mat Honan without access to his Twitter account, his Gmail, his iCloud account and with his iPhone, iPad and Macbook wiped clean, Amazon and Apple have apparently decided to make changes in their procedures that would prevent other hackers to replicate the attack.

Web apps experience 2,700+ attacks per year
According to a new Imperva report, the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. SQL Injection remains the most popular attack vector.

eBay’s security efforts lead to massive fraud drop and 3K arrests
eBay has taken the fraud threat seriously and has managed to cut it by 90 percent in the last three years, the company’s former Chief Information Security Officer Dave Cullinane recently shared at a meeting.

Microsoft confirms IE10 will have “Do Not Track” on by default
Brendon Lynch, Microsoft Chief Privacy Officer, confirmed that, despite all the opposition, the company still means to ship IE10 with “Do Not Track” on by default.

Nepalese government websites serving backdoor
The sites in question are those of the National Information Technology Center (nitc.gov.np) and the Office of the Prime Minister and Council Minister (opmcm.gov.np), and the code injected in them has been taken from the Metasploit framework and was not obfuscated in any way.

Stuxnet cousin able to attack industrial control systems
Apparently designed by the same “factory’ behind the state-sponsored Flame and Stuxnet cyberweapons, Gauss was discovered in June and has already been found to have infected personal computers in Lebanon and other countries in the Middle East.

Andy Murray is the most dangerous British athlete in cyberspace
Cybercriminals often use the names of famous people to lure people to sites that are actually full of malicious software designed to compromise personal details and disrupt devices. Anyone looking for the latest videos or information about their favorite athlete could end up with a malware-ridden computer instead of the sports content they’re looking for.

Insight on social software and big data analytics
Teradata and Mzinga announced the results of a recent industry survey exploring the use of social technologies and big data analytics in business. The survey’s primary goal was to create an industry benchmarking report providing professionals with insight into the adoption, use and current state of social business software and big data analytics in businesses.

Blizzard confirms hack, urges users to change password
Blizzard’s CEO Mike Morhaime has confirmed in a letter that the company’s internal network has been breached this week. The “unauthorized and illegal access” has been closed off, and an investigation in the matter started, but luckily it seems that no financial information has been compromised.




Share this