Week in review: Shamoon attacks, automated hacking, Assange granted asylum in Ecuador
Here’s an overview of some of last week’s most interesting news, podcasts, reviews, videos and articles:
Scientists create algorithm for tracking down sources of online attacks
Swiss researcher Pedro Pinto and his team from the ?‰cole Polytechnique Fédérale de Lausanne have revealed a new strategy for localizing the source of threat diffusion in complex networks.
Microsoft and NYPD unveil new centralized surveillance system
New York City and Microsoft have joined forces and developed a new computer system that aggregates and analyzes the information gathered through a number of public safety data streams in real time in order to combat crime and other threats in the city.
The evolving nature of hacktivism
What does the present-day Anonymous look like? There are two emerging groups.
New financial malware targeting banks avoids AV detection
Two years ago, Trusteer discovered Silon, a financial malware that was defrauding online banking customers protected by two factor authentication systems left and right.
What’s so special about Gauss?
Kaspersky Lab experts have recently notified the world of the existence of another piece of malware that seems to have come from the same workshop(s) that pushed out Stuxnet, Duqu and Flame.
Raising user awareness about privacy issues
In this Help Net Security podcast Catalin Cosoi, Chief Security Researcher for Bitdefender, talks about the company’s efforts for making users aware of the privacy issues on the Internet, and warns about the fact that even if you’re avoiding using social media, there might be information about you on the Internet that you would prefer not to be available to everyone.
Who is using the commercial cyberespionage tool FinFisher?
Malware development has long stopped being the exclusive domain of individuals and groups looking for strictly fame or money. As years passed and everybody and everything went online, governments and intelligence agencies have also discovered the immense possibilities of using legal (or not) malware to spy on its potential enemies.
Tips for college students to deter identity theft
PrivacyGuard announced a list of tips and precautions for college students to help them prevent identity theft.
Facebook deceived developers and users with Verified Apps program
The privacy settlement that the US Federal Trade Commission and Facebook agreed on last November has been finalized on Friday and, unlike Google earlier that week, Facebook managed to avoid paying any fines.
Website analyzes and rates convoluted Terms of Service
When signing up for an online service, users are required to read and agree to the presented Terms of Service (ToS). But these terms often go on and on, and are written in such a way as to be understandable only to lawyers.
Malware-laden emails target hedge fund managers
A highly targeted spam campaign aimed at hedge and private equity fund managers has recently been spotted by Barracuda Labs researchers. The email looks like it has been forwarded a couple of times, and supposedly has a document with details about NSYE carried interest fees attached to it.
The Information Diet: A Case for Conscious Consumption
As the amount of information we consume every day rises inexorably, we have to be aware that our brain does is not able to store it and retrieve it like a computer. Also, that given its limitations and the negative influence of junk information has on our way of thinking, we have to learn how to be selective about what information we consume.
Organizations lack protocols to protect data in the cloud
While sixty-two percent of survey respondents are leveraging the cloud and/or virtualization, only 33 percent of these organizations test data recovery plans regularly to ensure proper protocols are in place to protect this data, according to a survey conducted by Kroll Ontrack of 367 enterprise and services providers.
Critical vulnerabilities in popular DDoS toolkit exposed
Prolexic Technologies exposed weaknesses in the command and control (C&C) architecture of the Dirt Jumper DDoS Toolkit family that could neutralize would-be attackers. The Dirt Jumper family of toolkits is considered one of the most popular attack tools on the market today.
Google announces $2 million in prizes for Pwnium 2
Following the announcement that it will be upping the monetary rewards given to security researchers that responsibly disclose Chromium vulnerabilities, Google has announced that it will also increase the prizes given out to successful participants of its Pwnium competition.
WikiLeaks’ Assange granted asylum in Ecuador
After spending 56 days holed up in the Ecuadorian embassy in London, WikiLeaks founder Julian Assange has finally received a favorable answer to his request for political asylum in the Latin American country.
NSS Labs expose inadequate AV products
NSS Labs testing showed that 9 of 13 popular consumer anti-virus products tested failed to provide adequate protection against exploits targeting two recent critical Microsoft vulnerabilities.
DDoS protection service: Top vendors in the field
Distributed denial of service (DDoS) attacks have in the past been viewed mostly as a tool of online protest due to Anonymous’ obvious predilection for this service disruption technique, but have long stopped being just that.
Twitter announces API update, new rules for developers
Twitter has announced the upcoming release of the newest version of its API and a number of new and stricter rules that have left many developers of apps for its platform disgruntled.
Automated hacking
In this video, Rob Rachwald, Director of Security Strategy at Imperva, talks about how attackers are using automation to carry out attacks on web applications. Rob talks about Imperva’s research into the most frequently used automated tools and also discusses how you can identify automated hacking.
Destructive Shamoon attack targets energy sector
A new spear-phishing attack targeting a number of specific companies in a few industries including the energy sector has been spotted by several security companies.