Week in review: Malware served form SourceForge mirror, Adobe breach and compromised certificate

Here’s an overview of some of last week’s most interesting news, interviews, videos and articles:

Facebook turns off facial recognition in Europe
Facebook has assented to keeping the facial recognition feature (“Tag Suggest”) for its European users off until European regulators allow it to be reinstated, and to delete collected templates for those users by 15 October, says in the latest report of a re-audit conducted by Ireland’s Data Protection Commissioner’s Office.

How to recognize rogue online pharmacies
Crooks noticed the high earning potential of rogue online pharmacies from the very start, and the World Health Organization now estimates that more than 50 percent of prescriptions ordered online are counterfeit and either contain the wrong active ingredient or not enough of the active ingredient.

Big Data grows as data security shrinks
A report published by PricewaterhouseCoopers (PwC) has revealed that despite the growing issue of “Big Data,” most organisations are actually keeping looser tabs on data today than in previous years.

Top words cybercriminals use in fake emails
The top words cybercriminals use create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping.

Mobile banking trends and hidden risks
While mobile banking apps are growing quickly in popularity, 68 percent of smartphone owners who have not yet adopted these apps are holding back due to security fears, while only 12 percent believe that the effort of downloading and installing such apps doesn’t justify the convenience, according to Metaforic.

Researchers bypass NFC access control with smartphone
A security flaw in most Mifare NFC contactless cards can easily be misused by hackers to modify the contents of the cards and get free rides on at least two U.S. transit systems.

Critical Java flaw affects nearly one billion users
Researchers from Polish firm Security Explorations keep digging into Java and discovering flaws, the latest of which has been unearthed just before Oracle’s annual JavaOne conference.

Malicious phpMyAdmin served from SourceForge mirror
A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software.

Information-related risks, threats and compliance
Dr. Eric Cole is a security expert with over 20 years of hands-on experience. He is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. He is a SANS faculty fellow and course author. In this interview he discusses managing information-related risks in the enterprise, threat evolution, compliance, security awareness, as well as his SANS “Security Essentials Bootcamp Style” training course he’s hosting at SANS London in late November 2012.

How to prevent a botnet infection?
The research team at e-mail security provider Eleven, published five tips to help users prevent a botnet infection on their computer.

“Watering hole” sites crucial to new cyber espionage campaign
RSA’s newly dubbed FirstWatch research team has recently presented their findings on a “water holing” campaign that they first spotted back in July. The approach consists of compromising websites the targets are likely to visit and equipping them with iframes pointing to servers hosting exploits for zero-days flaw.

Dissatisfaction with the current state of backup
ExaGrid Systems announced the results of a survey of 1,200 IT managers which shows widespread dissatisfaction with the capabilities of many existing backup systems to keep up with requirements for faster backups with permanently short backup windows as data grows, disaster recovery, virtual server backup and recovery, and backup system costs.

Rental computers spied on and photographed users, FTC claims
Seven rent-to-own companies and a software design firm have agreed to settle Federal Trade Commission charges that they spied on consumers using computers that consumers rented from them, capturing screenshots of confidential and personal information, logging their computer keystrokes, and in some cases taking webcam pictures of people in their homes, all without notice to, or consent from, the consumers.

Analysis of nearly 1.7 billion shortened URL links
Web of Trust (WOT) completed an analysis of nearly 1.7 billion shortened URL links and found that the URL shortening services are often used to drive traffic to suspicious websites.

Samsung fixes Galaxy S3 bug, researchers offer fix for other phones
Given the amount of information we all keep on our smartphones, it’s no wonder that the recently demonstrated Samsung Galaxy S3 remote data-wipe hack has ruffled quite a few feathers.

5 bad things IT administrators do
Philip Lieberman is the President at Lieberman Software Corporation and in this video talks about five awful things that IT administrators do and offers ways to fix these actions.

Mozilla launches its privacy-friendly website login system
Remember Mozilla’s introduction of the BrowserID browser-based system for identifying and authenticating users? Well, the login system that was created a privacy-friendly alternative to those employed by Google, Facebook and Twitter is now called Persona, and Mozilla has announced its first beta release on Thursday.

Adobe admits breach, will revoke compromised code signing certificate
Adobe has confirmed that one of their build servers that has access to the Adobe code signing infrastructure has been compromised, allowing attackers to digitally sign two malicious utilities with a valid Adobe code signing certificate.

Major U.S. banks still under DDoS attack
PNC Bank seems to be the latest target of the organized DDoS attacks agains major U.S. financial institutions such as JPMorgan Chase, Bank of America, Wells Fargo, Citigroup, U.S. Bancorp, New York Stock Exchange and others.

More about

Don't miss