Week in review: Facebook to educate new users on privacy, PayPal, Symantec targeted in hacking spree

Here’s an overview of some of last week’s most interesting news, videos, reviews, podcasts and articles:

Life cycle and detection of an exploit kit
This talk examines how some popular exploit kits work, from lure through payload; and discuss detection and prevention methodologies, with a focus on IDS/IPS.

PayPal, Symantec, ImageShack, NBC targeted in hacking spree
The last week has witnessed a flurry of activity and data leaks from several hacker groups.

New Facebook users will be educated on privacy
Facebook has announced that when signing up for the social network, new users will be subjected to a more prominent and detailed education about privacy and information sharing.

EFF teaches how to file FOIA requests
The Electronic Frontier Foundation has announced a new project that should make it easier for interested parties to search for information the organization received following their Freedom of Information Act requests, and to file their own requests.

Image-stealing malware might lead to blackmailing attempts
Dubbed “PixSteal”, this particular Trojan opens a hidden command line and copies all JPG, JPEG, and DMP files it can find on drives C, D, and E of the affected system to the C drive.

GateWall Mail Security
Entensys’ GateWall Mail Security is a solution that protects corporate environments from malware threats, spam and data loss issues. This software-based solution is installed within the corporate intranet and acts as a gateway between the external and internal mail servers.

Trust in the cloud or trust in the phone: What next for mobile payments?
Thales looks at the approaches for the successful mass adoption of mobile payments among issuers, card schemes, acquirers, merchants and consumers and asks whether the arrival of emerging mobile payment technologies and increasingly secure cloud services will act as a revolutionary or evolutionary force?

Most Android malware are SMS Trojans
Android versions 2.3.6, or ‘Gingerbread’, and 4.0.4, also known as ‘Ice Cream Sandwich’ were the most popular Android targets among cybercriminals in Q3, according to Kaspersky Lab.

“Free $100 McDonald’s gift card” scam targeting Facebook users
Facebook users are once again targeted with a rogue app / survey scam combo.

Alarming number of merchants unaware of PCI DSS
The last four years have been marked by continued growth in small business data compromise, yet small business owners are still missing the point of the PCI DSS, a ControlScan report reveals.

Android malware continues to dominate the mobile threat landscape
F-Secure recently released the latest version of their Mobile Threat Report which covers Q3 2012. This is the executive summary related to Android threats.

Can you trust the cloud?
In this podcast recorded at RSA Conference Europe 2012, Mike Small, an analyst at Kuppinger Cole and member of ISACA, offers his top ten tips for assuring cloud services.

Infographic: “How companies track you on the Web”
Veracode’s new infographic illustrates how privacy transference has evolved into a major problem for consumers who willingly give information to businesses online, but do not expect it to be shared, sold or used for marketing purposes.

Video demonstration: New Adobe Reader zero-day exploit
Russian based security company Group-IB announced a new zero day vulnerability in Adobe Reader 10 and 11. According to their research, the exploit bypasses Reader’s sandbox and is already included in the latest version of the Blackhole exploit kit.

Adobe Reader 0-day exploit sold for $50,000
The good news is that the exploit costs $50,000 which limits the purchase of it to defense contractors, nation states and some criminal organizations that may be able to recoup the cost of purchase.

IT in the organization: four possible scenarios for the future
The changing shape of IT is causing CIOs to question the role of IT in the organization. As businesses confront global economic uncertainty, changing market dynamics and cultural discontinuities created by technological innovation, their different parts require different ways of interacting with IT. Gartner analysts at Gartner Symposium/ITxpo 2012 in Barcelona discussed future scenarios for information technology. There are four, and they are not mutually exclusive and may exist in combination.

Social networking is the #1 risk to information security
The consumerisation of IT has made security far more difficult to manage according to research published by McAfee at its Security Summit in London. This is exemplified by the introduction of personal devices, the growth of social networking and the explosion of employee-created and managed data.

Symbian malware scene far from dead
Despite Android’s dominance in the mobile threat landscape, the Symbian malware scene is far from dead. 21 new families and variants were discovered in the third quarter of 2012, a 17% increase compared to the second quarter.




Share this