Week in review: SANS’ real-world cyber city, and the return of an aggressive autorun worm

Here’s an overview of some of last week’s most interesting news and articles:

eBay patches two critical security flaws on US website
Two critical vulnerabilities in eBay’s US website (ebay.com) have been closed by the company, preventing attackers from accessing and modifying one of its databases as well as steal eBay users’ login credentials.

Shredded police documents showered down on Macy’s parade spectators
A Tufts University freshman made a troubling discovery while watching Macy’s Thanksgiving Day Parade in New York: among the confetti that were being thrown around while the floats and balloons were passing were also shredded documents containing very sensitive information.

Nationwide customers notified of breach, PI theft
Nationwide, one of the largest insurance and financial services companies in the world, has been sending out letters to notify some of its clients about the compromise and potential compromise of their personal information following a recent breach.

DIY mass iFrame injecting Apache module sold online
The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it’s no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks and scammers.

Five key business-tech trends in 2013 for enterprises
The new year will see greater adoption of advanced technology to meet changing demands of enterprises while increasing productivity and creating new experiences for customers.

Researchers finds 23 vulnerabilities in SCADA software
The recent revelation that Malta-based start-up ReVuln is offering only to paying customers information about SCADA zero-day vulnerabilities has spurred security researcher Aaron Portnoy into trying his hand at finding some.

Hardcoded account in Samsung printers provides backdoor for attackers
US-CERT has issued an alert warning users of Samsung printers and some Dell printers manufactured by Samsung about the presence of a hardcoded account that could allow remote attackers to access an affected device with administrative privileges.

Piwik.org compromised, offered Trojanized version of analytics software
According to a blog post published today by the Piwik team, the Piwik.org webserver got compromised on November 26, and the modified file was available for download for a little over eight hours.

Fraud 101 for universities
James Gifas, head of Treasury Solutions at RBS Citizens, explains some of the risks for college financial offices.

Real-world cyber city used to train cyber warriors
SANS announced NetWars CyberCity, a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. NetWars CyberCity was developed to teach cyber warriors from the U.S. Military how online actions can have kinetic effects.

Facebook users will vote on policy changes, possibly for the last time
When Facebook recently announced that it plans to change the way users can influence changes on its privacy policy, privacy advocates were not amused.

Fake Windows 8 key generators lurk in the wild
Users who are eager to try out the new Windows 8 but are not keen on buying it should be careful if searching for bootlegged copies or purported key generators online.

Malicious ads lead to fake browser updates
Every now and then, malware peddlers employ the “Your browser is out of date, download the update here” approach to saddling inexperienced users with their malicious wares.

Top 5 security threats for 2013
The Information Security Forum announced their forecast of the top five security threats businesses will face in 2013.

UN atomic energy agency confirms breach into its server
It has been confirmed that the email addresses recently leaked by anti-Israel hacker group “Parastoo” have been stolen from a server belonging to the International Atomic Energy Agency located in Vienna.

Shylock’s new trick for evading malware researchers
Like most malware strains, Shylock continues to evolve in order to bypass new defensive technologies put in place by financial institutions and enterprises. While analyzing a recent Shylock dropper Trusteer noticed a new trick it uses to evade detection.

Facebook’s “Hacktober” tests employees’ security awareness
Since 2004, October has been dubbed “National Cyber Security Awareness Month,” and many security-minded individuals, businesses and organizations make it a point to mark it. For the second year in a row, Facebook has celebrated “Hacktober” by testing their own employees with simulated attacks and threats.

Agressive worm infection leads to banking Trojan infection
W32/VBNA-X is a worm, but also exhibits characteristics typically found in a Trojan. Its most obvious method of spreading appears to be through the use of autorun.inf files dropped on removable media and writable network shares.