Week in review: Java 0-day wreaking havoc, hiding messages in Skype silences, Apple prevents popular app scam tactic
Here’s an overview of some of last week’s most interesting news and articles:
Hiding secret messages in Skype silences
A group of researchers from the Institute of Telecommunications of the Warsaw University of Technology have devised a way to send and receive messages hidden in the data packets used to represent silences during a Skype call.
Researchers crack Microsoft’s Fix It for latest IE 0-day
Bad news comes from researchers from security firm Exodus Intelligence: the Fix It tool released by Microsoft that supposedly reduces the attack surface of the vulnerability is flawed.
Copied Android apps sold on Google Play at higher prices
App developer Root Uninstaller claims that some of his original apps for the Android platform have been copied and are currently being sold on Google Play.
Fake “Facebook Security Team” account asks for your credentials
An account posing as that of the Facebook Security Team has been spotted sending warnings to page administrators, trying to fool them into believing that their Facebook account will be suspended due to a violation of the social network’s Terms of Service.
The importance of data normalization in IPS
To fully comprehend the importance of data normalization in an Intrusion Prevention System, it is first necessary to understand what data normalization is and what it does, how it accomplishes its goal, and why it is so integral to maintaining security against the advanced evasion techniques used today.
McAfee says he used malware to spy on Belize authorities
John McAfee’s name is well-known in the information security industry, but until very recently, most of the general public didn’t know that he had long ago stopped having anything to do with the antivirus company he founded. Recently McAfee found himself in the spotlight for completely different reasons.
ENISA summarizes 120 threat reports, identifies top trends
The report summaries 120 recent reports from 2011 and 2012 from the security industry, networks of excellence, standardization bodies and other independent parties, making the report the world’s most comprehensive synthesis presently available.
New twists to previously-existing cyber scams
FBI’s Internet Crime Complaint Center (IC3) has released a report detailing recent cyber crime trends and new twists to previously-existing cyber scams. Among them is a new approach used by pay day loan phone scammers, who have been targeting individuals for the last three years.
U.S. nuke lab removes Chinese equipment from its networks
The Los Alamos National Laboratory in New Mexico – one of the two U.S. laboratories that are engaged in designing nuclear weapons – has removed at least two network switches made by H3C Technologies from its systems because devices produced by the China-based manufacturer are considered to be a potential threat to national security.
Japanese cops collar malware-carrying cat
When imagining law enforcement officers investigating and searching for cyber criminals or evidence about their activities, the last thing that you can probably envision is them searching for a stray cat. But that was exactly what detectives of Japan’s National Police Agency recently did as the last step in a complex “treasure hunt” started on New Year’s Day by a person (persons?) who is allegedly the mastermind behind the so-called “Remote Control Virus”.
HTTPS for Yahoo! Mail is now available
Yahoo has finally decided to offer to the users of its popular Yahoo! Mail service the option of encrypting their entire webmail session by switching on the Secure Sockets Layer (SSL) cryptographic protocol.
Military IT dependence could result in fatal cyber attacks
This week, MPs on the Defence Select Committee have produced a report stating that the UK’s armed forces are now so dependent on IT that they could be “fatally compromised’ by cyber attacks. The report also questions the military’s contingency plans while urging the government to take more action to address the threat.
Data security tips for healthcare organizations
Here are 11 tips for a healthier organization—meant to be kept longer than peoples’ typical New Year’s resolutions.
Critical Ruby on Rails flaws fixed, upgrade immediately
For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails are advised to upgrade to the newly offered versions immediately due to serious vulnerabilities present in previous ones.
Apple moves to prevent popular app scam tactic
In an effort to prevent malicious apps from being inadvertently allowed to go on sale on the Apple App Store, the company has decided to make it difficult for developers to change the screenshots of their apps once they have been successfully vetted.
FISAA legalizes surveillance of EU citizens and their cloud data, claims study
When the Foreign Intelligence Surveillance Amendments Act (FISAA) was extended for another 5 years thanks to a majority vote in the U.S. Senate late last year, there weren’t many Europeans who took notice and were worried about the fact. But, as Slate’s Ryan Gallagher recently noted – they should have.
Spoofed Google Chrome update page serves malware
Malware peddlers are taking advantage of Thursday’s release of the latest version of Google Chrome and have already set up a spoofed page of the initial rollout page in order to deliver their malicious wares.
Disable Java! Recent 0-day exploit is included in exploit kits
The Java zero-day that has recently been spotted being exploited in the wild has turned into big, big news as a number of popular exploit kits have been fitted with the exploit for it.
IBM tops U.S. patent list for 2012
IBM received a record 6,478 patents in 2012 for inventions that will enable fundamental advancements across key domains including analytics, Big Data, cybersecurity, cloud, mobile, social networking and software defined environments, as well as industry solutions for retail, banking, healthcare, and transportation.