Week in review: New Java 0-day, Stuxnet’s earliest known version analyzed, and old school malware used for spying on European govts

Here’s an overview of some of last week’s most interesting news, videos, interviews and articles:

HTC agrees to fix vulnerabilities found in millions of its devices
HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.

Microsoft also victim of recent watering hole attack
Microsoft has followed in the steps of Twitter, Facebook and Apple, and has confirmed on Friday that it has recently experienced a security intrusion.

Shortage of infosec pros equals frequent and costly data breaches
(ISC)2 released the results of its sixth Global Information Security Workforce Study (GISWS), which reveals that the global shortage of information security professionals is having a profound impact on the economy and is driven by a combination of business conditions, executives not fully understanding the need for security, and an inability to locate qualified information security professionals.

Separating single sign-on myths from fact
Single Sign On (SSO) is a powerful tool, which is why it is particularly of interest to CIOs in light of the increased number and severity of data breaches occurring around the globe – many of which are caused by inappropriate access to vital business data.

Worst global cyber threats of 2012
The Nominum security team analyzed DNS data across the globe to identify the worst malicious bots of 2012 and ranked them according to breadth and repercussions of infection.

Investors demand more transparency about corporate cyberattacks
More than 70 percent of American investors are interested in reviewing public company cybersecurity practices and nearly 80 percent would not likely consider investing in a company with a history of cyberattacks, according to a new nationwide survey of investor.

Stuxnet’s earliest known version sheds light on the worm’s development
Symantec researchers have discovered an older version of the infamous Stuxnet worm that caused the disruption at Iran’s nuclear facility in Natanz: Stuxnet 0.5.

Encryption no longer seen as just an IT issue
There has been a steady increase in the deployment of encryption solutions used by organizations over the past eight years.

Video: RSA Conference 2013 showcase
The world’s top information security professionals and business leaders gathered in San Francisco for RSA Conference 2013. Here’s a closer look at the show.

Big Data is solution to security challenges
In his opening keynote at RSA Conference 2013, Art Coviello , Executive Vice President of EMC Corporation and Executive Chairman of RSA, addressed a record crowd about the ways that Big Data is transforming the security industry, information technology, business and society.

Corporate data loss hits highest levels since 2008
Data loss attacks affected more than one billion people in the last five years and more than 60 percent of those incidents were the result of hacking, says The Data Loss Barometer report.

Adobe patches Flash again as Firefox users are under attack
The attackers are trying to trick users into clicking a link which directs to a website serving malicious Flash (SWF) content and, according to the security bulletin released by Adobe, Firefox users are particularly at risk.

Users confused about safe use of mobile devices
One in four average mobile users store intimate photos or videos on a smartphone or tablet, but despite the obvious risks to personal privacy if a device is lost or compromised, some 70 percent of consumers are unaware of security features that allow such data to be deleted remotely, revealed a study released by AVG Technologies.

End of 2012 saw five-fold increase of Android malware
In December, the Commtouch’s lab collected more than 214,000 samples of Android malware, compared to approximately 41,000 in September.

Old school malware used for spying on European govts
Kaspersky Lab’s team of experts published a new research report that analyzed a series of security incidents involving the use of the recently discovered PDF exploit in Adobe Reader (CVE-2013-6040) and a new, highly customized malicious program known as MiniDuke.

Fake Flash Player download pages pushing malware
If you haven’t set up automatic updating for Flash, you will have to find and download the update yourself – just be careful you don’t end up with malware on your computer.

3 out of 4 infosec pros unsure they would spot a breach
LogRhythm announced the results of its 2nd Annual Cyber Threat Readiness Survey of 150 IT security professionals on their organizations’ readiness to address advanced cyber security threats.

Security breaches remain undiscovered and unresolved for months
The Ponemon Institute polled 3,529 IT and IT security professionals in U.S., Canada, UK, Australia, Brazil, Japan, Singapore and United Arab Emirates, to understand the steps they are taking in the aftermath of malicious and non-malicious data breaches.

Bank of America says leaked data did not come from their systems
Bank of America has confirmed that some of the data included in the massive leak by Anonymous-affiliated group “Par:AnoIA” does belong to them, but that it didn’t come from their owns systems, but those of a third-party contractor.

More (circumstantial) findings reinforce Mandiant’s APT1 claims
The release of Mandiant’s APT1 report has created quite a stir in security and international political circles. The majority saw it as a confirmation of the long held belief that the Chinese government is sanctioning active espionage campaigns all over the world, while others pointed out its flaws. In the meantime, certain curious individuals did some investigating on their own and discovered some more data that seems to reinforce Mandiant’s findings.

IT complexity and change auditing
Robert Bobel is the Director of Product Management at NetWrix. In this interview he talks about change auditing trends, enterprise security issues, increasing IT complexity and the NetWrix Change Reporter Suite.

Tips to minimize the risk and impact of identity fraud
Last week, a Javelin Strategy & Research report found 12.6 million victims of identity fraud in the United States in the past year, which equates to 1 victim every 3 seconds.

Scammers use Google glasses as lure
The great interest that the upcoming release of Google glasses has generated in the public is being actively exploited by cyber scammers, warns Trend Micro.

New Java 0-day exploited in ongoing attacks
Affected updates are Java v1.6 Update 41 and Java v1.7 Update 15 (released on February 19).

More about

Don't miss