Week in review: Microsoft bug bounties, NSA, GCHQ surveillance, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews:

Account takeover attempts have nearly doubled
ThreatMetrix announced its Cybercrime Index, a series of Web fraud data aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events.

British GCHQ spied on G20 delegates to gain advantage in talks
The British GCHQ has monitored computers and intercepted phone calls made by the foreign participants of two G20 summit meetings in London in 2009 and provided crucial information in near-real time to the British government and its officials involved in the talks, The Guardian has reported.

U.S. tech companies sharing bug info with U.S. govt before releasing fixes
A recent report by Bloomberg’s Michael Riley has revealed that a great many U.S.-based companies are voluntarily sharing sensitive information with the U.S. national security agencies (both intelligence and military) in order to get information about potential risks and attacks.

New regulation for ENISA, the EU cybersecurity agency
EU cybersecurity agency ENISA has received a new Regulation, granting it a seven year mandate with an expanded set of duties.

The security of WordPress plugins
Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities.

Bill aims to regulate email privacy in the cloud
Texas Governor Rick Perry has signed and thusly put into effect HB 2268, a bill that legislates that law enforcement agents must get a search warrant to access “electronic customer data held in electronic storage or the contents of and records and other information related to a wire communication or electronic communication held in electronic storage.”

CyanogenMod founder aims to thwart data-grabbing apps
The feature – dubbed “Run in Incognito Mode” – has a per-application flag that enables it to return empty lists for contacts, calendar, browser history, and messages, and return the information that GPS is disabled.

How to detect hidden administrator apps on Android
Following the discovery of a new Android Trojan that uses several errors and vulnerabilities in the Android OS to make analysis harder for researchers and to remain hidden from users and practically inexpugnable from the device, Trend Micro has created a tool that helps users find and remove this and other similar malicious software.

Information security executives need to be strategic thinkers
George Baker is the Director of Information Security at Exostar. In this interview he talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, discusses BYOD, and much more.

65+ websites compromised to deliver malvertising
The compromised sites were an assortment of random small and medium-sized sites, and among them was the official site for Government Security News.

(IN)SECURE Magazine issue 38 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 38 has been released today.

Customized spam uses cell phone users’ data against them
For the first time, mobile spammers can use such information as the subscriber’s first name, zip code, income level, and ethnicity to make attacks personalized and more effective.

Thwarting facial recognition systems with privacy visors
Isao Echizen, Associate Professor at the Digital Content and Media Sciences Research Division of Japan’s National Institute of Informatics, has developed a device he dubbed “privacy visor”, which uses 11 near-infrared LEDs to thwart face detection systems.

Microsoft to pay up to 150k for vulnerabilities
After years of saying that bug bounties are not the best way to go about getting crucial product vulnerability information in the long run, Microsoft has done an about-face and has announced three separate bug bounties.

Instant Apple Configurator How-to
Apple Configurator is a tool used for the mass configuration of iOS devices. With many large organizations adapting a variety of iOS devices into their daily workflow, it’s becoming an essential tool that enables the IT department to quickly deploy those devices. This book explores the capabilities and the limitations of Apple Configurator.

Yahoo ID recycling could lead to trouble
Yahoo has announced that coming July 15th, any Yahoo email account / Yahoo ID that hasn’t been logged into for over a year will be “freed up” and can be snapped up by another user.

Cookie Clearinghouse to enable user choice for online tracking
The Center for Internet and Society (CIS) at Stanford Law School launched a new online privacy initiative called the Cookie Clearinghouse, which will empower Internet users to make informed choices about online privacy.

Pirate Bay co-founder sentenced for hacking Swedish companies
Pirate Bay co-founder Gottfrid Svartholm has been found guilty of hacking into Swedish IT company Logica and the Nordea bank mainframe and has been sentenced to two years in prison by the Nacka District Court.

Wall Street prepares for simulated cyber attack
Around 40 Wall Street firms – banks, exchanges, and brokerages – are getting ready for Quantum Dawn 2, a simulated cyber attack that will hit them on Friday, June 28.

Global repercussions of PRISM scandal
The revelation of the existence of the PRISM program, which allows U.S. government agencies to either directly or indirectly have access to email and chat content, videos, photos, stored data, transferred files, notifications, online social networking details, and more of users of nine of the biggest and most popular Internet companies and services in the world today has apparently shaken the rest of the world more than it has U.S. citizens.

BYOD: The why and the how
Brad Keller and Robin Slade are Senior Vice Presidents at The Santa Fe Group. In this interview they talk in detail about the challenges involved in evaluating, deploying and maintaining BYOD programs in large organizations.

U.S. legislators introduce Aaron’s Law
The Computer Fraud and Abuse Act is a nearly 30-year-old criminal law with sweeping authorities that criminalize many forms of common Internet use. U.S. Senator Ron Wyden (D-Ore.) has introduced legislation that reforms the CFAA to bring it in line with the needs of a 21st century digital landscape.

Secret documents reveal broad extent of NSA domestic surveillance
Two more top secret NSA documents that Edward Snowden shared with reporters of The Guardian have revealed that his claims about what the agency’s analysts are authorized to do are true, and have shown that the extent of how much communication from and to U.S. nationals the agency can store is much broader that it was publicly known so far.

Phishing attacks impacted 37.3 million users last year
37.3 million users around the world were subjected to phishing attacks in the last year, which is a massive 87 percent increase for the number of targeted user in 2011-2012.

More about

Don't miss