Week in review: Android bug invalidates code signing protection, EU to launch inquiry into US surveillance programs

Here’s an overview of some of last week’s most interesting news, reviews, articles and interviews:

NSA hacking and spying on EU officials
The German Der Spiegel published a report based on a document leaked by NSA whistleblower Edward Snowden that show that the US has been spying on EU officials both in America and Europe.

Protect your company from BYOD security threats
If you are an admin dealing with BYOD, look at a cloud based patch management service to help secure BYOD computers.

Symbiotic relationship ensures malware persistence
If your antivirus solution detects the Vobus worm and downloader on your computer, chances are good that the machine also houses the Beebone downloader.

Android hack tool harvests info from PCs
Stealing information is a piece of cake if you can manage to get malware on the target’s Windows computer, but did you know that it can also be as easy as connecting your Android device to it and running an app?

Teaching a computer to play Memory advances security
Computer science researchers have programmed a computer to play the game Concentration (also known as Memory). The work could help improve computer security – and improve our understanding of how the human mind works.

Current cybercrime market is all about Cybercrime-as-a-Service
The cybercrime market is constantly evolving, and it is currently full of knowledgeable individuals who have focused on their core competencies to offer services to those who have not the skills, patience or time to make what they want or need for their criminal exploits.

Ubisoft breached, user account credentials compromised
Ubisoft has begun notifying account holders of a breach that resulted in their email addresses, usernames and (encrypted) passwords being compromised.

Twitter underground economy still going strong
The Twitter underground economy and the fake social account market as a whole continues to gain momentum, and the financial motivations of this multimillion-dollar business remain clear.

Jon Callas on privacy in the modern age
In this interview, Jon Callas, co-founder of PGP and current CTO at Silent Circle, discusses the global erosion of privacy and the importance of confidentiality. He tackles the challenges of retaining secrecy on the Internet, privacy legislation, as well as issues encountered while developing Silent Circle.

Litecoin-stealing Trojan found
ESET researchers have unearthed a new Trojan that targets Litecoins – a peer-to-peer crypto currency inspired by and technically nearly identical to Bitcoin.

Serious vulnerabilities in OpenX ad platform expose millions to risk
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system.

Information Security Risk Assessment Toolkit
It is a truth universally acknowledged that in order to know what company IT assets you should protect and how, you need to first perform a risk assessment. But how do to go about it? This book will tell you everything you need to know and do to perform this feat.

System Doctor 2014: A fake AV for the upcoming year
In an effort to keep one step ahead of security solutions and attentive users, peddlers of fake AV solutions often change the name of the malware they are trying to sell.

Darkleech Apache module injection campaign delivers malware
One of the most successful malware infection campaigns ever is still going strong, and researchers have not come closer to discovering how the attackers are compromising web servers and the websites hosted on them.

Android bug allows app code change without breaking signatures
Researchers from Bluebox Security have discovered a critical Android flaw that allows attackers to modify the code of any app without breaking its cryptographic signature, and thusly allows them to stealthily plant malicious apps on legitimate app stores and users’ phones.

EU Parliament to launch inquiry into US surveillance programs
European Parliament’s Civil Liberties Committee will conduct an “in-depth inquiry” into the US surveillance programs, including the bugging of EU premises and other spying allegations, and present its results by the end of this year, says a resolution passed by the full House on Thursday.

Critical Cryptocat group chat bug fixed
The vulnerability was discovered by a volunteer named Steve Thomas a few weeks ago, and allowed any conversations had over Cryptocat’s group chat function between versions 2.0 and 2.0.42 to be easily cracked via a brute force attack.

EU adopts stricter penalties for cyber criminals
Cyber criminals will face tougher penalties in the EU, under new rules adopted by Parliament on Thursday. The draft directive, already informally agreed with member states, also aims to facilitate prevention and to boost police and judicial cooperation in this field. In the event of a cyber attack, EU countries will have to respond to urgent requests for help within eight hours.

Trojanized Android app collects info, comments on NSA surveillance
An unusual Android Trojan has been recently unearthed by McAfee’s researchers, embedded in a pirated version of a legitimate music app.

More about

Don't miss