Week in review: Cyber Monday dangers, Twitter adds Forward Secrecy, and a Linux worm that targets the Internet of Things

Week in review:

Here’s an overview of some of last week’s most interesting news, videos and articles:

Innovations that will shape network security
Responding to an information security incident is not just an IT thing anymore, it is a business thing. 2014 is the year businesses will finally realize that leveraging the Internet for business growth also means that responding to incidents is par for the course.

Twitter adds Forward Secrecy to thwart surveillance efforts
Following in the footsteps of Google and Facebook, Twitter has joined the ranks of Internet companies that have (or are working on) implementing Perfect Forward Secrecy, and has done so for traffic on twitter.com, api.twitter.com, and mobile.twitter.com.

NSA compromised 50,000 global computer networks
The NSA has managed to compromise over 50,000 computer networks in its effort to keep abreast of the political, military and economic situation around the world.

Lavabit founder submits final arguments in potentially game-changing privacy case
The saga surrounding secure email provider Lavabit and its legal fight against the US government continues with a reply brief filed last Friday by the former, arguing that both the government’s pen-trap order and Stored Communications Act warrant are invalid.

Do large companies follow encryption best practices?
The EFF has released its “Encrypt the Web” report to reflect the recently made changes by a number of companies in regard to implementing additional security measures to help restore users’ trust.

AutoCAD malware paves the way for future attacks
A piece of malware masquerading as an AutoCAD component with the goal of making systems vulnerable to later exploits has been analyzed researchers.

Overcoming the data privacy obstacle to cloud based test and development
Enterprises fear the repercussions of moving data to the cloud, and as is often the case, moving to the cloud is deemed impossible due to the sensitive data “requirement’ for test and development. Compliance with standards and regulations (such as HIPAA/HITECH, PCI) is typically cited as one of the key reasons for this hesitance in moving to the cloud.

Facebook “flaw” discloses users’ private friends list
A recently unearthed potential Facebook security vulnerability can turn out to be a boon for stalkers or social engineers trying to get their friendship request accepted by a target and use that access to wreak damage or gather crucial information.

$1M lost in attack against Bitcoin Internet Payment Services
Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their customers’ wallets.

Open source crypto server for thwarting malicious insiders
The two-person rule has long been employed by military organizations to minimize the possibility of weapons of mass destruction being discharged – accidentally or intentionally – by a single person. Now, content delivery network and distributed DNS service CloudFlare has implemented the rule into open source encryption software they dubbed “Red October”.

The unofficial guide to Facebook privacy
To fully understand the privacy of Facebook and how it’s likely to evolve, you need to understand one thing: Facebook executives want everyone to be public. Facebook gives its users the option to lock things down, but users need to be aware of their controls, how to use them and how to prepare for future Facebook privacy changes. Facebook has not and will not make information obvious, and that’s where this guide comes in.

Beware of online dangers lurking this Cyber Monday
Cyber Monday is often regarded as the beginning of the holiday shopping season, but many vendors are rolling out deals early as to entice online users to visit their web sites and get a jump start on gift giving. But with attractive Internet deals come the cyber crooks who design new ways to trick you into parting with your cash – with so many people shopping online, many tactics used by cybercriminals to socially engineer users will be more effective than at other times during the year. Here are a few dangers that will be lurking online this holiday shopping season.

Researchers track down members of Nigerian cyber gang
A cybercriminal gang based in Nigeria has been setting up phishing and 419 scam campaigns as well as delivering information-stealing malware to targets around the world, say Trend Micro researchers, who have managed to tie three individuals to it.

A new Linux worm targets the Internet of Things
Dubbed “Darlloz”, its targets are not just traditional computers, but also Internet-enabled devices such as home routers, set-top boxes, security cameras, and even industrial control systems.

The true cost of cybercrime
In a June 2013 report by the Council on Foreign Relations, the annual cost of cybercrime to the global economy is estimated to be between $114 Billion and $1 trillion. These figures cover everything from cyber-attacks, identity theft and hacking. These costs cover actual damages, loss of intellectual property and the immense cost of resetting and sterilizing every component in a compromised network.

Can we expect a cyberwar resurgence?
Neohapsis security experts predict that next year there will be a cyberwar resurgence, the cloud will begin to show its hidden costs, and privacy will continue to lose in the US legislature.

Verify your software for security bugs
This video by Simon Roses Femerling from OWASP AppSec USA will cover the current state of verification technologies that developers can use to check the lack of security mitigations (ASLR, DEP, SafeSEH, Stack Guard, PIE, etc.) and vulnerabilities (Missing Code Signing, Insecure API, DLL planting, poor coding, etc.) and how to implement a battery of tests in their organization to verify their products are safe before releasing as required by an Application Assurance process.

Lessons learned from Anonymous and Operation Last Resort
Activists that have links to Anonymous were able to gain access to U.S. government computers through a software flaw on the outdated Adobe ColdFusion platform. This left many agencies vulnerable to penetration and attackers were left undiscovered for almost 12 months.

Experts predict widespread attacks on online banking users
Kaspersky Lab has recorded several thousand attempts to infect computers used for online banking with a malicious program that its creators claim can attack “any bank in any country”. The Neverquest Trojan banker supports almost every trick used to bypass online banking security systems, including web injection, remote system access and social engineering.

Unwrapping holiday gift card fraud
Spending on gift cards is expected to hit new highs this holiday season – the National Retail Federation predicts that gift card sales will reach almost $30 billion. Unfortunately, cybercriminals are finding way to cash in as well. This leaves merchants with the pressing issue – how to capitalize on gift card revenue without increasing the risk for fraud?