Week in review: Air gap-hopping malware, first PoS botnet, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news and articles:

(IN)SECURE Magazine issue 40 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Legitimate apps bundled up with secret Bitcoin miner
As the value of Bitcoin continues to rise, a lot of people are trying to cash in on the craze. Some do it legally, by getting their own machines to perform the calculations required, and others try to make other users’ machines do it for them.

Free eBook: Securing and optimizing Linux
This 800+ page eBook is intended for a technical audience and system administrators who manage Linux servers, but it also includes material for home users and others. It discusses how to install and setup a Linux server with all the necessary security and optimization for a high performance Linux specific machine. It can also be applied with some minor changes to other Linux variants without difficulty.

OS X hardening tips
In this video from the USENIX LISA 2013 conference, Greg Castle discusses various hardening tweaks and a range of OS X defensive technologies including XProtect, Gatekeeper, Filevault 2, sandboxing, auditd, and mitigations for Java and Flash vulns.

D-Link patches critical vulnerability in older routers
D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October.

90,000 patients’ info exposed in hospital malware attack
Personal information of some 90,000 patients of two Seattle hospitals has been compromised after an employee opened an email attachment that contained malware.

Eyes on the cloud: Six predictions for 2014
After nearly five years in the cloud industry, Kent Landry, Senior Consultant at Windstream, made many predictions for different technologies, but he’s particularly excited about what’s in store for the cloud.

Researchers prove malware can communicate via computer speakers and microphones
Two German researchers have managed to create a malware prototype that uses a “covert channel of communication”, i.e. the very speakers and microphones that security researcher Dragos Raiu believes to be crucial to badBIOS’ dissemination.

Huge quantity of Bitcoins stolen from Sheep Marketplace
Another week, another huge Bitcoin theft. This time, it’s the customers of Tor-based underground market Sheep Marketplace who have been left with empty wallets.

Experts offer cyber security forecast for the year ahead
The latest forecast highlights seven trends identified and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.

Rogue apps can remove Android device locks
Security researchers from German IT consultancy Curesec have uncovered the existence of an Android flaw that could allow hackers to remove all existing device locks activated by users.

Over 80% of employees use unauthorized apps at work
More than 80 percent of employees admit to using non-approved SaaS applications in their jobs, say the results of a McAfee survey. But what’s even more interesting is that IT employees use a higher number of non-approved SaaS applications than other company employees.

Police arrests Chinese Bitcoin exchange owners suspected of fraud
Three individuals allegedly involved in the recent ransacking of the Hong Kong-based Global Bond Limited Bitcoin exchange have been arrested in China.

Hackers’ server with over 2 million stolen passwords found
More that 75 percent of these are website login credentials (Facebook, Yahoo, Google, Twitter, LinkedIn, vKontakte, etc.), followed by some 320,000 email account ones, 41,000 FTP, 3,000 Remote Desktop, and 3,000 Secure Shell account credentials.

ENISA provides new guide for mitigating ICS attacks
The EU’s cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking.

Researchers uncover Point-of-Sale botnet
By sneaking into one of the botnet’s C&C servers, researchers discovered that the botnet is still up and running, that it has been around for at least half a year, and that it managed to capture information about over 20,000 credit and debit cards since August.

Browser hygiene tips for making online shopping safer
F-Secure Labs regards the holiday shopping season as the perfect time to tweak your Internet browsing habits with a simple browser hygiene tip that is useful throughout the whole year.

Microsoft promises wide-reaching encryption, more transparency
It took them a while, but Microsoft is finally announcing a concentrated effort to protect its customers and their data from unauthorised government surveillance.

Alleged Blackhole author and gang prosecuted in Russia
Paunch, the creator of the infamous Blackhole exploit kit, is being prosecuted along with 12 other individuals involved in a Russia-based cybercrime ring, the Russian Ministry of Internal Affairs has confirmed.

Microsoft and law enforcement disrupt ZeroAccess botnet
The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month.

What CIOs can expect in 2014
While the 3rd platform of mobile, social, big data, and cloud services is just beginning to mature, it will require an entirely different set of IT skills and roles — many of which are yet to be invented. These are just some of the long-term industry trends that will most impact the role of the CIO.

More about

Don't miss