Week in review: Target breach expands, the security realities of the Internet of Things

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:

How to make malware warnings more effective?
An effective security warning is concrete and clear, appeals to authority, and doesn’t pop up too often, say the results of a study into the psychology of malware warnings conducted by Cambridge University researchers.

Bruce Schneier becomes CTO of Co3 Systems
Co3 Systems announced that Bruce Schneier has officially joined the company in the role of its first CTO. Schneier joins Co3 after spending seven years as BT’s Chief Security Technology Officer and the previous seven years as CTO of Counterpane Security.

The growing hacking threat to e-commerce websites, part 2
In the first part of his article, High-Tech Bridge SA CEO Ilia Kolochenko briefly revised attackers’ motivations to compromise your website. In this part, he discusses how websites get hacked, how you can prevent it and what to do in case of a website compromise.

Yahoo visitors got served with malicious ads
Visitors to the main Yahoo domain have been targeted with malicious ads that redirected them to an exploit kit serving different types of malware, the Dutch security audit firm Fox IT has revealed.

WoW gamers targeted with trojanized Curse client
The DDoS attacks that temporarily took down Blizzard’s Battle.net and Valve’s Steam online gaming services over the end of the year holidays have undoubtedly annoyed players, but posed no danger to them – unlike the recently discovered Trojan disguised as a Curse client.

The futility of all vendor predictions
As the New Year starts, many people look forward to what it will bring, and for many this involves looking at upcoming budgets and deciding on what to spend the money earmarked for information security needs. This is also the time when many vendors have finished making public their lists of top threats for the coming year. But these twelve-month predictions should be taken with a large pinch of salt.

Stealing money from ATMs with malware
This talk from the 30th Chaos Communication Congress will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware.

Multi-protocol SoftEther VPN becomes open source
In March 2013, a Japanese student by the name of Daiyuu Nobori set up VPN Gate, a free VPN service that he hoped would be used by Internet users who wish to avoid their country’s online content restrictions but don’t have the necessary funds to use a paid VPN service. VPN Gate is an application based on the SoftEther VPN freeware, and its source code has just been released under the GPLv2 license, available for anyone to modify, re-compile and release a derivative of it.

Investigating Internet Crimes
Cybercrime is exploding, we all know that. But if you ever wondered about how online crimes are investigated by law enforcement, wonder no more: this guide book goes through the steps of such an investigation and provides information about collecting and interpreting electronic evidence that will be used to prosecute the criminals.

New Zeus variant stymies malware analysis, has rootkit capabilities
As expected, variants of the infamous Zeus banking Trojan are becoming more adept at hiding their presence from users and AV solutions, and at preventing malware analysis tools from examining them.

What are the most effective means for achieving IT ops excellence?
Based on results collected across a variety of industry verticals – including financial services, healthcare, manufacturing, and retail – Continuity Software’s IT Operations Analytics Benchmark underscores the importance of operational analytics in meeting IT performance goals.

Senior managers are the worst information security offenders
As companies look for solutions to protect the integrity of their networks, data centers, and computer systems, an unexpected threat is lurking under the surface—senior management.

OpenSUSE forums defaced via unknown vBulletin 0-day
The official forums of the openSUSE Linux distribution have been hacked and defaced by a Pakistani hacker that goes by the handle “H4x0r HuSsY.”

NSA employee will remain as co-chair on crypto standards group
NSA employee Kevin Igoe will continue to be one of the two co-chairs of the Crypto Forum Research Group (CFRG), which helps the Internet Engineering Task Force (IETF) review the applicability and uses of cryptographic mechanisms, and give crypto advice to the organization’s various Working Groups.

Bitcoin-stealing malware delivered via clever email campaign
When cyber crooks are looking to infect as many Internet users with Bitcoin mining software, they usually start a wide-reaching, generic spam campaign. But when they are after specific users’ Bitcoins, they use a more targeted approach.

Biometric open protocol standard for safer authentication established
Hoyos Labs announced the formalization of its Biometric Open Standards Protocols (BOPS). BOPS comprises a set of rules that govern secure communications among a variety of client devices including mobile phones, desktop computers and ATMs, among others, and a trusted server managing the acquisition and manipulation of biometric data captured by those devices.

The security realities of the Internet of Things
SANS announced results of its 2013 Securing the Internet of Things survey, in which 391 IT professionals answered questions about the current and future security realities of the Internet of Things (IoT).

Yahoo Mail now has HTTPS on by default
With a short blog post, Yahoo’s SVP of Communication Products Jeff Bonforte has announced that the company has started encrypting all connections between their users and Yahoo Mail.

Sefnit Trojan endangers users even after removal
The problem lies in the Tor module that the malware installs on the targets’ computer.

Whitepaper: Best practices and applications of TLS/SSL
TLS (Transport Layer Security), widely known as SSL (Secure Sockets Layer), is the most well known method to secure your web site. But it can also be used for much more. Read this whitepaper to learn how TLS works, best practices for its use and the various applications in which it can secure business computing.

Personal info of 70 million Target customers compromised
Target today announced updates on its continuing investigation into the recent data breach. As part of Target’s ongoing forensic investigation, it has been determined that certain guest information – separate from the payment card data previously disclosed – was taken during the data breach.

More about

Don't miss