Week in review: Flash flaw exploited in the wild, spies DoSed Anonymous, and how a fake antivirus attack works

Here’s an overview of some of last week’s most interesting news and articles:

A solution for fixing hijacked Chrome settings
According to Linus Upson, Google VP of Engineering, the problem of hijacked browser settings is one that troubles a lot of Chrome users, so they have decided to offer a simple solution.

Pwn2Own 2014: $150,000 for an “exploit unicorn”
There are a few new rules for this years’ edition of the Pwn2Own hacking contest and a huge new prize for an “Exploit Unicorn worthy of myth and legend” – $150,000 for a system-level code execution on Windows 8.1 x64 on Internet Explorer 11 x64 with EMET bypass.

Hackers breach Bell Canada, leak customer info and passwords
The hacker group NullCrew has managed to access servers belonging to Bell Canada – or a third-party supplier, as Bell claims – and steal and ultimately leak usernames and passwords, email addresses, partial credit card details and more of some 20,000+ Bell customers.

How a fake antivirus attack works
Earlier this month, Invincea researchers have warned about visitors of video-sharing website Dailymotion being targeted with malicious ads leading to bogus infection warnings and the download of a fake AV solution. Unfortunately, the warning still stands.

By 2016, 30% of organizations will use biometric authentication on mobile devices
User experience trumps security concerns.

Hackers sue German government for helping NSA spy on its citizens
“After months of press releases about mass surveillance by secret services and offensive attacks on information technology systems, we now have certainty that German and other countries’ secret services have violated the German criminal law,” they said in a public statement.

Windows, IE, Java are most vulnerable
When compared with the numbers from the previous year, 2013 has seen an increase in reported security vulnerabilities and, what’s more, the number of critical vulnerabilities has also risen – although it’s considerably smaller than in 2009.

Target advocates smart cards in wake of breach
The recent avalanche of breaches that resulted in tens of millions of payment cards being compromised has shook both the US retail market and the customers.

Adobe Flash flaw exploited in the wild, update now
Adobe has released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux and OS X, the exploitation of which can result in an attacker gaining remote control of the victims’ systems. The flaw is being actively exploited in the wild.

Cyber risks awaiting visitors and viewers of Sochi 2014 Olympics
US CERT has published on Tuesday a set of tips both for viewers and travelers to Sochi about the cyber-related risks they should take into consideration.

White Lodging confirms POS system breach at 14 US hotels
Hotel management firm White Lodging has confirmed that it has suffered a breach of point of sales systems and has released additional information about the investigation.

GCHQ DoSed Anonymous’ IRC server
British spy agency GCHQ has used Denial of Service attacks against Anonymous, in order to disrupt their communications, their activities, and to lead members of the loosely tied collective away from participating in the DDoS attacks aimed at governments and companies.

Popular Swedish news site latest link to fake AV infection
Aftonbladet.se is currently the 6th most visited website in Sweden, but the attack is aimed only at visitors who use Internet Explorer.

Top ten points in the fight against cybercrime
Clearly the threat presented by online criminals is now well beyond the realm of big business, financial institutions or even private companies; it now involves industries linked inextricably to our everyday existence – from power operators to telecommunications providers.

How Edward Snowden’s actions impacted defense contractors
A new ThreatTrack Security study sheds light on the attitudes of a very exclusive group of IT and security managers – those employed by U.S. defense contractors – at a time when national cybersecurity is under scrutiny.

Effective incident response
An incident response program enables you to pull out the needles that make up the haystack of the big picture.

HTTPS Everywhere add-on now available for Firefox on Android
The extension rewrites all requests to sites from HTTP to HTTPS whenever possible – i.e. if the website supports HTTPS in the first place – and by doing so increasing users’ security and privacy.

Target attackers misused network credentials of HVAC company
Sources close to the Target breach investigation have named the third-party vendor whose network credentials the attackers used to gain access to Target’s systems.

Facebook bug prevents revocation of app permissions
Developers working for privacy software vendor MyPermissions claim to have discovered a critical vulnerability in Facebook’s code.

Free guide: Demystifying the cloud
This 55 page guide explains the concepts of cloud computing in simple terms.

Bogus Facebook “Look Back” video pages spread malware
Scammers have decided to exploit the popularity of the tool released to celebrate the 10-year anniversary of Facebook’s creation, and have created websites spoofing the legitimate one.

More about

Don't miss