Week in review: Banks sue Target and Trustwave, Basecamp DDoS, Fyodor restarts the Full Disclosure list

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Flaws in Android update mechanism could turn apps into malware
A group of researchers from Indiana University and Microsoft Research have unearthed six Android vulnerabilities that can be exploited to turn apparently harmless apps into malicious ones when a user upgrades the OS.

Working with the Toshiba FlashAir II wireless SD card
With storage prices declining and the popularity of SD cards increasing, some computer makers are incorporating SD card readers into their machines.

NSA compromised Huawei’s servers, spied on its executives
For years, the US government has been very vocal about its distrust of Chinese telecommunication giant Huawei, pointedly blocking acquisitions and takeovers that would allow the company to gain more ground on US soil and urging some foreign governments to adopt the same stance.

Basecamp gets DDoSed and blackmailed
Basecamp, formerly known as 37signals, has managed to largely mitigate a DDoS attack that started on March 24 at 8:46 central time and which made its services unavailable for users for a few hours.

10,000 GitHub users inadvertently reveal their AWS secret access keys
GitHub developers who are also Amazon Web Services users are advised to check the code they made public on their project pages and to delete secret access keys for their AWS account they may have posted inadvertently.

0-day Microsoft Word flaw exploited in targeted attacks
Microsoft has issued a security advisory warning of a remote code execution vulnerability that is being exploited in “limited, targeted attacks directed at Microsoft Word 2010.” The vulnerability affects all supported version of Word.

ATMs running Windows XP targeted with cash-dispensing malware
Microsoft has been aggressively campaigning to get users to stop using Windows XP, and has gone so far as to offer $100 off the purchase of a new PC via the Microsoft Store in order to sweeten the switch to a newer OS. But there is a massive number of devices that won’t be so easily upgraded, as 95 percent of ATMs is running on the soon-to-be outdated and unsupported Windows XP.

SSL 101: A guide to fundamental website security
There’s more to SSL than just basic safety. Read this guide to learn about what SSL does, how it works, and how it can help build credibility online.

Network, engage and do business at Infosecurity Europe
Infosecurity Europe is the largest and most attended information security event in Europe. Held in central London, it is a free event featuring over 325 exhibitors presenting their most diverse range of new products and services. The free education programme attracts visitors from every segment of the industry across Europe.

Android bug can push devices into an endless reboot loop
A Proof-of-Concept app exploiting a recently discovered Android vulnerability that triggers the continuous rebooting of an affected device was apparently also behind the recent DoS attack on Google Play.

Black markets for hackers are maturing
Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments and individuals, according to a new RAND Corporation study.

Nmap’s Fyodor restarts the Full Disclosure mailing list
The Full Disclosure mailing list is back on track, with Nmap’s Gordon “Fyodor” Lyon picking up the mantle put down by John Cartwright.

ACLU probes US police’s use of fake cell towers
The American Civil Liberties Union (ACLU) is on a mission to find out which local and state law enforcement forces in the US are using “stingrays” and how, but are being obstructed in their effort.

Banks sue Target and Trustwave for damages due to data breach
The Target data breach was one of the biggest in recent history, and has been calamitous for more than just the customers who have had their information stolen. The latest ones who will have to deal with its ramifications is security firm Trustwave who, along with Target itself, has been named in a class-action suit filed by a group of banks at the US District Court for the Northern District of Illinois.

Hidden crypto currency-mining code spotted in apps on Google Play
You already know that cyber criminals are using malware to make victims’ computers mine crypto currencies for them, but did you know that your phone can be instructed to do the same?

Surveillance is driving organizations away from the cloud
A third of IT security professionals do not keep corporate data in the cloud because of fear of government snooping, with the majority of them preferring to store sensitive corporate data within their own networks, a new survey from Lieberman Software reveals.

Infographic: A phishing email’s route through the corporate network
Most cyber-attacks begin with spear-phishing emails, so why is this still such a viable attack method? People are still clicking.

Uncommon new worm targets Word and Excel files
Trend Micro researchers have uncovered a new malware family targeting Word and Excel files: the Crigent worm (a.k.a. Power Worm).

Mylar: A system that protects data against server-side snooping
A group of researchers from the Massachusetts Institute of Technology and Meteor Development Group have created a system for building Web services that woud protect data against attackers with full access to servers – whether they are malicious insiders, criminals, or a government.

WordPress sites hijacked via “free” premium plugins
If you run a WordPress site, and are trying to make some money through it, think twice before installing “free” versions of premium plugins. Researchers from Sucuri have recently analyzed a couple of third-party websites offering such versions for download, and have discovered more than one plugin equipped with malicious code aimed at hijacking any WP site on which they are installed.

Share this