Week in review: eBay breach, Linux Trojans, US charges Chinese military hackers for spying on US firms

Here’s an overview of some of last week’s most interesting news, podcasts, and articles:

Record month for Linux Trojans
If you think that you are protected from malware if you use Linux, think again, warn researchers from AV manufacturer Dr. Web, who identified and examined a record-high number of Trojans for Linux this month – and the month isn’t over yet.

Secure public WiFi with avast! SecureLine for iOS
If you connect to untrusted networks on a regular basis, and most users do, you should consider a VPN solution. It’s a simple way to make your online experience on the move more private and secure.

Essential steps for implementing Data Loss Prevention
In this podcast, recorded at Infosecurity Europe 2014, Raul Condea from CoSoSys talks about essential steps to take when implementing Data Loss Prevention (DLP).

Industrial wireless blackout looms
With the intention of preserving bandwidth, the telecommunications industry has written a harmonized standard that does not allow industrial wireless control systems to function. The European Telecommunications Standard Institute (ETSI) is now blocking the harmonization of a European standard, which facilitates co-existence management of Industrial communication networks under the R&TTE directive. This restriction is likely to make Europe lose significant competitive ground in the industrial wireless field.

Law enforcement targets users of BlackShades malware
During two days of operations taking place in more than 10 countries worldwide, coordinated by Eurojust in The Hague and supported by the European Cybercrime Centre (EC3) at Europol, creators, sellers and users of BlackShades malware were targeted by judicial and law enforcement authorities.

Researchers discover critical flaws in the Chip and PIN system
A group of researchers from Cambridge University have discovered two critical flaws in the “Chip and PIN” (EMV) smart card payment system that can be misused to “clone” cards so effectively that normal bank procedures won’t spot the fake.

Five Chinese military hackers charged for spying on US firms
Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA).

Using ITOA to secure endpoints
Businesses are beginning to realize that they need to better understand the vulnerable points in their IT environment in order to tighten security measures against an increasing number of aggressive targeted attacks.

Fascinating MiniDuke backdoor hits again
MiniDuke – the extremely small and highly customized Asembler-based backdoor used in the past to target mostly government entities and institutions around the world – has been spotted again, this time by ESET researchers.

Whitepaper: Build a cloud within a day
Learn why creating the right cloud delivery strategy is critical to reducing your organization’s risks and building its future.

Half of security pros fail to secure data
Research conducted at Infosecurity Europe 2014 has revealed that 50% of security professionals do not secure data on portable storage devices such as USBs and external hard drives.

China reacts to military hackers’ indictment, accuses US of hypocrisy
While no-one expects the charged individuals to stand trial in the US, the indictment was apparently made to push the Chinese government to curb economic cyber espionage. On the other hand, the move could backfire and result in China and other countries (such as, for example, Brazil) raising the same charges against NSA spies and contractors.

Angler exploit kit starts wielding Silverlight exploits
Vulnerabilities in Adobe Flash and Oracle Java have long been preferred targets of exploit kit developers, but as those two firms have been increasingly improving their patching efforts, the malware developers have realized that Silverlight users make also make good potential targets.

Insider threat and privileged user abuse
According to a new report by Raytheon Company, people with access to privileged data – such as health care records, sensitive company information, intellectual property or personal records – frequently put their organization’s sensitive information at risk.

Some industrial systems still vulnerable to Heartbleed
The US ICS CERT has issued on Tuesday an advisory about how the flaw still affects some ICS systems and what its operators should do to make it right.

eBay breached, change your password immediately
The attack, effected between late February and early March, resulted in the compromise of a database containing eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. No financial information was accessed, though.

Stop all browser-borne malware from entering your network
In this podcast, recorded at Infosecurity Europe 2014, Branden Spikes, CEO, CTO & Founder of Spikes Security, talks about how malware has already done its job by the time traditional malware detection security systems have a chance to start their work.

iBanking Android malware disguised as legitimate apps
On underground cybercrime markets, iBanking is a well-known piece of malware, and one of the most expensive ones, too.

OnionShare lets you send files securely and anonymously
A new programming project that allows users to send files anonymously over Tor has been made available on GitHub by its author Micah Lee, former staff technologist at the EFF and the current one at The Intercept. It’s called OnionShare, and allows users to securely and anonymously share a file of any size with someone – even if that someone does not use OnionShare.

Still no patch for 7-month-old IE8 zero-day flaw
Even though they’ve been aware of the vulnerability for 7 months, Microsoft is apparently planning to fix this vulnerability at some point in the future.

CERN, MIT scientists launch Swiss-based secure webmail
Last week marked the beta release of yet another encrypted, secure email service, and interest for it was so overwhelming that its developers had to temporarily close the signups.

DDoS attacks: Criminals get stealthier
There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations’ efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attacks.

Trust in the U.S. cloud on the decline
Perspecsys revealed a continental cloud divide between the U.S. and Europe, based on data findings from a study it conducted at Infosecurity Europe 2014.

Facebook introduces privacy check up tool
Facebook continues on its course to give users more privacy by making “Friends” the default sharing option for first time posters, and by introducing a privacy checkup tool that will urge users to review things like who they’re posting to, which apps they use, and the privacy of key pieces of information on their profile.

China will start screening IT products
The Chinese government has announced that it will start vetting IT products and services that are to be used on networks and systems important to national security and public interest. And according to the Suddeutsche Zeitung, the German government has decided to change the rules when it comes to awarding sensitive public IT contracts.

Anti-surveillance mask foils facial recognition systems
The unnerving ubiquity of security cameras in public places and the fact that an increasing number of them are connected to facial recognition systems has spurred Chicago-based artist Leo Selvaggio to think of a way to foil these systems.

More about

Don't miss