Week in review: Widespread malvertising, iCloud users under attack, and protecting yourself from electronic spying

Here’s an overview of some of last week’s most interesting news and articles:

The Software Assurance Marketplace: A response to a challenging problem
The growing reliance on software makes us all vulnerable and susceptible to cyber attacks – and the quality of software is steadily declining.

Delivering malicious Android apps hidden in image files
Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app.

Hackers make companies’ phones call premium-rate numbers, cost them billions
Earlier this year, an architecture firm from Norcross, Georgia, had its phone network hijacked by hackers who, in a single weekend made $166,000 worth of calls from the company’s phones to premium-rate telephone numbers in Gambia, Somalia and the Maldives.

Malware directs stolen documents to Google Drive
Researchers have uncovered a new type of information-stealing malware that is apparently used in campaigns targeting government agencies and can syphon files from compromised computers to Google Drive.

What all major brands share in common with the Snappening
RiskIQ decided to dig in and see if they could shed light on this confusing, media-hyped event.

Cloud adoption trends in European organizations
In Europe, the number of cloud services in use by the average company increased 23 percent, rising from 588 in Q1 to 724 in Q3. However, not all of these services are ready for the enterprise.

OS X Yosemite’s Spotlight Suggestions: Privacy killer or not?
With last week’s official release of OS X Yosemite (v10.10), Apple has solved some critical security issues that could adversely affect users. But the new version of the popular OS also sports a feature that has been “discovered” by the wider user community this weekend and made privacy-minded users worry: the desktop search tool Spotlight can now also be used to make searches on the Internet, and it sends the users’ search queries and information about their physical location to Apple so that the company can return related things via Microsoft Bing.

Koler worm spreads via SMS, holds phones for ransom
The attack is occurring worldwide, but the majority of the infected phones are in the United States.

2FA: Google offers physical alternative to verification codes
Google is offering an alternative second factor for its two-step account verification option, one that has the additional advantage of thwarting phishing attacks.

Windows 0-day exploited in ongoing attacks, temporary workarounds offered
Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.

Two exploit kits prey on Flash Player flaw patched only last week
Researchers are admittedly worried about the short period of time that passed between is patching and the exploit surfacing in the Fiesta and Angler exploit kits. As Kafeine notes, it’s technically possible that the exploit was included in the kits even before the patch was available.

Apple warns about organized network attacks against iCloud users
In the wake of the claims that the Chinese authorities have mounted a MITM attack against iCloud and Microsoft account holders by redirecting them to spoofed login pages, Apple has published an update of iCloud.com security.

Attackers bypass Sandworm patch with new 0-day
The Sandworm vulnerability has been patched, but unfortunately attackers have discovered a way to bypass the patch and continue with their targeted attacks.

Think before you share that file
Recently, Apple’s iCloud service has been in the limelight, following the theft and distribution of celebrities’ private photos. Other file-sync-and-share providers, such as Box and Dropbox, have made headlines for their inadvertent data leaks. These events shine a light on some of these file-sync-and-share services’ shortcomings and beg the question of whether enterprises should be allowing such services in their business operations at all.

Widespread malvertising campaign targets high-profile sites, delivers ransomware
A newer version of the Cryptowall ransomware has been delivered to unsuspecting Internet users via malicious ads shown on a considerable number of high-profile websites, including properties in the Yahoo, Match.com, and AOL domains.

10 tips for securing your future in the cloud
To help your organization be the one that does things right, here are 10 questions to consider asking potential cloud vendors, as well as what to look for in their answers.

Ebola-themed emails deliver malware, exploit Sandworm vulnerability
One of the most prolific malware-delivery campaigns is the one that impersonates the World Health Organization.

100 million cloud file analysis reveals shadow data threat
Elastica conducted a security analysis of more than 100 million files being shared and stored in leading public-cloud applications.

How-to guide to protecting yourself from electronic spying
The Electronic Frontier Foundation (EFF) launched its updated Surveillance Self-Defense report, a comprehensive how-to guide to protecting yourself from electronic spying for Internet users all over the world.

How Facebook prevents account hijacking when old email addresses are recycled
Remember when last summer Yahoo announced they will recycle inactive accounts and offer them to other users? The scheme was more or less successful.